Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Zenmap Compare really broken?
From: Jabra <jabra () spl0it org>
Date: Sat, 31 May 2008 20:14:38 -0400

On 31.May.2008 03:46PM -0700, Fyodor wrote:
On Sat, May 31, 2008 at 03:44:08PM -0600, David Fifield wrote:
On Fri, May 30, 2008 at 08:58:30PM -0700, Fyodor wrote:
On Fri, May 30, 2008 at 05:11:05PM -0600, David Fifield wrote:

Agreed. Current Zenmap comparison is not helpful. Part of Jurand's
Summer of Code proposal has to do with this:

Great!


I would like to see diff output something like this:

10.0.0.1: changed from down to up.
10.0.0.1: port 22/tcp changed from unknown to open.
10.0.0.1: 1664 ports changed from unknown to filtered.
10.0.0.2: reverse DNS changed from "mail.site.whatever" to "www.site.whatever".
10.0.0.2: service on port 10250 changed from "Foobar 1.99" to "Foobar 2.00".
10.0.0.2: port 80/tcp changed from open to closed.
etc.

Looks good to me, though figuring out the best way to present it
certainly merits plenty of thought and brainstorming.

And for output like this, I believe it would be best to have an
independent program/script which compares two Nmap XML output files
and then produces output like this (and maybe in an XML format too).
After all, this diff functionality is useful for all Nmap users, not
just the Zenmap folks.  Though Zenmap could possibly improve the
output in some way since it has advantages of being able to change
colors, include icons, etc. if desired.

It would be nice to just be able to run ndiff /tmp/scan1.xml /tmp/scan2.xml

The hard part, I think, is designing the interface for specifying that
two scans are "the same scan," just displaced in time. It's easy enough
to just have the user manually select two scans to compare, but a higher
degree of sophistication would be better. For example, say you have a
scan you run every day. Zenmap should be able to give you a nice report
with output like I showed above for every day in a long sequence, like
this:

If the external ndiff application generates the report, someone can
write a 5-line cron script which runs Nmap every day and emails them
the results.  Or they can hook it into their processes in other ways.


I gave a presentation at LinuxWorld back in August 2006 and
another talk to the Boston Linux User group with more detail in
January 2007. This stuff might be helpful as PBNJ already does the
Nmap comparisons which Zenmap is looking to do.

http://pbnj.sourceforge.net/talks/dynamic-network-mapping-BLU-01-17-07.pdf

Screenshots of PBNJ:

http://pbnj.sourceforge.net/images/scan1.gif
(Scan which inputs to the database)

http://pbnj.sourceforge.net/images/scan2.gif
(Scan after stopping SSH)

By default the results are stored in a SQLite database, however you
can store them in postgres or mysql easily.

Docs for using postgres or mysql:

http://pbnj.sourceforge.net/docs/pbnj-postgres.txt

http://pbnj.sourceforge.net/docs/pbnj-mysql.txt

The project has more information:
http://pbnj.sf.net

Regards,
Jabra

-- 
Jabra < jabra () spl0it org >
http://www.spl0it.org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]