Re: Ncrack: -iX, -iN input from Nmap

[Fyodor <fyodor () insecure org>]

On Wed, Aug 26, 2009 at 03:04:38PM -0600, David Fifield wrote:
> On Wed, Aug 26, 2009 at 11:37:16PM +0300, ithilgore wrote:
> > David Fifield wrote:
>
> Maybe it's time to do another search for a suitable XML parser?

Especially as this is a very different case, since Ncrack is not
packaged with Nmap.  Regarding XML parsers:

libxml -> perfectly fine license (MIT) and functionality, but it is a
bit big.  libxml2-2.7.3.tar.gz is nearly 4 MB when bzip2 compressed
and 35 (!!)  for the uncompressed tarball.  It might be that much of
it could be stripped down for distribution with Ncrack.

Since Ncrack's needs are very simple, maybe there is a smaller XML
library (or just code) available under a reasonable license.

> There are a lot of other things that don't change the meaning of the XML but
> would confuse a pattern-matching parser, such as character encoding and
> entity expansion. 

Yeah, pure patter matching seems insufficient.  Though given what
little information Ncrack needs, it might be that manually parsing the
file rather than using an XML parser is the way to go.  Especially if
no reasonably compact XML parser library can be found.  It should not
rely on newlines being in any particular place though, as ignoring
such whitespace is a pretty fundamental aspect of XML.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org