Nmap Development mailing list archives

Re: Zenmap Compare really broken?

From: Fyodor <fyodor () insecure org>
Date: Sat, 31 May 2008 15:46:45 -0700

On Sat, May 31, 2008 at 03:44:08PM -0600, David Fifield wrote:

On Fri, May 30, 2008 at 08:58:30PM -0700, Fyodor wrote:

On Fri, May 30, 2008 at 05:11:05PM -0600, David Fifield wrote:


Agreed. Current Zenmap comparison is not helpful. Part of Jurand's
Summer of Code proposal has to do with this:


Great!


I would like to see diff output something like this:

10.0.0.1: changed from down to up.
10.0.0.1: port 22/tcp changed from unknown to open.
10.0.0.1: 1664 ports changed from unknown to filtered.
10.0.0.2: reverse DNS changed from "mail.site.whatever" to "www.site.whatever".
10.0.0.2: service on port 10250 changed from "Foobar 1.99" to "Foobar 2.00".
10.0.0.2: port 80/tcp changed from open to closed.
etc.


Looks good to me, though figuring out the best way to present it
certainly merits plenty of thought and brainstorming.

And for output like this, I believe it would be best to have an
independent program/script which compares two Nmap XML output files
and then produces output like this (and maybe in an XML format too).
After all, this diff functionality is useful for all Nmap users, not
just the Zenmap folks.  Though Zenmap could possibly improve the
output in some way since it has advantages of being able to change
colors, include icons, etc. if desired.

It would be nice to just be able to run ndiff /tmp/scan1.xml /tmp/scan2.xml

The hard part, I think, is designing the interface for specifying that
two scans are "the same scan," just displaced in time. It's easy enough
to just have the user manually select two scans to compare, but a higher
degree of sophistication would be better. For example, say you have a
scan you run every day. Zenmap should be able to give you a nice report
with output like I showed above for every day in a long sequence, like
this:


If the external ndiff application generates the report, someone can
write a 5-line cron script which runs Nmap every day and emails them
the results.  Or they can hook it into their processes in other ways.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: Zenmap Compare really broken? David Fifield (May 30)
- Re: Zenmap Compare really broken? Kris Katterjohn (May 30)
- Re: Zenmap Compare really broken? Fyodor (May 30)
  - Re: Zenmap Compare really broken? David Fifield (May 31)
    - Re: Zenmap Compare really broken? Fyodor (May 31)
    - Re: Zenmap Compare really broken? bensonk (May 31)
    - Re: Zenmap Compare really broken? Jabra (May 31)