Nmap Development mailing list archives
Re: Storing scan results
From: Adam Jones <ajones1 () gmail com>
Date: Mon, 20 Jun 2005 18:00:21 -0500
On 6/20/05, "Grodås, Ole Morten" <omgrodaas () fih mil no> wrote:
Hi, Adam I have to agree that adding db support to nmap will be a problem. After reading your mail I got another Idea that might work around the db problem. Having the GUI Frontend read xml output from nmap and saving it in a db is a good solution except when you want to run regular scans from cron.d. This problem can be solved by making a small nmap2db command line tool, using the same xml to db code that is used in the GUI Fronted You could then run nmap commands like this: nmap [scan options] target | nmap2db -localdb Or nmap [scan options] target | nmap2db -h [hostname] -u [username] -p [password] -d[database]
I think it would be following in the nmap "tradition" to provide a command line alternative to the GUI client for as many purposes as is reasonable. I like that idea, and would recommend that it be able to read xml files as well.
My opinion is that if you want the GUI to have advanced search, sort and compare functons the best solution will be to save results in a database
After a scan log has been loaded it would be able to provide the majority of those features without resorting to a database. For me program weight has always been one of the defining points separating nmap from the larger "vulnerability engines" like nessus. Introducing a database as a required component, even for an optional GUI client seems to go against the idea and implementation method. I agree that more can be done with a database than without, but a lot of people just want a clickety-click view of their scans without having to set up a database server to do it.
You talk about the problems with a static database structure. I my opinion this is not a big problem. Adding new metadata will of course be more problematic, but this is not something that happens very often in nmap. I have created suggestion on the database design, A MLU diagram can be found her: http://home.no.net/grodaas/nmap/pic/db.gif
Problems with adding new metadata were exactly my argument against a database implementation at all. I think your database tables are a good start for a standardized database, but people writing their own solutions will already have a database structure in mind, or possibly even designed. A scan analysis system with its own database structure sounds like a good project, but better tools can be made for those that already have something at least halfway written. -Adam _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Storing scan results Grodås, Ole Morten (Jun 15)
- <Possible follow-ups>
- SV: Storing scan results Grodås, Ole Morten (Jun 15)
- Re: Storing scan results Anthony Persaud (Jun 15)
- Re: Storing scan results Adam Jones (Jun 17)
- RE: Storing scan results Grodås, Ole Morten (Jun 20)
- Re: Storing scan results Adam Jones (Jun 20)