Re: Ncrack: -iX, -iN input from Nmap

[David Fifield <david () bamsoftware com>]

On Wed, Aug 26, 2009 at 11:37:16PM +0300, ithilgore wrote:
> David Fifield wrote:
> > Opening an XML file in Zenmap and saving it again changes the file
> > format enough that it's not recognized.
> >
> > $ ncrack -iX zenmap.xml -v -v localhost
> > -iX file doesn't seem to be in Nmap's XML output format option -oX <filename>!
>
> I corrected that issue too, but there is another more serious problem.
> Zenmap's XML file doesn't use newlines between certain tag sections,
> something which Nmap does and Ncrack's XML parser uses in order to
> function. Is there any reason for this inconsistency between Zenmap
> and Nmap? I would suggest that Zenmap's XML file has the same format
> as Nmap with the newlines in place.

It's just what is produced naturally from Python's
xml.sax.saxutils.XMLGenerator. I think it's ugly with no newlines so
maybe we should find another way to write it with newlines and
indentation. But it's XML in any case, so it shouldn't matter to XML
processors.

Maybe it's time to do another search for a suitable XML parser? There
are a lot of other things that don't change the meaning of the XML but
would confuse a pattern-matching parser, such as character encoding and
entity expansion. That said, I'm willing to change the way Zenmap writes
XML if someone has a better way, because Nmap and Zenmap are going to be
by far the biggest sources of input to Ncrack. In other words, an
incomplete working solution soon is better than a perfect solution
farther in the future.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org