Nmap Development mailing list archives
Re: nmap PostgreSQL patch
From: Fyodor <fyodor () insecure org>
Date: Sun, 7 Jul 2002 18:38:30 -0700
On Sun, Jun 30, 2002 at 10:24:32PM +0100, Bradley Kite wrote:
Hi there. I've just finished writing a patch to nmap so that it logs to a PostgreSQL database.
Nice. I just read through it. The patch even has "bonus features" like port banner checking :). I am sure many people will find it useful. Postgress is my preferred DB as well. Have you considered parsing Nmap XML output rather than hooking into a parallel set of Nmap output routines? This has several advantages: o It would work with new versions of Nmap without having to modify your patch to adjust for any internal Nmap changes. No need to even apply your patch -- you could just use the Nmap version which comes with your OS or use the FreeBSD ports collection, Debian package system, Redhat RPMs, sunfreeware.com, etc. o It avoids bloating the Nmap codebase. If I was to add Postgress output, MySQL, Oracle, HTML, LDAP, etc to the main tree, Nmap would become quite unwieldy and brittle. On the other hand, if these output plugins interface with Nmap XML, I can mess with Nmap internals all I want without breaking them. Someday I would like to have a general Nmap DB output driver, so I could just run something like: nmap -sS -O -oX - targetnet/16 | nmapdb --postgress nmap@dbhost One issue is that many (all?) XML parser seem to require a complete document before they start returning parsed tags. This would make things difficult for the many apps which would want to process new <host> tags (or even <port> tags) as they appear. For example, a graphical Nmap GUI (or the Nessus daemon) would not want to wait for Nmap to finish running before processing any results. Does anyone on the list know of a good way to handle this? I am not any sort of XML expert. Perhaps some parsers can deal with incremental XML? Or perhaps Nmap should spit out a new complete XML document for each host and just concatenate them all together? Cheers, Fyodor --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Re: nmap PostgreSQL patch Roeland Th. Jansen (Jul 01)
- <Possible follow-ups>
- Re: nmap PostgreSQL patch Fyodor (Jul 07)