Nmap Development mailing list archives
Re: small XML output inconsistency and a fix
From: David Fifield <david () bamsoftware com>
Date: Mon, 4 Aug 2008 11:51:47 -0600
On Sat, Aug 02, 2008 at 03:42:45PM -0400, Michael Pattrick wrote:
Hey everyone, I just noticed this small oddity, when I run a command with custom scan flags such as: nmap --scanflags URGACK -p80 -oX test.xml 10.0.0.1 The XML file reports: <scaninfo type="syn" protocol="tcp" numservices="1" services="80" /> URGACK is just an example, no matter what you use, by default it will always report as syn. I wrote a patch to fix this(attached) but it adds another attribute to the scaninfo element so I thought I owuld announce it here before committing. This patch will change the XML output to the following: <scaninfo type="syn" scanflags="ACKURG" protocol="tcp" numservices="1" services="80" />
I think it's a good idea to include the scanflags in the XML output. Kris is right that scanflags only applies to TCP scans so the scanflags should be included only when protocol="tcp". What about instead of scanflags="NONE" and scanflags="ALL", using scanflags="" and scanflags="FINSYNRSTPSHACKURGECECWR"? Would that make it easier on writers of parsers? I know Nmap takes "NONE" and "ALL" as a convenience but I don't think there's a reason to abbreviate the XML output. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- small XML output inconsistency and a fix Michael Pattrick (Aug 02)
- Re: small XML output inconsistency and a fix Kris Katterjohn (Aug 03)
- Re: small XML output inconsistency and a fix David Fifield (Aug 04)
- Re: small XML output inconsistency and a fix Michael Pattrick (Aug 04)