XML XLS transform changes - summary of changes from 2b to 2c - committed today

[Tom Sellers <nmap () fadedcode net>]

I have just committed the updates to the nmap XML output XSL transform.  
This list
below is a summary of changes from when the update began on 11/11.  A 
few of these
changes were committed 11/14, but most have only been submitted to the 
list.

I have attached a copy of the XSL and an example document (renamed from 
.htm to .txt).

Please let me know if you find any problems or have any recommendations.

Thanks much,

Tom


General:
- Added support for Pre and Post scan NSE output.  Index links at top 
only appear if
  the sections exist.

- Host that are offline are now in a collapsible div element and 
collapsed by default.

- Added HTML Doctype of HTML 4.01 Strict, tidies up parsing

- The display for closed and filtered ports has been changed. By default 
the information
  for closed and filtered ports is filtered from the tables if 
JavaScript is enabled.
  The column header now has clickable links that will display each.  
The links indicate file:///J:/xmltest/nmap.xsl
  the counts of each type (closed vs filtered) in the current table so 
that the user
  can see at a glance if there is anything hidden. When printing the 
document the
  printout will reflect the current status (hidden vs unhidden) of the 
ports.  The
  clickable links themselves are also not output when printing.

- There is also a floating box in the lower right hand corner of the 
display that contains
  links that will toggle showing and hiding of ports in these states 
for the entire
  document.  This floating box contains a link to the top of the 
document as well.

- Traceroute - rearranged output, now uses a collapsible div element 
that is collapsed
  by default.

- Host / Ping results section has been moved to a collapsible div 
element named Misc
  Results.  This element is collapsed by default.

- Remote OS Detection OS match wording is now more like Nmap normal 
output -
  OS type (accuracy) instead of separate lines for os match and accuracy

- Changed how host index HTML anchors are created in order to deal with 
a warning about
  the name attribute being deprecated

- Fixed a bug in the port script output that caused it to only span 5 
columns instead of
  6. Tested this with various levels of debug, verbosity, etc to make 
sure that the
  number of columns does not change.

- Changed nmap_xsl_version variable from 9b to 9c, Changed the last 
updated date in the
  header to be today's date (2010.12.28)

- Added Nmap version number to Scan summary section

- Wording of verbosity/debug levels changed/simplified.

- HTML title and  first header wording changed.

- Added MAC vendor to host address section

- Changed host index to the format of hostname (IP) where preference is 
given to the
  user supplied hostname.


General Style Changes:
- Changed color of script output cells in port table as well as 
hostscript and prescan
  result tables slightly to make visual parsing easier
- First header (Nmap Scan Report..) color changed to use Nmap purple
- Closed and Filters ports - background color is now grey
- Down hosts are now denoted with a grey background in both the host 
index (top) and
  body of results


OS Fingerprint:

- Fingerprint block now uses a collapsible div element.  The block is 
collapsed by
  default if the OS fingerprint is only present due to increased 
verbosity or debugging.
- Removed referenced fingerprint data ( reference fingerprint line 
number: 1000 )
- Reworded some sections of text for flow and readability.


Removed elements:
- Scan info Section - code was in place but has not been visible for 
some time. After
  testing a few arrangements it was decided to just remove the data and 
code altogether.

- Runstats section, replaced by standard nmap completion string in the 
Scan Summary section


Open items:
1.  Device types - currently have issues with output data consistency 
and formatting when
    pulling a distinct list.

2.  What criteria / counts should be used in situations described below? 
For example,
    how many fingerprints are too many? How do we know if the 
fingerprint is high enough
    quality to submit given that it may just be present due to the use 
of -v or -d?

>  o It would be great to describe the OS detection results better.
>    For example, if there are no exact matches, normal Nmap says "No
>    exact OS matches for host ", followed up with "(test conditions
>    non-ideal)" if that is the case.  I think we should give a warning
>    like this.  Also, in the case that there are too many matches,
>    normal Nmap says "Too many fingerprints match this host to give
>    specific OS details"

>  o If there are no exact matches, and Nmap feels that the quality is
>    high enough for a submission, it would be great if the OS
>    detection section would encourage the user to submit, just like
>    normal Nmap does.

3.  Does the OS fingerprint need to be printed (to paper/PDF) at all? 
The only scenario
    that I could think of where this would be useful would be if the 
file was 'printed'
    to digital media such as PDF.

4.  Does the table of ports need to be changed so that closed and and 
filtered ports
    are always printed (to paper/PDF) as opposed to printing in the 
format that is
    currently displayed?  My concern here is processes that 
automatically convert
    documents, for example to PDF format.

Attachment: test.txt
Description:

Attachment: nmap.xsl
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/