Home page logo
/

nmap-dev logo Nmap Development mailing list archives

XML service fingerprint output patch
From: "Brandon Enright" <bmenrigh () ucsd edu>
Date: Sat, 4 Feb 2006 08:02:27 -0000

Developers,

I've always found the service fingerprints that get outputted to the screen
for unknown services with -sV to be extremely useful even in their raw form.
Grepping through them has found innumerable compromised machines on our
networks.

This patch addresses their availability in XML output.  For each <service>
element if the service has a fingerprint it is included in a new attribute
named "servicefp".  They service fingerprints have been cleaned up a little
so they are more XML and database ready.

The patch includes the necessary changes to the DTD released with 4.0 so
that the documents are valid and well defined.

Although I haven't tested these changes against the current Nmap::Parser
perl module or other Nmap-specific parsers, the changes are small, valid XML
that should not effect any current parsing.

The DTD changes include several fixes that aren't service fingerprint
specific.  This includes the changes I submitted yesterday and a few more.
If for some reason it is decided that this patch won't be applied to Nmap,
I'll send a patch for the DTD that doesn't include the service fingerprint
parts.

Hope this is useful!

Brandon


--
Brandon Enright
UCSD ACS/Network Operations
bmenrigh () ucsd edu

Attachment: xml_sf_output.patch.txt
Description:



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

  By Date           By Thread  

Current thread:
  • XML service fingerprint output patch Brandon Enright (Feb 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault