Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RFC] Zenmap search interface overhaul

From: David Fifield <david () bamsoftware com>
Date: Tue, 27 May 2008 11:30:10 -0600
On Mon, May 26, 2008 at 07:11:13PM +0200, Vladimir Mitrovic wrote:

I've assembled all of our ideas into a blog post: 
http://zenmap-soc08.blogspot.com/2008/05/search-window-todo.html . Thanks 
everyone for your input. This is only the first iteration of the operator list, 
since I'm quite sure ideas will keep popping up as we go.


Here are a few more observations.

target: and hostname: should be synonyms, and they should both match the
hardware address, the IP address, the user-supplied name, or the rDNS
name. I want to avoid the situation where something fails to match
because the user is searching for the rDNS name when she thinks she's
searching for the user-supplied name.

Perhaps hostname: should be abbreviated to host:

I don't like the proposed syntax for searching for port states,
especially portstate:. One reason is that ports can be TCP or UDP, and
Nmap can scan IP protocols too (-sO). My proposed improvement is to use
the syntax used by the getpts function in nmap.cc, and to use the states
as the operators. If no type T:, U:, or P: type specifier is given, it
would match any of those.

open:22 or open:T:22
closed:auth
open|filtered:U:53

I don't know, this still needs some thought. Maybe it's still too
complicated, but most people I suspect would just use open: anyway.

I would like to again request that anyone who needs to search through
Nmap scans write back and say what their searches are like. We should
not engineer solutions to problems that don't exist.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: