Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: --append_output option with XML files

Re: --append_output option with XML files

From: Duilio J. Protti <dprotti_at_flowgate.net>
Date: Mon, 10 Oct 2005 16:20:06 -0300

I still seeing the same behavior on the current version (3.93). Probably
would be good to show at least a warning message when the --
append_output is used in conjunction with -oX (and -oA), because that
file will became an invalid XML file.

Bye,
Duilio.

Duilio J. Protti wrote:
> Current stable version of nmap (3.81) doesn't handle correctly the --
> append_output option when results are logged to XML files.
>
> If you have a file my-run.xml like the following:
>
> <?xml version="1.0" ?>
> <?xml-stylesheet ... >
> <nmaprun scanner="nmap" args=...>
> ...
> </nmaprun>
>
> and you run:
>
> # nmap -sS -F -oX my-run.xml --append_output $IP
>
> now my-run.xml content is:
>
> <?xml version="1.0" ?>
> <?xml-stylesheet ... >
> <nmaprun scanner="nmap" args=...>
> ...
> </nmaprun>
> <?xml version="1.0" ?>
> <?xml-stylesheet ... >
> <nmaprun scanner="nmap" args=...>
> ...
> </nmaprun>
>
> Which does not meet the DTD and even worse, it's not well formed XML.
>
> The attached patch solve this issue, avoiding the prologue when the --
> append_output is present. However, this not solve all the problems. When
> trying to process the generated XML, the XSL transformation will fail,
> because there are two root elements (two <nmaprun>).
>
> The problem is that the present DTD for nmap do not take into account
> multiple runs. IMHO, the better way to solve this, is enclosing all the
> <nmaprun> tags into a new root element, i.e. <nmapruns> (note the 's'),
> which will contain a list of <nmaprun> childs.
>
> This way, adding new nmap results to an existing set of previous nmap
> runs, is just a matter to add them within a new <nmaprun> child into the
> root element. Of course, this requires a change on the current DTD, but
> it's a minor change.
>
> I do these changes, because in my job as pentester, I periodically run
> surgical nmap tests against one target (not a range of targets), and I
> want to keep this results in a one-file-per-ip basis. Previously, I did
> this using normal and grepable formats, but since the new XML feature of
> nmap is available, I really want to use it, because it's too much
> suitable for later report generation.
>
> The attached patch is for version 3.81, and include required changes to
> nmap.cc, output.cc, nmap.xsl and nmap.dtd.
>
> I hope this help!
>
>
> Regards,
> Duilio Protti.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Oct 10 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos