Nmap Development mailing list archives
Re: How do YOU use Nmap XML?
From: "David G. Cheney" <dgc () rocketfiber com>
Date: Tue, 16 Nov 2004 21:09:40 -0800
I'm a big fan of regex. I've written more trivial perl one liners in pcre than I care to admit. Screen scraping and command chaining just seem so easy with a few good regular expressions.
Now, that being said, when it comes to representing data in a non-ambiguous manner, ensuring data constraints, and processing it consistantly in a platform independant way, XML and related parsing tools are one of the best ways to go. I believe that there are many data formats in the wild which are equivalent to XML, but few of them are standard and none of them have the level of adoption needed to ensure mature tools and universal utility.
I use a SAX parser in perl to parse the nmap xml in a streaming manner, then do a bit of processing before "normalizing" into a database. (I know, some people say they "normalize" from databases into XML, but database people I've talked to think it goes the other way around). This process can be very fast in part due to the uniform representation of the data. I also find it very pleasing to work with the XML::Simple interface in perl. The representation as a hash tree structure seems very natural to me, though I realize it is no as powerful as xpath.
with respect to the attributes vs. data argument, I personally prefer to think of attributes containing constrained values and element data containing non-constrained or unformatted data, so for instance I might prefer to see:
<service portid="22" protocol="ssh"> <product>OpenSSH</product> <version>3.8.1p1</version><extrainfo type="rest-of-banner">MyOwnLinuxDistro, Beware of inconsistancies!</extrainfo>
</service>But fortunately, because of the tools I'm using, I don't really have to worry about whether the data is an attribute or the content of an element. On another note, XML is eXtensible. This gives me a warm fuzzy feeling inside when I think that, in the future, if someone decides to add another attribute or element to the current nmap XML DTD, all of my scripts and modules will still work without modification, and it will be an incremental cost for me to account for anything new. I think anyone would be hard pressed to write a regular expression or awk/sed/grep script general enough to be able to make this statement about any of the other output formats.
In any case, I've been responding to a few threads of conversation which are beyond the scope of the topic at hand, but hopefully you will have gotten some idea of my rational in using XML in general.
Cheers, --dgc ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- How do YOU use Nmap XML? Fyodor (Nov 15)
- Re: How do YOU use Nmap XML? Paul Johnston (Nov 16)
- Re: How do YOU use Nmap XML? Okan Demirmen (Nov 16)
- Re: How do YOU use Nmap XML? Nils Magnus (Nov 16)
- RE: How do YOU use Nmap XML? Yvan G.J. Boily (Nov 16)
- Message not available
- Re: How do YOU use Nmap XML? Nils Magnus (Nov 16)
- XML is a beautiful thing [was: How do YOU use Nmap XML?] Brett Campbell (Nov 19)
- Re: How do YOU use Nmap XML? Nils Magnus (Nov 16)
- Re: How do YOU use Nmap XML? David G. Cheney (Nov 16)
- Re: How do YOU use Nmap XML? Joshua T. Corbin (Nov 17)
- <Possible follow-ups>
- RE: How do YOU use Nmap XML? Sean Warnock (Nov 16)