Nmap Development mailing list archives
Re: [RFC] Vulnerability library proposal
From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 8 Aug 2011 12:16:01 +0100
On Sun, Aug 07, 2011 at 06:59:06PM +0200, Henri Doreau wrote:
Hello, 2011/8/7 Rob Nicholls <robert () robnicholls co uk>:[...] This probably goes outside the scope, but what would the XML output look like? It'd be great if we could somehow use the internal tags to create XML tags to easily identify the state/risk factor/references etc. (to save us from having to parse all of the script output first).This is one of the long term goal, having vulnerabilities clearly identified within the XML output. So far we haven't discussed the format that this might have (or maybe do you Djalal have ideas about it?) but the plan was to make extensive use of stdnse.format_output() so that the vulns lib would benefit any improvement there.
After a quick look I think that we can save and register XML data in the ScriptResult class, file: nse_main.h Later we just add some functions to stdnse.lua file to push XML data into the current 'ScriptResults' object (associated with the script), and when Nmap will report the script output then we can write our XML data. (I'll repeat my self: I think that NSE output code needs to be cleaned first). And with this every NSE script or library can register XML data with the stdnse.lua or xml.lua functions. For vulns we can add a function to achieve this: vulns.save_xml_data() or whatever to do it automatically, of course we need to define and discuss the XML output format :) I'll try to define some samples later. Thanks. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] Vulnerability library proposal Djalal Harouni (Aug 06)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 07)
- Re: [RFC] Vulnerability library proposal Henri Doreau (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Daniel Miller (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Henri Doreau (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 07)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 09)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)