Nmap Development mailing list archives

Re: Nmap XML HowTo

From: MadHat Unspecific <madhat () unspecific com>
Date: Thu, 10 May 2007 11:51:24 -0500

Amit Kumar Saha wrote:

In my view, the Nmap XML file is more useful for applications in scan
results are required outside of native Nmap, which requires Nmap like
functionalities. For example , you can easily use Nmap to scan a large
network for live hosts (the services and all) and then after saving it
to a XML log, use that XML file in a Python or Ruby or even C#
applications. This is in addition to the inherent advantages of XML
such as "Easy Machine Readability" , Platform indepence which together
makes it a good candidate for using Nmap for a wide variety of
applications.


Depends on what you are trying to do.  grepable is much lighter in CPU 
usage when paring from my experience.  I have a set of scripts that I 
used to scan seveal hundred thousand hosts a day and generate a single 
diff based on the grepable output.  I didn't bother adding these to a 
database as it didn't suit my needs and increased the overhead, the same 
with XML.  I think XML is useful for some applications, but the amount 
of overhead added by having to parse the XML can be large depending on 
how large the scan range is and what verbosity you are using in nmap. 
There is also the fact that XML is less forgiving, I can concatenate 
multiple greppable outputs together and have no issues with parsing the 
output because I am dealing with one line at a time, while if I make a 
mistake with XML the parser can easily barf.  Don't get me wrong, I like 
the XML output and can see how it is very useful with inter-application 
interfaces and dealing with the data after the fact, but if I want to 
scan a class C for all the hosts that have port 22 open and only see the 
IP, it is much easier just use the grepable output and pipe it to 
sed/awk/perl whatever[1], while I can't do it in XML.  I can also pass 
things to other apps that are not specifically written to work with the 
nmap XML format using the grepable output.  See my paper on grepable 
output[2].  I give some good examples on how it is useful.  My favorite

Sorry, this was just meant to say that some of still use the grepable 
output and don't want to see it dropped.  Not trying to start an 
argument or a religious debate on the ins and out of output methods of nmap.


[1] $ nmap -p22 -PS22 -oG - 10.1.1.0/24 | awk '/open/{print $2}'
[2] http://www.unspecific.com/nmap-oG-output/


--
MadHat

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: Nmap XML HowTo, (continued)
- - - Re: Nmap XML HowTo Amit Kumar Saha (May 12)
    - Message not available
    - Message not available
    - Re: Nmap XML HowTo Amit Kumar Saha (May 12)
    - Re: Nmap XML HowTo offset (May 14)
    - Re: Nmap XML HowTo Adriano Monteiro (May 17)
    - Re: Nmap XML HowTo Guilherme Polo (May 22)
    - Message not available
    - Re: Nmap XML HowTo Amit Kumar Saha (May 13)
    - Re: Nmap XML HowTo Amit Kumar Saha (May 10)
    - Re: Nmap XML HowTo aihomes (May 10)
    - Re: Nmap XML HowTo MadHat Unspecific (May 10)
    - Re: Nmap XML HowTo Amit Kumar Saha (May 10)
    - Re: Nmap XML HowTo MadHat Unspecific (May 10)
    - Re: Nmap XML HowTo Fyodor (May 10)
    - Re: Nmap XML HowTo Adriano Monteiro (May 11)
  - Message not available
    - Re: Nmap XML HowTo Amit Kumar Saha (May 09)