Nmap Development mailing list archives
Re: [RFC] Zenmap search interface overhaul
From: David Fifield <david () bamsoftware com>
Date: Fri, 30 May 2008 17:55:31 -0600
On Tue, May 27, 2008 at 06:56:12PM -0700, Fyodor wrote:
On Fri, May 23, 2008 at 04:33:50PM -0600, David Fifield wrote:On Fri, May 23, 2008 at 03:09:07AM +0200, Vladimir Mitrovic wrote: What search needs do you have? Do you currently use custom scripts to search through your saved Nmap scans, or does nobody really need to do that? If people only need to do simple searches, then the search function should be simple too. Or maybe you could do more if only you had a more powerful search tool.Also, I might have an ssh brute force tool and so I want to limit the results to just the machines with tcp port 22 open (or open|filtered, I suppose, though that's mostly useful for UDP) or a service discovered on any port with the service name ssh.
I don't think this is something Vladimir or I had considered (I know I hadn't). I was thinking only of this situation:
There is also the issue of "searching for a historical scan to open". That isn't something I do as frequently.
That is, I was thinking of this as duplicating the functionality of the current Zenmap search window with a much improved user interface. I can see the value of filtering the results of a single scan. (Or when Zenmaps gains the ability to aggregate several scans in one display, it could filter those too.) Vladimir didn't really sign on for this, so I'd like to get his opinion on if this is too much for this stage of the summer. Perhaps the two search/filtering functions could use the same underlying mechanism. For example, running a query against a scan could return a "results set" of hosts that match the query. (Do we need results other than a list of hosts?) In the historical searching scenario, the search engine would run a query against all the hosts it finds and return the ones with a non-empty results set. Of course in this case it could be configured to short-circuit and return a scan when the first result is found. At any rate it seems to be desirable to implement the "historical scan" search in a way that would help with a filtering feature. Zenmap already has a primitive version of this filtering ability, the ability to select only hosts with a certain port open: http://nmap.org/book/zenmap-results.html#zenmap-sort-service This corresponds to a search string of "portstate:open,open|filtered|filtered", plus "port:" and a given port. Naturally once this feature was available we would use it to implement this and richer filters. David _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] Zenmap search interface overhaul, (continued)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
- Re: [RFC] Zenmap search interface overhaul Fyodor (May 27)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
- Re: [RFC] Zenmap search interface overhaul Fyodor (May 28)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 27)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 27)
- Re: [RFC] Zenmap search interface overhaul Fyodor (May 27)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 28)
- Re: [RFC] Zenmap search interface overhaul David Fifield (May 30)
- Re: [RFC] Zenmap search interface overhaul Vladimir Mitrovic (May 31)