Re: NMAP XML output too verbose

[Fyodor <fyodor () insecure org>]

On Mon, Mar 08, 2010 at 03:28:24PM -0800, Kevin Friedheim wrote:
> I see this about a hundred times. I don't want to though. Is there a
> command line option that I can use to not have this show up? As I
> understand it, prior to version 5.20 of nmap, I would have to type -v
> (up the verbosity) in order to see, but now its there by default.

Hi Kevin.  I talked this over with David Fifield today and we have a
solution proposal which I hope will benefit you and other Nmap users.
Note that this proposal also significantly changes the --open
command-line argument:

The first part of our plan is to only show down hosts in the XML in
verbose mode (as you suggested).  Nmap already works this way for its
normal/interactive output.  The idea had been that humans don't
normally read the XML and so we can stuff more information there, but
this particular case (down hosts) can become excessive.  If someone
needs the down host information (for the DNS information it provides,
or to help distinguish between hosts which are down and those which
are not scanned), they can specify -v.  This should resolve your
issue.

The second part of our plan is a modification to --open.  Right now it
only shows open ports in the port table, but it still shows hosts
which might not have any ports open.  So you end up with entries like:

Nmap scan report for softbank220006197211.bbtec.net (220.6.197.211)
Host is up (0.15s latency).
The 1 scanned port on softbank220006197211.bbtec.net (220.6.197.211) is filtered

Our idea is to change --open so that in normal/interactive output, it
ONLY shows hosts with at least one port open.  And then of course it
doesn't show the closed/filtered ports.  I suppose it would still
display NSE results (for open ports and host scripts), traceroute, and
OS detection information.  After all, people who don't want to see
those should make their scans faster by not requesting them in the
first place.

This leads to the question of what we should do with XML output when
--open is used.  One option is to match the normal output and only
show entries for hosts which have at least one open port.  Another
option is to be more comprehensive on the grounds that users still
might want the full host data available in the XML (in case they want
to look up something later) even though they only want to see the open
ports in normal output.  I think I favor matching the XML output to
the normal output in this case (only including the hosts with open
ports).

Since these are material changes to Nmap, we're throwing these
proposals out for comment.  Please post to the list any comments you
might have.  It is particularly important to comment if you DISLIKE
any of these changes, as we don't want to be changing back and forth.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/