Nmap Development mailing list archives
Re: Parsing nmap XML (OS Fingerprint part)
From: "Guilherme Polo" <ggpolo () gmail com>
Date: Thu, 23 Aug 2007 11:42:50 -0300
2007/8/23, Lawrence Waterhouse <lawrence.waterhouse () gmail com>:
Hello folks, As a learning exercice i am writing a script to parse nmap XML file to database in python. I am having problem parsing the "OS fingerprint" part... consider the following XML tidbit:
You may consider taking a look at NmapParser that Umit is using. Also, I've done a Python package for converting XML to database (also does some other things) using that parser.
<os><portused state="open" proto="tcp" portid="80" /> <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="100" /> <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.5.X" accuracy="100" /> <osmatch name="Linux 2.4.0 - 2.5.20 w/o tcp_timestamps" accuracy="100" line="11364" /> <osmatch name="Linux 2.4.22 (x86) w/grsecurity patch and with timestamps disabled" accuracy="100" line="12000" /> <osfingerprint fingerprint=" SCAN(V=4.22SOC3%D=8/17%OT=80%CT=%CU=%PV=Y%DS=1%G=N%M=000E7F%TM=46C5B64A%P=i686-pc-windows-windows) TSeq(Class=RI%gcd=1%SI=374EC2%IPID=Z%TS=U) T1(Resp=Y%DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=MNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16D0%ACK=S++%Flags=AS%Ops=MNW) T4(Resp=N) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) " /> </os> wich one i should decide to parse in my database if there more than one "100% accuracy" result ? what about the following: <os><portused state="open" proto="tcp" portid="23" /> <portused state="closed" proto="tcp" portid="1" /> <osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="100" /> <osclass type="switch" vendor="Xylan" osfamily="embedded" accuracy="100" /> <osclass type="printer" vendor="Epson" osfamily="embedded" accuracy="100" /> <osclass type="firewall" vendor="SonicWALL" osfamily="SonicOS" accuracy="100" /> <osclass type="router" vendor="Trancell" osfamily="embedded" accuracy="100" /> <osclass type="general purpose" vendor="DEC" osfamily="VMS" accuracy="100" /> <osclass type="broadband router" vendor="Ericsson" osfamily="embedded" accuracy="100" /> <osclass type="switch" vendor="Extreme Networks" osfamily="embedded" accuracy="100" /> <osclass type="switch" vendor="HP" osfamily="VxWorks" accuracy="100" /> <osclass type="terminal server" vendor="Bay Networks" osfamily="embedded" accuracy="100" /> <osclass type="X terminal" vendor="Labtam" osfamily="embedded" accuracy="100" /> <osclass type="general purpose" vendor="Sun" osfamily="SunOS" accuracy="100" /> <osclass type="bridge" vendor="Gatorbox" osfamily="GatorShare" accuracy="100" /> <osclass type="terminal server" vendor="Xylogics" osfamily="embedded" accuracy="100" /> <osclass type="general purpose" vendor="Hitachi" osfamily="HI-UX" accuracy="100" /> <osmatch name="Router/Switch/Printer/Firewall (LanPlex 2500/Cisco Catalyst 5505/Cisco 6509/Trancell Webramp/Xylan OmniSwitch)/Epson Stylus (100BTX-NIC HP Secure Web Console, SonicWALL firewall appliance 3.3.1)" accuracy="100" line="3538" /> <osmatch name="DEC VAX/VMS 5.3 on a MicroVAX II" accuracy="100" line="6355" /> <osmatch name="Ericsson Congo router" accuracy="100" line="6832" /> <osmatch name="Extreme Gigabit switch (unknown version)" accuracy="100" line="6882" /> <osmatch name="VxWorks 5.3.x bases system (usually an Ethernet hub or switch such as HP ProCurve) or Bay Networks MicroAnnex XL terminal server" accuracy="100" line="8818" /> <osmatch name="Labtam MT300, X-Terminal Kernel" accuracy="100" line="10276" /> <osmatch name="Sun SunOS 4.1.1 - 4.1.4 (or derivative)" accuracy="100" line="20487" /> <osmatch name="Xylan OmniSwitch 5x/9x Ethernet switch, Xylogics Annex-III Comm server R10.0, or Hitachi HI-UX/WE2" accuracy="100" line="21373" /> <osfingerprint fingerprint=" SCAN(V=4.22SOC3%D=8/17%OT=23%CT=1%CU=%PV=Y%DS=1%G=N%M=009092%TM=46C5B64A%P=i686-pc-windows-windows) TSeq(Class=64K%IPID=I%TS=U) T1(Resp=Y%DF=N%W=1000%ACK=S++%Flags=AS%Ops=M) T2(Resp=N) T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=) T4(Resp=Y%DF=N%W=1000%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=N) " /> </os> I am puzzled ! Lawrence _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- -- Guilherme H. Polo Goncalves _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Parsing nmap XML (OS Fingerprint part) Lawrence Waterhouse (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Guilherme Polo (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Lawrence Waterhouse (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Guilherme Polo (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Lawrence Waterhouse (Aug 23)
- Message not available
- Fwd: Parsing nmap XML (OS Fingerprint part) Guilherme Polo (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Guilherme Polo (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Lawrence Waterhouse (Aug 23)
- Message not available
- Re: Parsing nmap XML (OS Fingerprint part) Lawrence Waterhouse (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Guilherme Polo (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Lawrence Waterhouse (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Guilherme Polo (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Lawrence Waterhouse (Aug 23)
- Re: Parsing nmap XML (OS Fingerprint part) Guilherme Polo (Aug 23)