A formal language for NMAP?

[Lorenzo Rossi <tacchino801 () libero it>]

Hi,

I'm new to nmap, I tested it and I did not found one usefull option...
but before to say stupid thinks, I would like to show you my simple
considerations.

..sorry for the language...

Looking at nmap, xprobe2 and hping2, they are powerfull tools, and each
of it give you it's best on particular network topology and against a
particular organization security policy.
None of it has the ability to save the result of the performed probes
with a formal language.

If I'm wrong, please do not care about the line below.

Now you are thinking I'm crazy...:)
Let me explain..

Suppose for a while you have to do a pen-test and you would like to use
some caracteristcs of each tool on a particular step of penetration
activity, and store the result of the step to be manually o
automatically analized for considerations on how to procede to the next
step.
Each of tool mentioned above give you the result with it's own syntax
and they process the results.

I think could be usefull to have the collected data stored in a formal
language and without any process applied to it.
Doing so, will be possible to create external programs, like pen-test
frameworks, with some decisional capability that you buil your own, that
take the input from a program like nmap and procede to the next step of
the pen-test activity, with decision based on the information it has
form the step before.

For example:
You set the constraints of the framework:

- If you would like to minimize the traffic or if you would like precise
informations.
- If you would like to use a particular protocol or you would like to
use first ICMP than TCP, and the order of the various type of the
messages sent. 

..ecc..ecc..


The core of the framework, a sort of decision module,  start a program
performing a traceroute, it store the IP and the order of the hops to
the target.
Then it use xprobe2 to test what type of ICMP messages are filtered by
the routers along the path.
Then based on results it decide if to continue to use Xprobe2 or shift
to use nmap   
   
...ecc...ecc...

and so on based on how is complex and the intelligent core of the
framework.

Do you think that could be usefull to have an nmap option to write the
results of probes in a formal language without any processing?
Simply use nmap or xprobe2 or other programs to generate packets,
collect the answers and write the snapshot of what have happend in a
formal language.  
What do you think?
If I have said stupid thinks, please do not kill me...:)

L.






---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org