Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: New patch for XML output

Re: New patch for XML output

From: Fyodor <fyodor_at_insecure.org>
Date: Thu, 20 Dec 2007 19:47:21 -0800

On Fri, Dec 14, 2007 at 10:28:39AM -0700, David Fifield wrote:
> On Fri, Dec 14, 2007 at 08:10:14AM -0300, Joćo Medeiros wrote:
> > I don't know if you the the topic [0] that I talk about the
> > problem. In it the reason to do this is explained. I don't understand
> > if you mean that is not necessary escape this, or if exists a better
> > way to solve the problem. If it's the first, please read the link
> > below.
> >
> > [0] http://seclists.org/nmap-dev/2007/q4/0572.html
>
> You're right, I didn't realize that this was a follow-up patch. I'm also
> more ignorant of XML than I thought. It seems painful, because it will
> create a bunch of long ugly lines in the XML output (that can't be cut
> and pasted), but your solution seems like the right one. Escaping
> whitespace characters is only required in attribute values, but then
> almost everything in Nmap XML is stored in attributes anyway. I'll think
> about it and leave some time for others to comment but I think I'll
> commit the rest of your patch.

Maybe we move things such as the OS fingerprint out of attributes and
into plain content. So instead of having:

<osfingerprint fingerprint="
SCAN(V=4.50%D=12/20%OT=22%CT=70%CU=%PV=N%G=N%TM=476B362D%P=x86_64-unknown-linux-gnu)
SEQ(SP=C7%GCD=1%ISR=CA%TI=Z%II=I%TS=A)
OPS(O1=M5ACST11NW7%O2=M5ACST11NW7%O3=M5ACNNT11NW7%O4=M5ACST11NW7%O5=M5ACST11NW7%O6=M5ACST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%TG=40%W=16D0%O=M5ACNNSNW7%CC=N%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5ACST11NW7%RD=0%Q=)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%TOSI=Z%CD=S%SI=S%DLI=S)
" />

We could have:

<osfingerprint>
SCAN(V=4.50%D=12/20%OT=22%CT=70%CU=%PV=N%G=N%TM=476B362D%P=x86_64-unknown-linux-gnu)
SEQ(SP=C7%GCD=1%ISR=CA%TI=Z%II=I%TS=A)
OPS(O1=M5ACST11NW7%O2=M5ACST11NW7%O3=M5ACNNT11NW7%O4=M5ACST11NW7%O5=M5ACST11NW7%O6=M5ACST11)
WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)
ECN(R=Y%DF=Y%TG=40%W=16D0%O=M5ACNNSNW7%CC=N%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5ACST11NW7%RD=0%Q=)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%TOSI=Z%CD=S%SI=S%DLI=S)
</osfingerprint>

Would that resolve Joćo's issue? I'm trying to remember if there was
a good reason that we put almost everything in attributes.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 20 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos