Nmap Development mailing list archives
Re: [RFC] Zenmap search interface overhaul
From: Fyodor <fyodor () insecure org>
Date: Tue, 27 May 2008 18:56:12 -0700
On Fri, May 23, 2008 at 04:33:50PM -0600, David Fifield wrote:
On Fri, May 23, 2008 at 03:09:07AM +0200, Vladimir Mitrovic wrote: What search needs do you have? Do you currently use custom scripts to search through your saved Nmap scans, or does nobody really need to do that? If people only need to do simple searches, then the search function should be simple too. Or maybe you could do more if only you had a more powerful search tool.
I like the idea of free text as a filter. Once I scan a huge network (or open a scan file), I'd like to be able to search for strings like bind or apache and have that filter the results to only those which match the string. I'd probably normally use the bareword match Vladimir mentioned, since most of my queries will not have any/many false positives. Maybe there will happen to be a machine named apache.example.com, but that is OK because my main goal is to filter down the results so I can review them by hand more easily. Right now I just do that by opening the Nmap output in a text editor such as emacs and then searching for the relevant strings. The reason for searching for a certain string might be that I'm doing a pen-test and I have a zero day exploit for (software) and so I'm searching to see if it exists on the network I scanned. This is also useful for someone who runs a large network. If he gets an advisory about a major bug in openssh or whatever, he can then search his latest daily scan log for openssh very quickly so he knows what to patch. Also, I might have an ssh brute force tool and so I want to limit the results to just the machines with tcp port 22 open (or open|filtered, I suppose, though that's mostly useful for UDP) or a service discovered on any port with the service name ssh. There is also the issue of "searching for a historical scan to open". That isn't something I do as frequently. The date options you've mentioned would clearly be useful there. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] Zenmap search interface overhaul, (continued)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
- Re: [RFC] Zenmap search interface overhaul Fyodor (May 27)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
- Re: [RFC] Zenmap search interface overhaul Fyodor (May 28)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
- Re: [RFC] Zenmap search interface overhaul Fyodor (May 27)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 28)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 30)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 31)