RE: Nmap 4.23RC3 & SSL Tunnels

["Thomas Buchanan" <TBuchanan () thecompassgrp net>]

> -----Original Message-----
> From: nmap-dev-bounces () insecure org 
> [mailto:nmap-dev-bounces () insecure org] On Behalf Of Lionel Cons
> Sent: Friday, December 07, 2007 4:46 AM
> To: Kris Katterjohn
> Cc: nmap-dev () insecure org; Fyodor; Thomas Buchanan
> Subject: Re: Nmap 4.23RC3 & SSL Tunnels
>
> Kris Katterjohn writes:
>  > What about something general like this:
>  > 
>  > <linkedwith>
>  > <library name="openssl" version="[version]" />
>  > <library name="libpcap" version="[version]" />
>  > <library name="libpcre" version="[version]" />
>  > <!-- etc -->
>  > </linkedwith>
>
> Fine by me.
>
> Lionel

How does the attached patch (against SVN r6441) look?  It prints the
library versions for libpcap, libpcre, liblua (if included) and openssl
(if included).

Some questions that I had:

1.  Where should the output go in the XML file?  I put it right after
the verbosity / debugging information.

2.  What level of verbosity / debugging should be required to include
this information?  The patch reflects my opinion that it should be
included at debugging >=1.

3.  I make no guarantees that the patch to nmap.dtd is even remotely
correct.  I don't use the XML output on a regular basis, so that effort
was just best-guess.

4.  Should any other library versions be reported?  I thought maybe
libdnet, but I couldn't see a very clean way to do that.  The library
version is defined in (autogenerated) config.h and Makefile, and to be
honest, I didn't feel like messing with it.

I have tested the attached patch on Windows and Linux, and it seems to
work for me.

Thomas

Attachment: nmap-library-versions.patch
Description: nmap-library-versions.patch

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org