Nmap Development mailing list archives

Re: The (eventual) unification of Nmap and Zenmap XML output

From: Fyodor <fyodor () insecure org>
Date: Tue, 22 Jul 2008 23:22:25 -0700

On Thu, Jul 17, 2008 at 05:15:42PM -0600, David Fifield wrote:

I want to make the two formats the same, so that there is no difference
between the XML produced by Nmap and the XML produced by Zenmap. The
existing Nmap XML processors should be able to work on both. Toward that
end, I wrote this detailed comparison of the two formats:

http://www.bamsoftware.com/wiki/Nmap/ComparingNmapAndZenmapXML

It has a side-by-side annotated comparison of the two formats, followed
by analysis and recommendations for unifying them. Please give it a read
if you're interested, especially the recommendations at the end, because
that's what I'm least sure about.


David, that is an excellent writeup and I think your recommendations
are spot on.  I'll add this to the Nmap TODO.  One aspect you didn't
mention (maybe because it is trivial) is that the merged format should
probably use a consistent file format.  Nmap already uses .xml for the
XML format when you use -oA.  That would be a good choice (and is
better than .usr IMHO).

There is also the issue of whether we will ever want Nmap itself to
include its interactive output in the XML.  If that is desireable,
we'd probably need to spread the <output> elements throughout the file
(e.g. in each host element).  And clients such as Zenmap would just
need to concatenate them all.  After all, Nmap can't insert the output
for its whole run at the beginning of the file unless it waits for the
whole scan to complete before writing the output.  And that sounds
undesireable.

The disadvantage to having Nmap store normal output in the XML file is
that it would bloat the output file size.  Here are some log file
sizes from a recent run:

-rw-r--r-- 1 root root  602720 Jul  4 13:58 initialrecon-190114-070308.gnmap
-rw-r--r-- 1 root root 2071221 Jul  4 13:58 initialrecon-190114-070308.nmap
-rw-r--r-- 1 root root 9346162 Jul  4 13:58 initialrecon-190114-070308.xml

So including normal output in the XML data might increase the file
sizes by 25% or so.

An advantage to storing this data is that tools such as Zenmap can
display it even if they didn't execute the scan and thus store the
data themselves.  And it would mean that as long as we save the xml
format version of our scans, we can always produce the normal style
output with a trivial Perl script or the like.

A disadvantage is that we'd have to implement the feature.  Or I
suppose we could just ensure the format supports that in case we
implement it later.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

The (eventual) unification of Nmap and Zenmap XML output David Fifield (Jul 17)
- Re: The (eventual) unification of Nmap and Zenmap XML output Arturo 'Buanzo' Busleiman (Jul 17)
- Re: The (eventual) unification of Nmap and Zenmap XML output Fyodor (Jul 22)
- The unification of Nmap and Zenmap XML output David Fifield (Sep 19)