RE: PostgreSQL patch

["Max" <musitechman () earthlink net>]

Hi,

> Have you considered parsing Nmap XML output rather than hooking into a
> parallel set of Nmap output routines?  This has several advantages:
>
> Someday I would like to have a general Nmap DB output driver, so I
> could just run something like:


The external API you are asking about, Fyodor, is available via perl in my Nmap::Scanner 
classes ... at this point I parse "normal" output because, as of a beta release a 
few minor revisions ago, the XML output option does not provide information as the scan 
happens the way super-verbose mode does ... the "-v -v -v" output with -oN lets me 
create an event driven programming model that is nice if you want to capture events 
as they happen ... event listeners.

In any case, it would be easy to add DB independent capture of scans to Nmap::Scanner 
as it is in perl and the DBI/DBD modules for perl are tried and true ... making a 
general nmapdb tool without too much effort.  If people on this list are against 
perl ;), I have thought of porting my classes to Ruby and/or python ... if that 
would spur interest.  The latest version of Nmap::Scanner is available at 

http://webwizarddesign.com/nmap/

I could see changing the XML mode in nmap so that it does work in live mode ... 
if -v -v -v is selected, then output starts with

<?xml version="1.0" ?>

Then perhaps the live output is all captured in a set of <live> tags to separate it 
from the end output ...

<live>
  <host name="blah">
    <port state="open" number="80" service="http"/>
  </host>
  etc...
</live>

This way, until there is a shared object/DLL for nmap, programs can also get the 
live information which, as I have stated earlier, works nicely into an event-driven API.

If -v -v -v is not selected, then the output would be as it is today .. no output until
the end ... what do you think?  

> Nmap to finish running before processing any results.  Does anyone on
> the list know of a good way to handle this?  I am not any sort of XML
> expert.  Perhaps some parsers can deal with incremental XML?  Or
> perhaps Nmap should spit out a new complete XML document for each host
> and just concatenate them all together?

the SAX parser is event-driven .. you specify handlers for start of tags, end of tags, 
and content and then "listen" for just the tags you want .. so it works well with 
streams.  SAX is available for just about every programming language I can think of :).

I welcome feedback on my thoughts/ideas.

Max

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).