Nmap Development mailing list archives

Re: [RFC] Zenmap search interface overhaul

From: David Fifield <david () bamsoftware com>
Date: Tue, 27 May 2008 11:11:13 -0600

On Mon, May 26, 2008 at 07:11:13PM +0200, Vladimir Mitrovic wrote:

I've assembled all of our ideas into a blog post: 
http://zenmap-soc08.blogspot.com/2008/05/search-window-todo.html . Thanks 
everyone for your input. This is only the first iteration of the operator list, 
since I'm quite sure ideas will keep popping up as we go.

date: (d:) - Date when scan was performed. Apart from the standard
"date:MM-DD-YYYY" format, it will be possible to match scans that were
run "n days ago" with "date:-n", and scans "within the previous n days"
with "date:+n".


MM-DD-YYYY could be confusing because I believe a lot of places use
DD-MM-YYYY. YYYY-MM-DD would be better, because that's like ISO 8601,
plus it's what Nmap prints out when it starts:

Starting Nmap 4.62 ( http://nmap.org ) at 2008-05-27 11:00 MDT

Instead of "date:+n", how about "before:" and "after:" (maybe "since:").
In my use case, where I want to see all scans that happened in the last
week, it's better to say "after:-7" than "date:+7". This also provides a
reasonable way to restrict the search to a date range.

For the date, I would like I way to make the matching fuzzy, because I
hate getting off-by-one errors when I use dates in Subversion for
example. (Does "date:1999-12-25" mean the 24 hours after 00:00 on
December 25, or from 12:00 on the 24th until 12:00 on the 25th, or
what?) What do you think about

date:~YYYY-MM-DD

to mean plus or minus one day (so from 00:00 on December 24 until 00:00
on December 27, a span of three days total), and

date:~~YYYY-MM-DD

to mean plus or minus three days (a range of seven days total).

The same thing could work for before: and after:, except they would only
subtract and add days, respectively. I think I would almost always use
the ~ option.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 22)
- Message not available
  - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 22)
- Re: [RFC] Zenmap search interface overhaul Kris Katterjohn (May 22)
  - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 23)
- Re: [RFC] Zenmap search interface overhaul jah (May 23)
  - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 23)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 23)
  - Re: [RFC] Zenmap search interface overhaul eldraco (May 23)
    - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 24)
    - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 26)
    - Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
    - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
    - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
    - Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
    - Re: [RFC] Zenmap search interface overhaul Fyodor (May 27)
    - Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
    - Re: [RFC] Zenmap search interface overhaul Fyodor (May 28)
    - Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
    - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
    - Re: [RFC] Zenmap search interface overhaul Fyodor (May 27)
    - Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 28)

(Thread continues...)