dmiller-nmap/telnet-brute.patch

## telnet-brute.patch
diff --git a/scripts/telnet-brute.nse b/scripts/telnet-brute.nse
index 9b0e019..94445de 100644
--- a/scripts/telnet-brute.nse
+++ b/scripts/telnet-brute.nse
@@ -78,16 +78,24 @@ local patt_login = U.atwordboundary(re.compile [[([uU][sS][eE][rR][nN][aA][mM][e

 local patt_password = U.atwordboundary(re.compile [[[pP][aA][sS][sS] ([wW][oO][rR][dD] / [cC][oO][dD][eE]) %s* ':' %s* !.]])

-local patt_login_success = re.compile([[
-  prompt <- [/>%$#] / -- general prompt
-            [lL][aA][sS][tT] %s+ [lL][oO][gG][iI][nN] %s* ':' / -- linux telnetd
-            [A-Z] ':\\' / -- Windows telnet
-            [mM][aA][iI][nN] (%s / %ESC '[' %d+ ';' %d+ 'H') [mM][eE][nN][uU] ! %a / -- Netgear RM356
-            [eE][nN][tT][eE][rR] %s+ [tT][eE][rR][mM][iI][nN][aA][lL] %s+ [eE][mM][uU][lL][aA][tT][iI][oO][nN] %s* ':' -- Hummingbird telnetd
-]], {ESC = "\x1B"})
+-- Doubtful these all need to be case-insensitive, but that's how the old PCREs
+-- were written
+local patt_login_success = (
+  U.anywhere( re.compile([[ [/>%$#] %s* !.]]) ) -- general prompt
+  + re.compile([[ [lL][aA][sS][tT] %s+ [lL][oO][gG][iI][nN] %s* ':' ]]) -- linux telnetd
+  + re.compile([[ [A-Z] ':\\' ]]) -- Windows telnet
+  + U.anywhere(
+    re.compile(
+      [[ [mM][aA][iI][nN] (%s / %ESC '[' %d+ ';' %d+ 'H') [mM][eE][nN][uU] ! %a ]],
+      {ESC = "\x1B"})
+    ) -- Netgear RM356
+  + re.compile(
+    [[ [eE][nN][tT][eE][rR] %s+ [tT][eE][rR][mM][iI][nN][aA][lL] %s+ [eE][mM][uU][lL][aA][tT][iI][oO][nN]':'  %s* !.]]
+    ) -- Hummingbird telnetd
+  )

 -- basic tests
-assert(patt_login_success:match "$");
+assert(patt_login_success:match "sh$ ");
 assert(patt_login_success:match "/");
 assert(patt_login_success:match "last login:");
 assert(patt_login_success:match "C:\\\\");
@@ -96,7 +104,7 @@ assert(patt_login_success:match "MaIn Menu");
 assert(patt_login_success:match "MaIn\x1B[12;31HMenu");
 assert(patt_login_success:match "enter terminaL\temulation:");

-local patt_login_failure = U.atwordboundary(U.caseless "incorrect" + U.caseless "failed" + U.caseless "denied" + U.caseless "invalid" + U.caseless "bad")
+local patt_login_failure = U.atwordboundary(U.caseless "incorrect" + U.caseless "failed" + U.caseless "denied" + U.caseless "invalid" + U.caseless "bad") * re.compile("!%a")

 ---
 -- Decide whether a given string (presumably received from a telnet server)
	diff --git a/scripts/telnet-brute.nse b/scripts/telnet-brute.nse
	index 9b0e019..94445de 100644
	--- a/scripts/telnet-brute.nse
	+++ b/scripts/telnet-brute.nse
	@@ -78,16 +78,24 @@ local patt_login = U.atwordboundary(re.compile [[([uU][sS][eE][rR][nN][aA][mM][e

	local patt_password = U.atwordboundary(re.compile [[[pP][aA][sS][sS] ([wW][oO][rR][dD] / [cC][oO][dD][eE]) %s* ':' %s* !.]])

	-local patt_login_success = re.compile([[
	- prompt <- [/>%$#] / -- general prompt
	- [lL][aA][sS][tT] %s+ [lL][oO][gG][iI][nN] %s* ':' / -- linux telnetd
	- [A-Z] ':\\' / -- Windows telnet
	- [mM][aA][iI][nN] (%s / %ESC '[' %d+ ';' %d+ 'H') [mM][eE][nN][uU] ! %a / -- Netgear RM356
	- [eE][nN][tT][eE][rR] %s+ [tT][eE][rR][mM][iI][nN][aA][lL] %s+ [eE][mM][uU][lL][aA][tT][iI][oO][nN] %s* ':' -- Hummingbird telnetd
	-]], {ESC = "\x1B"})
	+-- Doubtful these all need to be case-insensitive, but that's how the old PCREs
	+-- were written
	+local patt_login_success = (
	+ U.anywhere( re.compile([[ [/>%$#] %s* !.]]) ) -- general prompt
	+ + re.compile([[ [lL][aA][sS][tT] %s+ [lL][oO][gG][iI][nN] %s* ':' ]]) -- linux telnetd
	+ + re.compile([[ [A-Z] ':\\' ]]) -- Windows telnet
	+ + U.anywhere(
	+ re.compile(
	+ [[ [mM][aA][iI][nN] (%s / %ESC '[' %d+ ';' %d+ 'H') [mM][eE][nN][uU] ! %a ]],
	+ {ESC = "\x1B"})
	+ ) -- Netgear RM356
	+ + re.compile(
	+ [[ [eE][nN][tT][eE][rR] %s+ [tT][eE][rR][mM][iI][nN][aA][lL] %s+ [eE][mM][uU][lL][aA][tT][iI][oO][nN]':' %s* !.]]
	+ ) -- Hummingbird telnetd
	+ )

	-- basic tests
	-assert(patt_login_success:match "$");
	+assert(patt_login_success:match "sh$ ");
	assert(patt_login_success:match "/");
	assert(patt_login_success:match "last login:");
	assert(patt_login_success:match "C:\\\\");
	@@ -96,7 +104,7 @@ assert(patt_login_success:match "MaIn Menu");
	assert(patt_login_success:match "MaIn\x1B[12;31HMenu");
	assert(patt_login_success:match "enter terminaL\temulation:");

	-local patt_login_failure = U.atwordboundary(U.caseless "incorrect" + U.caseless "failed" + U.caseless "denied" + U.caseless "invalid" + U.caseless "bad")
	+local patt_login_failure = U.atwordboundary(U.caseless "incorrect" + U.caseless "failed" + U.caseless "denied" + U.caseless "invalid" + U.caseless "bad") * re.compile("!%a")

	---
	-- Decide whether a given string (presumably received from a telnet server)