Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

XML schema

From: "Stou Sandalski" <tangui () cell2000 net>
Date: Mon, 14 Aug 2000 20:36:59 -0700
Hi, I was looking at the XML output Fydor posted in the regular nmap list,
generated by some patches phreed made... and I was thinking... instead of
having so many tags, especialy the <ports> tag, I feel it would be much
better if there was a <host> tag, that included info about the host in the
form of attributes (like IP, Os, etc.) and then have a bunch of <port> or
<service> tags that have information about the perticular port, in the form
of attributes. It might be necessary to put OS tags because there's more
then one OS with most scans, and maybe a service tag in te port tag to give
more info about the serive that could be done with xslt.  Like that it will
be more structured I think.  It will look something like:

<?xml version="1.0" ?>
<!--  Nmap (V. nmap) scan initiated 2.53 as: ./nmap -O -oX junk.xml
10.0.0.5-10 -->
<nmap version="2.53">
<host ipadd="127.0.0.1", os="Windows NT4 / Win95 / Win98", seq-index="11">

</port id="1433", state="open", proto="tcp", service="ms-sql-s">
<!-- Other ports here -->

</host>
<!-- Other hosts here -->

<!-- A statistic tag? -->

</nmap>


I was also thinking that it would be nice if nmap could say... this is a
Windows platform, running 98, or Me or this is a Linux, kernel 2.2.10. (ie
separate the platform from the version) and have for example each platform
or version have its own ID that can be maintained as a list with the source.
So for client programs that are layerd on top of nmap it will be easier to
recognize the Os without doing string comparing and guessing, that way one
can for example hook the client program up to a database of exploits and
have it work something like NAI's Cybercop.

I don't know this is pretty basic for now and I haven't thought it through,
but I am sure a lot of things can be made with attributes without using tags
and such, IMHO it would make the output cleaner and smaller.

what do you guys think?


Stou


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: