Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: xmpp.nse
From: Vasiliy Kulikov <segooon () gmail com>
Date: Sun, 8 May 2011 19:34:08 +0400

On Sat, May 07, 2011 at 23:15 +0200, Henri Doreau wrote:
Make it a bit more robust against unexpected input. It would be nice
to track context more thoroughly while parsing tags. For instance the
"required" tag should be ignored if not a child of "starttls" element.
Your parsing function already offers everything to do it properly.

Yes, I thought about it too.  At first I wanted to do full XML parsing
and validation, but then realized that it would be overhead for such a
simple parsing and would bloat the code.  The only potential issue I see
is using these names in another tags as additional nonofficial features.
The simplest way to better handle tag positions I see is flagging
whether we are in some tag.  Or if there are more potential users of
XML data I can write library for XML parsing, but for xmpp only it would
be overkill.

You might also try to standardize the output to harmonize it with
other scripts. The stdnse.format_output() function is the standard way
to display nested named tables [1]. I am thinking about the XMPP
server mechanisms, that could be displayed under a single "Mechanisms"
label (as ssl-enum-ciphers.nse does for instance [2]).

This makes sense.  Also I'm thinking about "decrypting" X-GOOGLE-TOKEN
mechanism: it means a support of GoogleTalk (does google wave use
similar thing?).  Smth like this:

| xmpp: 
|   mechanism: X-GOOGLE-TOKEN
|   GoogleTalk: supported

Or maybe:

|   Supports: GoogleTalk GoogleWave


Thanks,

-- 
Vasiliy
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]