Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ndiff mark II

From: Dieter Van der Stock <dietervds () gmail com>
Date: Fri, 27 Mar 2009 00:41:06 +0100
Looks very useful, and indeed an improvement on the current (extremely
limited) output of Ndiff.
An XML output, much like Nmap's, would certainly be sweet to have and much
easier to manipulate (imo).

Cheers!

2009/3/26 David Fifield <david () bamsoftware com>


Hello,

I and others have found Ndiff's output format unsatisfactory. This is
what it looks like:

Thu Sep 11 11:39:32 2008 -> Tue Sep 16 13:59:22 2008
cuvtdnray-504.example.com (10.214.143.33):
       Host is up, was unknown.
       Add ipv4 address 10.214.143.33.
       Add hostname cuvtdnray-504.example.com.
       +3389/tcp open microsoft-rdp Microsoft Terminal Service
       999 tcp ports are filtered.
scnqxez-842.example.com (10.189.71.117):
       Remove hostname scnqxez-842.example.com.
10.226.19.80:
       -21/tcp filtered
       +21/tcp open ftp Netgear broadband router ftpd 1.0
       -23/tcp filtered
       +23/tcp open telnet Netgear broadband router admin telnetd
       -80/tcp filtered
       +80/tcp open http Embedded Allegro RomPager webserver 4.07 UPnP/1.0
(ZyXEL ZyWALL 2)
       -8701/tcp open unknown
       +8701/tcp filtered

In a new branch, svn://svn.insecure.org/nmap-exp/david/ndiff-mkii, I
have implemented output like the following:

-Nmap 4.75 at 2008-09-11 11:39
+Nmap 4.76 at 2008-09-16 13:59

-scnqxez-842.example.com (10.189.71.117):
+10.189.71.117:
 Host appears to be up.
 Not shown: 995 filtered ports
 PORT    STATE  SERVICE  VERSION
 20/tcp  closed ftp-data
 21/tcp  open   ftp      ProFTPD 1.3.1
 80/tcp  open   http     Apache httpd
 443/tcp open   http     Apache httpd
 873/tcp closed rsync

+cuvtdnray-504.example.com (10.214.143.33):
+Host appears to be up.
+Not shown: 999 filtered ports
+PORT     STATE SERVICE       VERSION
+3389/tcp open  microsoft-rdp Microsoft Terminal Service

 10.226.19.80:
 Host appears to be up.
-Not shown: 999 filtered ports
+Not shown: 997 filtered ports
 PORT     STATE    SERVICE VERSION
-21/tcp   filtered
+21/tcp   open     ftp     Netgear broadband router ftpd 1.0
-23/tcp   filtered
+23/tcp   open     telnet  Netgear broadband router admin telnetd
-80/tcp   filtered
+80/tcp   open     http    Embedded Allegro RomPager webserver 4.07
UPnP/1.0 (ZyXEL ZyWALL 2)
-8701/tcp open     unknown
+8701/tcp filtered

I think this new output is way better. I designed it to look like a
context diff and also to look like Nmap's normal output. WHat do you
think? Are there any changes you would make?

The branch doesn't support XML output becuase I think that should be
redesigned too. That means it won't work with Zenmap currently.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: