Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [Ndiff] RFC: Add nmaprun element diff to niff xml output
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 08 Mar 2011 17:24:45 -0600


Shamelessly bumping this, but I would like to know if there are any suggestions for changes to be made on this patch. I expected it to be rather straightforward, since
1. The XML output is already not empty if the scans are the same, and
2. The XML output contains no information to identify the 'a' and 'b' scans (i.e. it is entirely dependent on the user to remember the order in which he specified the scans on the command line)

I've already written some code for a personal project that depends on this functionality, but I would be willing to rewrite if someone has a better way of doing this.


On 02/09/2011 02:18 PM, Daniel Miller wrote:

Found a bug in my patch, looks like this:
Traceback (most recent call last):
   File "<stdin>", line 1, in<module>
   File "ndiff.py", line 486, in print_text
     banner_a = format_banner(self.scan_a)
   File "ndiff.py", line 415, in format_banner
     return u" ".join(parts)
TypeError: sequence item 0: expected string or Unicode, NoneType found

Fix was to check scan.scanner is not None in format_banner. Fixed
patch attached.


On Sat, Feb 5, 2011 at 7:48 PM, Daniel Miller<bonsaiviking () gmail com>  wrote:

I've attached a patch for ndiff that does 3 things:

1. Adds a<scan>  element to the XML output to show differences between
the<nmaprun>  elements of the diffed scans. Ndiff already outputs
similar info in text mode. This information does not affect the diff
cost of 2 scans, so a diff will still not be output if the scan
results did not change. Example:
<nmapdiff version="1">
      <scan args="nmap -vv -A -sS -sU -oA lan-full-%y%m%d --script not
*brute* and not qscan" scanner="nmap"
start="1273248523" startstr="Fri May 07 16:08:43 2010"
      <scan args="nmap -v -A -oA lan-full-%y%m%d --open" scanner="nmap" start="1296469222" startstr="Mon Jan 31
10:20:22 2011" version="5.51SVN"/>

2. Changed the text-mode output of Ndiff to more closely match the
first line of Nmap output. Example:
Original output:
-Nmap 5.51SVN at 2011-01-31 10:20
+Nmap 5.30BETA1 at 2010-05-07 16:08

New output:
-Nmap 5.51SVN scan initiated Mon Jan 31 10:20:22 2011 as: nmap -v -A
-oA lan-full-%y%m%d --open
+Nmap 5.30BETA1 scan initiated Fri May 07 16:08:43 2010 as: nmap -vv
-A -sS -sU -oA lan-full-%y%m%d --script not *brute* and not qscan

3. Changes the Ndiff DTD to reflect changes in XML output.
Essentially, the new<scan>  element is now a diffable element, allowed
to be a child of an<a>  or<b>  element.


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]