Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC][patch] XML structured script output (output diff)
From: David Fifield <david () bamsoftware com>
Date: Wed, 13 Jun 2012 16:37:16 -0700

On Sun, May 27, 2012 at 10:19:46PM -0500, Daniel Miller wrote:
I've attached 2 xml files, before.xml and after.xml, which I hope I've
sanitized sufficiently from a quick scan of my network (-sC). Note
that these represent the output of scripts that have not been modified
in any way from their current state. Modifying scripts to use the
format recommended by stdnse.format_output will result in more useful
organization of results in the new XML format, and further clarifying
key-value pairs when returning results will make results even more
useful.

Thanks for these sample, Daniel. I have some more comments on structured
XML output that I send in a further message. For the sake of comments,
here is a diff showing the changes between your sample files.

For an example of output from a script that doesn't use format_output,
look for http-title. For output using format_output, look for
smb-os-discovery.

David

diff -u <(tidy -utf8 -xml -indent before.xml) <(tidy -utf8 -xml -indent after.xml)

-        <script id="http-methods"
-        output="No Allow or Public header in OPTIONS response (status code 501)" />
-        <script id="http-title"
-        output="301 Moved Permanently Did not follow redirect to https://router/"; />
+        <script id="http-title">
+          <elem>301 Moved Permanently
+          Did not follow redirect to https://router/</elem>
+        </script>
+        <script id="http-methods">
+          <elem>No Allow or Public header in OPTIONS response
+          (status code 501)</elem>
+        </script>

-        <script id="ssl-cert"
-        output="Subject: commonName=XXXXXXXXXXXX/organizationName=Cisco-Linksys,LLC/countryName=US Not valid before: 
2008-07-04 00:00:06 Not valid after: 2018-07-02 00:00:06" />
-        <script id="http-methods"
-        output="No Allow or Public header in OPTIONS response (status code 501)" />
-        <script id="http-title"
-        output="Site doesn't have a title (text/html)." />
+        <script id="ssl-cert">
+          <elem>Subject:
+          commonName=XXXXXXXXXX/organizationName=Cisco-Linksys,LLC/countryName=US
+          Not valid before: 2008-07-04 00:00:06
+          Not valid after: 2018-07-02 00:00:06</elem>
+        </script>
+        <script id="http-title">
+          <elem>Site doesn't have a title (text/html).</elem>
+        </script>
+        <script id="http-methods">
+          <elem>No Allow or Public header in OPTIONS response
+          (status code 501)</elem>
+        </script>

-        <script id="http-methods"
-        output="Potentially risky methods: TRACE See http://nmap.org/nsedoc/scripts/http-methods.html"; />
-        <script id="http-title" output=" PX-EH" />
+        <script id="http-title">
+          <elem>PX-EH</elem>
+        </script>
+        <script id="http-methods">
+          <elem>Potentially risky methods: TRACE
+          See
+          http://nmap.org/nsedoc/scripts/http-methods.html</elem>
+        </script>

-      <script id="nbstat"
-      output="NetBIOS name: NAS, NetBIOS user: &lt;unknown&gt;, NetBIOS MAC: &lt;unknown&gt;" />
+      <script id="nbstat">
+        <elem>NetBIOS name: NAS, NetBIOS user: &lt;unknown&gt;,
+        NetBIOS MAC: &lt;unknown&gt;</elem>
+      </script>

-        <script id="ssh-hostkey"
-        output="1024 0b:0f:0c:0a:08:0e:0e:0d:0d:03:00:01:00:05:02:04 (DSA) 2048 
a9:0c:08:02:03:04:04:00:08:0d:03:01:09:0e:0c:01 (RSA)" />
+        <script id="ssh-hostkey">
+          <elem>1024
+          0b:0f:0c:0a:08:0e:0e:0d:0d:03:00:01:00:05:02:04 (DSA)
+          2048 a9:0c:08:02:03:04:04:00:08:0d:03:01:09:0e:0c:01
+          (RSA)</elem>
+        </script>

-        <script id="http-methods"
-        output="No Allow or Public header in OPTIONS response (status code 500)" />
-        <script id="http-title" output="XenServer 5.6.0" />
+        <script id="http-title">
+          <elem>XenServer 5.6.0</elem>
+        </script>
+        <script id="http-methods">
+          <elem>No Allow or Public header in OPTIONS response
+          (status code 500)</elem>
+        </script>

-        <script id="http-title" output="XenServer 5.6.0" />
-        <script id="ssl-cert"
-        output="Subject: commonName=192.168.1.5 Not valid before: 2010-06-30 16:40:11 Not valid after: 2020-06-27 
16:40:11" />
-        <script id="sslv2"
-        output="server supports SSLv2 protocol, but no SSLv2 cyphers" />
-        <script id="http-methods"
-        output="No Allow or Public header in OPTIONS response (status code 500)" />
+        <script id="http-title">
+          <elem>XenServer 5.6.0</elem>
+        </script>
+        <script id="ssl-cert">
+          <elem>Subject: commonName=192.168.1.5
+          Not valid before: 2010-06-30 16:40:11
+          Not valid after: 2020-06-27 16:40:11</elem>
+        </script>
+        <script id="sslv2">
+          <elem>server supports SSLv2 protocol, but no SSLv2
+          cyphers
+          </elem>
+        </script>
+        <script id="http-methods">
+          <elem>No Allow or Public header in OPTIONS response
+          (status code 500)</elem>
+        </script>

-        <script id="ssh-hostkey"
-        output="1024 66:04:00:09:01:0f:0c:0c:00:02:0d:0a:05:07:0e:0c (DSA) 2048 
0f:01:0e:07:0c:03:09:0b:02:0f:0a:0e:0e:0c:0f:08 (RSA)" />
+        <script id="ssh-hostkey">
+          <elem>1024
+          66:04:00:09:01:0f:0c:0c:00:02:0d:0a:05:07:0e:0c (DSA)
+          2048 0f:01:0e:07:0c:03:09:0b:02:0f:0a:0e:0e:0c:0f:08
+          (RSA)</elem>
+        </script>

-        <script id="http-title" output="XenServer 5.6.0" />
-        <script id="http-methods"
-        output="No Allow or Public header in OPTIONS response (status code 500)" />
+        <script id="http-methods">
+          <elem>No Allow or Public header in OPTIONS response
+          (status code 500)</elem>
+        </script>
+        <script id="http-title">
+          <elem>XenServer 5.6.0</elem>
+        </script>

-        <script id="ssl-cert"
-        output="Subject: commonName=192.168.1.6 Not valid before: 2010-06-30 16:49:57 Not valid after: 2020-06-27 
16:49:57" />
-        <script id="sslv2"
-        output="server supports SSLv2 protocol, but no SSLv2 cyphers" />
-        <script id="http-title" output="XenServer 5.6.0" />
-        <script id="http-methods"
-        output="No Allow or Public header in OPTIONS response (status code 500)" />
+        <script id="sslv2">
+          <elem>server supports SSLv2 protocol, but no SSLv2
+          cyphers
+          </elem>
+        </script>
+        <script id="http-title">
+          <elem>XenServer 5.6.0</elem>
+        </script>
+        <script id="ssl-cert">
+          <elem>Subject: commonName=192.168.1.6
+          Not valid before: 2010-06-30 16:49:57
+          Not valid after: 2020-06-27 16:49:57</elem>
+        </script>
+        <script id="http-methods">
+          <elem>No Allow or Public header in OPTIONS response
+          (status code 500)</elem>
+        </script>

-        <script id="ssh-hostkey"
-        output="1024 ca:03:0d:00:0f:0e:01:07:07:00:05:0a:09:0a:0c:06 (DSA) 2048 
e6:09:0f:0d:05:0a:0a:0b:03:0c:0f:00:0e:04:0f:01 (RSA)" />
+        <script id="ssh-hostkey">
+          <elem>1024
+          ca:03:0d:00:0f:0e:01:07:07:00:05:0a:09:0a:0c:06 (DSA)
+          2048 e6:09:0f:0d:05:0a:0a:0b:03:0c:0f:00:0e:04:0f:01
+          (RSA)</elem>
+        </script>

-        <script id="http-methods"
-        output="No Allow or Public header in OPTIONS response (status code 301)" />
-        <script id="http-title" output="Our Wiki" />
-        <script id="http-generator" output="MediaWiki 1.15.1" />
+        <script id="http-methods">
+          <elem>No Allow or Public header in OPTIONS response
+          (status code 301)</elem>
+        </script>
+        <script id="http-generator">
+          <elem>MediaWiki 1.15.1</elem>
+        </script>
+        <script id="http-title">
+          <elem>Our Wiki</elem>
+        </script>

-        <script id="rpcinfo"
-        output="program version port/proto service  100000 2 111/tcp rpcbind  100000 2 111/udp rpcbind  100003 2,3,4 
2049/tcp nfs  100003 2,3,4 2049/udp nfs  100005 1,2,3 43468/tcp mountd  100005 1,2,3 51346/udp mountd  100021 1,3,4 
50944/udp nlockmgr  100021 1,3,4 53915/tcp nlockmgr  100024 1 37300/tcp status  100024 1 51621/udp status" />
+        <script id="rpcinfo">
+          <elem>program version port/proto service</elem>
+          <elem>100000 2 111/tcp rpcbind</elem>
+          <elem>100000 2 111/udp rpcbind</elem>
+          <elem>100003 2,3,4 2049/tcp nfs</elem>
+          <elem>100003 2,3,4 2049/udp nfs</elem>
+          <elem>100005 1,2,3 43468/tcp mountd</elem>
+          <elem>100005 1,2,3 51346/udp mountd</elem>
+          <elem>100021 1,3,4 50944/udp nlockmgr</elem>
+          <elem>100021 1,3,4 53915/tcp nlockmgr</elem>
+          <elem>100024 1 37300/tcp status</elem>
+          <elem>100024 1 51621/udp status</elem>
+        </script>

-        <script id="ssh-hostkey"
-        output="1024 84:0d:0b:0b:0a:01:0a:03:09:0f:09:03:06:02:0b:02 (DSA) 2048 
7f:02:0e:0a:04:00:07:08:05:02:0d:08:0e:0f:01:07 (RSA)" />
+        <script id="ssh-hostkey">
+          <elem>1024
+          84:0d:0b:0b:0a:01:0a:03:09:0f:09:03:06:02:0b:02 (DSA)
+          2048 7f:02:0e:0a:04:00:07:08:05:02:0d:08:0e:0f:01:07
+          (RSA)</elem>
+        </script>

-        <script id="http-title" output="Moved" />
+        <script id="http-title">
+          <elem>Moved</elem>
+        </script>

-      <script id="smbv2-enabled"
-      output="Server supports SMBv2 protocol" />
-      <script id="nbstat"
-      output="NetBIOS name: XXXX, NetBIOS user: &lt;unknown&gt;, NetBIOS MAC: xx:xx:xx:xx:xx:xx (unknown)" />
-      <script id="smb-os-discovery"
-      output=" OS: Windows Vista (TM) Enterprise 6002 Service Pack 2 (Windows Vista (TM) Enterprise 6.0)  Computer 
name: XXXX  NetBIOS computer name: XXXX  Workgroup: WORKGROUP  System time: 2012-05-27 21:58:06 UTC-5" />
-      <script id="smb-security-mode"
-      output="  Account that was used for smb scripts: &lt;blank&gt;  User-level authentication  SMB Security: 
Challenge/response passwords supported  Message signing disabled (dangerous, but default)" />
+      <script id="smb-security-mode">
+        <elem>Account that was used for smb scripts: guest</elem>
+        <elem>User-level authentication</elem>
+        <elem>SMB Security: Challenge/response passwords
+        supported</elem>
+        <elem>Message signing disabled (dangerous, but
+        default)</elem>
+      </script>
+      <script id="nbstat">
+        <elem>NetBIOS name: XXXX, NetBIOS user: &lt;unknown&gt;,
+        NetBIOS MAC: xx:xx:xx:xx:xx:xx (unknown)</elem>
+      </script>
+      <script id="smbv2-enabled">
+        <elem>Server supports SMBv2 protocol</elem>
+      </script>
+      <script id="smb-os-discovery">
+        <elem>OS: Windows Vista (TM) Enterprise 6002 Service Pack 2
+        (Windows Vista (TM) Enterprise 6.0)</elem>
+        <elem>Computer name: XXXX</elem>
+        <elem>NetBIOS computer name: XXXX</elem>
+        <elem>Workgroup: WORKGROUP</elem>
+        <elem>System time: 2012-05-27 21:35:31 UTC-5</elem>
+      </script>

-        <script id="http-title" output="Teh Internets!" />
+        <script id="http-title">
+          <elem>Teh Internets!</elem>
+        </script>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault