mailing list archives
XML service fingerprint output patch
From: "Brandon Enright" <bmenrigh () ucsd edu>
Date: Sat, 4 Feb 2006 08:02:27 -0000
I've always found the service fingerprints that get outputted to the screen
for unknown services with -sV to be extremely useful even in their raw form.
Grepping through them has found innumerable compromised machines on our
This patch addresses their availability in XML output. For each <service>
element if the service has a fingerprint it is included in a new attribute
named "servicefp". They service fingerprints have been cleaned up a little
so they are more XML and database ready.
The patch includes the necessary changes to the DTD released with 4.0 so
that the documents are valid and well defined.
Although I haven't tested these changes against the current Nmap::Parser
perl module or other Nmap-specific parsers, the changes are small, valid XML
that should not effect any current parsing.
The DTD changes include several fixes that aren't service fingerprint
specific. This includes the changes I submitted yesterday and a few more.
If for some reason it is decided that this patch won't be applied to Nmap,
I'll send a patch for the DTD that doesn't include the service fingerprint
Hope this is useful!
UCSD ACS/Network Operations
bmenrigh () ucsd edu
Sent through the nmap-dev mailing list
- XML service fingerprint output patch Brandon Enright (Feb 04)