Nmap Development mailing list archives

Re: Nmap-Parser-XML

From: Detmar Liesen <detmar.liesen () gmx de>
Date: Tue, 30 Dec 2003 13:39:58 +0100

Hi all. I forward you my previous message (see below) as advised byFyodor (thanks for the response):

____________________________________
Fyodor wrote:
I'm glad to hear about your project.  Please resend this mail to
nmap-dev () insecure org, since this is development related.

Cheers,
-F

____________________________________
Detmar wrote:
Hi Anthony, hi others,
how about modifying the nmap-xml output so that it can create idmef
(intrusion detection message exchange format) xml format?
We (Sandro Poppi and I) are trying to develop a correlation framework
for snort, nmap, nessus and other ids/firewall/security scanner/audit -
devices:
www.sourceforge.net/projects/threatman
If nmap had an output module that provides idmef-compliant output, this
would be a great thing, because it would spare us the need to write an
input plugin for nmap ourselves.
;)

This would further enable us to have a first proof-of-concept
application for Threatman, i.e. correlating snort-output with
nmap-output,  as soon as the core framework is working. Since now,
Sandro has already managed to implement the so called "device-proxy"
that allows us to send back and forth idmef-messages.
Sandro has further taken over maintenance of the snort-idmef plugin.

BTW: New members will always be warmly welcomed in the team.
:)

I wish you all a happy new year.

Cheers,
--Detmar

Anthony G Persaud wrote:

I have been using perl to write security audit scripts with nmap. I havecreated a perl module (its been a while now), and it is available on CPAN andSourceforge.net. The module can be used in perl scripts to parse the nmap xmloutput and extract the needed information. Hopefully it is useful to others.
http://search.cpan.org/~apersaud/Nmap-Parser-XML-0.71/
or
http://sourceforge.net/projects/npx


Anthony G Persaud

"The state of your life is nothing more than a reflection of your state of mind"








--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email tonmap-hackers-help () insecure org . List archive: http://seclists.org

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Re: Nmap-Parser-XML Detmar Liesen (Dec 30)