mailing list archives
From: Detmar Liesen <detmar.liesen () gmx de>
Date: Tue, 30 Dec 2003 13:39:58 +0100
Hi all. I forward you my previous message (see below) as advised by
Fyodor (thanks for the response):
I'm glad to hear about your project. Please resend this mail to
nmap-dev () insecure org, since this is development related.
Hi Anthony, hi others,
how about modifying the nmap-xml output so that it can create idmef
(intrusion detection message exchange format) xml format?
We (Sandro Poppi and I) are trying to develop a correlation framework
for snort, nmap, nessus and other ids/firewall/security scanner/audit -
If nmap had an output module that provides idmef-compliant output, this
would be a great thing, because it would spare us the need to write an
input plugin for nmap ourselves.
This would further enable us to have a first proof-of-concept
application for Threatman, i.e. correlating snort-output with
nmap-output, as soon as the core framework is working. Since now,
Sandro has already managed to implement the so called "device-proxy"
that allows us to send back and forth idmef-messages.
Sandro has further taken over maintenance of the snort-idmef plugin.
BTW: New members will always be warmly welcomed in the team.
I wish you all a happy new year.
Anthony G Persaud wrote:
I have been using perl to write security audit scripts with nmap. I have
created a perl module (its been a while now), and it is available on CPAN and
Sourceforge.net. The module can be used in perl scripts to parse the nmap xml
output and extract the needed information. Hopefully it is useful to others.
Anthony G Persaud
"The state of your life is nothing more than a reflection of your state of mind"
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help () insecure org . List archive: http://seclists.org
Description: S/MIME Cryptographic Signature
- Re: Nmap-Parser-XML Detmar Liesen (Dec 30)