Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Ndiff mark II

From: David Fifield <david () bamsoftware com>
Date: Thu, 26 Mar 2009 13:51:11 -0600
Hello,

I and others have found Ndiff's output format unsatisfactory. This is
what it looks like:

Thu Sep 11 11:39:32 2008 -> Tue Sep 16 13:59:22 2008
cuvtdnray-504.example.com (10.214.143.33):
        Host is up, was unknown.
        Add ipv4 address 10.214.143.33.
        Add hostname cuvtdnray-504.example.com.
        +3389/tcp open microsoft-rdp Microsoft Terminal Service
        999 tcp ports are filtered.
scnqxez-842.example.com (10.189.71.117):
        Remove hostname scnqxez-842.example.com.
10.226.19.80:
        -21/tcp filtered  
        +21/tcp open ftp Netgear broadband router ftpd 1.0
        -23/tcp filtered  
        +23/tcp open telnet Netgear broadband router admin telnetd
        -80/tcp filtered  
        +80/tcp open http Embedded Allegro RomPager webserver 4.07 UPnP/1.0 (ZyXEL ZyWALL 2)
        -8701/tcp open unknown 
        +8701/tcp filtered  

In a new branch, svn://svn.insecure.org/nmap-exp/david/ndiff-mkii, I
have implemented output like the following:

-Nmap 4.75 at 2008-09-11 11:39
+Nmap 4.76 at 2008-09-16 13:59

-scnqxez-842.example.com (10.189.71.117):
+10.189.71.117:
 Host appears to be up.
 Not shown: 995 filtered ports
 PORT    STATE  SERVICE  VERSION
 20/tcp  closed ftp-data
 21/tcp  open   ftp      ProFTPD 1.3.1
 80/tcp  open   http     Apache httpd
 443/tcp open   http     Apache httpd
 873/tcp closed rsync

+cuvtdnray-504.example.com (10.214.143.33):
+Host appears to be up.
+Not shown: 999 filtered ports
+PORT     STATE SERVICE       VERSION
+3389/tcp open  microsoft-rdp Microsoft Terminal Service

 10.226.19.80:
 Host appears to be up.
-Not shown: 999 filtered ports
+Not shown: 997 filtered ports
 PORT     STATE    SERVICE VERSION
-21/tcp   filtered
+21/tcp   open     ftp     Netgear broadband router ftpd 1.0
-23/tcp   filtered
+23/tcp   open     telnet  Netgear broadband router admin telnetd
-80/tcp   filtered
+80/tcp   open     http    Embedded Allegro RomPager webserver 4.07 UPnP/1.0 (ZyXEL ZyWALL 2)
-8701/tcp open     unknown
+8701/tcp filtered

I think this new output is way better. I designed it to look like a
context diff and also to look like Nmap's normal output. WHat do you
think? Are there any changes you would make?

The branch doesn't support XML output becuase I think that should be
redesigned too. That means it won't work with Zenmap currently.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: