Nmap Development mailing list archives

Re: small XML output inconsistency and a fix

From: Kris Katterjohn <katterjohn () gmail com>
Date: Sun, 03 Aug 2008 03:11:07 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Pattrick wrote:

Hey everyone,

I just noticed this small oddity, when I run a command with custom
scan flags such as:
nmap --scanflags URGACK -p80 -oX test.xml 10.0.0.1

The XML file reports:
<scaninfo type="syn" protocol="tcp" numservices="1" services="80" />

URGACK is just an example, no matter what you use, by default it will
always report as syn.

I wrote a patch to fix this(attached) but it adds another attribute to
the scaninfo element so I thought I owuld announce it here before
committing. This patch will change the XML output to the following:
<scaninfo type="syn" scanflags="ACKURG" protocol="tcp" numservices="1"
services="80" />

I didn't want to change the 'type' attribute because the user can
still specify nmap options like "-sA --scanflags RSTPSH" which would
output like:
<scaninfo type="ack" scanflags="RSTPSH" protocol="tcp" numservices="1"
services="80" />

Any comments on this new attribute welcome.


I rather like this idea.

However, glancing at the patch, it looks like the scan flags will be printed
for every scan type.  So a scan using -sSU --scanflags=SYNACK will have a
scanflags attribute under the <scaninfo> for TCP and UDP.  I haven't tested
this, so forgive me if I'm mistaken.

Cheers,
Michael


Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSJVoGf9K37xXYl36AQLTIw//fY/v7YRM2of4r0JXGhj+sa948Ggmsb/1
7ya+AzEOLfFvLaJIEjfmpJNE7heinzC/2X/E4Xt9m3ucb+Pp6vPM//xgqLexKqkZ
54FrppPY8kQQRGVTDD0Kots1lIpkhDTP5KZJ0Skx4bTWnwQYHe6mZrvrjkaJtGm2
C9mPBDv2+jHI/Fe4WBGYjQ2oo2Odyuzleq67rvVTn6RNanJ57p1JuMvmQSCxLPIf
EO+ypVjh9fJNJ3R8pwp4lGPlnd7AI67bbjLLn9ZqMu9sYe850fpHZ4qi/52P5JaB
vf8lOWvFqVXIwj6h2Ineq1Tsqtx1d7d8tZ0E16SjTpyVLiWoJ0HepMPonGuFhA2+
1O26VtQ+Kk+ZJDu1fs5r5T4m7mgtyD/BuE3Gc6+1pE9Yxb2zaZUz4c7bFwGRI0ng
O+9WZWvXtREDmTIaCxgT0HVyXiS5MeC07TkuH6V0CRnnkzHFRX95YwgbgkCy7EPN
WDZ2RKnCDDFrQPq7m7ycyxya1HoKeC0k7vc/LxkcdiUJfscSGwttEzAhR7rJ0KGW
SuUNO+LurZ0x2B63rhBHJzxOJfFlu33IE/WnGVwE7idvVzMQDVLeUQuH4O7ruMO8
G9N15DHZOGVvmggHSUOQsK2Fjqu4/7e2F9Q/oNn7JFifc//EdfPoxcimfNo9ghHD
ITTsUQ0Yhz8=
=89mQ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

small XML output inconsistency and a fix Michael Pattrick (Aug 02)
- Re: small XML output inconsistency and a fix Kris Katterjohn (Aug 03)
- Re: small XML output inconsistency and a fix David Fifield (Aug 04)
  - Re: small XML output inconsistency and a fix Michael Pattrick (Aug 04)