Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Ndiff ready to be tested
From: David Fifield <david () bamsoftware com>
Date: Tue, 1 Jul 2008 00:48:09 -0600

On Thu, Jun 26, 2008 at 11:44:47PM -0400, Michael Pattrick wrote:
This week I have been coding Ndiff, a utility to compare nmap xml
files and produce a XML or YAML formatted difference file. and as of
now, Ndiff is at a state of reasonable usability! So I would
appreciate it if you would try it out and tell me what you though. I'm
considering ways to remove the nmap::parser dependency but any other
feedback you could provide would be much appreciated.

Great job on this. It is a challenge to start an application from
scratch and you have handled it well. My specific comments are below.

You can find it here[1], it requires PERL and the latest copy of
nmap::parser[2]. The syntax is as follows:
print YAML to screen:
ndiff.pl -y newerscan.xml older.xml

To me the order new, old is unintuitive. I would prefer old, new like
diff takes.

print XML to screen:
ndiff.pl -x newerscan.xml older.xml
print XML to file:
ndiff.pl -X outfile.xml newerscan.xml older.xml
print YAML to file:
ndiff.pl -Y outfile.txt newerscan.xml older.xml

I was confused about the YAML output. It seems to be serving the purpose
of plain text output. Is it really YAML? It seems like the colons in the
output would break that. It looks good for plain text, though perhaps it
could use one less level of indentation.

I can see using the plain text output the most, so I would like to see
it the default when no other output option is given. When I run without
a -x or -y option I get

Syntax: ndiff (-[y|Y]|-[x|X]) [out.file] newerscan.xml oldscan.xml [olderscan.xml] [...]

you can also diff multiple files at the same time:
ndiff.pl -Y outfile.txt newestscan.xml newerscan.xml older.xml oldest.xml

That's really cool. Good idea.

I also have an up to date valid DTD and sample output XML files here [3]

I would like to see sample input files, both as a demonstration and to
test tricky cases. You can doctor output files you generate in order to
make good samples. Here are a couple of ideas I had:
* A host with extraports in more than one state.
* A host that is identical between scans except for its address.

Packaging Nmap::Parser works for running the application from its
directory. How about installation? When ndiff.pl is installed Parser.pm
has to go somewhere unless Nmap::Parser is already installed somewhere.
Considering the small subset of the output the Ndiff uses, maybe a
simple custom parser would be appropriate. You just need one complex
enough to build a list of hosts, each with a list of services.

Can you make a version that uses a standard Perl library (XML::Writer?)
to write the XML? I'm afraid that string concatenation is too fragile.
At least you have to escape all the values you insert to get rid of
special characters like &.

Eventually Ndiff is supposed to ship with Nmap. So there is polish like
an installation mechanism that will have to be done.

The output formats and DTD are already a great contribution. It's good
that you spent adequate time developing them.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]