Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NMAP XML output too verbose

From: Duarte Silva <duartejcsilva () gmail com>
Date: Wed, 10 Mar 2010 00:22:12 +0000
Knowing that I'm fairly new in the area of contributing to nmap, but
here it goes :)

The question of the XML showing off-line hosts can be solved with a
different XSL that only shows hosts that are up. (I have been
tinkering about a new and a little more interactive XSL file that
could transform the XML to something more pleasant to use, mashing it
up with JavaScript maybe?? Kind of thinking out loud now).

The problem of XML having hosts that don't have open ports, is a bit
different. It could also be done with a different XSL style sheet, but
it's better to have an standardised output independent of what
format/method the user chooses. So, I vote for matching the XML output
to the normal output.

On Wed, Mar 10, 2010 at 12:01 AM, Ron <ron () skullsecurity net> wrote:

On Tue, 9 Mar 2010 15:28:23 -0800 Fyodor <fyodor () insecure org> wrote:

Hi Kevin.  I talked this over with David Fifield today and we have a
solution proposal which I hope will benefit you and other Nmap users.
Note that this proposal also significantly changes the --open
command-line argument:

The first part of our plan is to only show down hosts in the XML in
verbose mode (as you suggested).  Nmap already works this way for its
normal/interactive output.  The idea had been that humans don't
normally read the XML and so we can stuff more information there, but
this particular case (down hosts) can become excessive.  If someone
needs the down host information (for the DNS information it provides,
or to help distinguish between hosts which are down and those which
are not scanned), they can specify -v.  This should resolve your
issue.

The second part of our plan is a modification to --open.  Right now it
only shows open ports in the port table, but it still shows hosts
which might not have any ports open.  So you end up with entries like:

Nmap scan report for softbank220006197211.bbtec.net (220.6.197.211)
Host is up (0.15s latency).
The 1 scanned port on softbank220006197211.bbtec.net (220.6.197.211)
is filtered

Our idea is to change --open so that in normal/interactive output, it
ONLY shows hosts with at least one port open.  And then of course it
doesn't show the closed/filtered ports.  I suppose it would still
display NSE results (for open ports and host scripts), traceroute, and
OS detection information.  After all, people who don't want to see
those should make their scans faster by not requesting them in the
first place.

This leads to the question of what we should do with XML output when
--open is used.  One option is to match the normal output and only
show entries for hosts which have at least one open port.  Another
option is to be more comprehensive on the grounds that users still
might want the full host data available in the XML (in case they want
to look up something later) even though they only want to see the open
ports in normal output.  I think I favor matching the XML output to
the normal output in this case (only including the hosts with open
ports).

Since these are material changes to Nmap, we're throwing these
proposals out for comment.  Please post to the list any comments you
might have.  It is particularly important to comment if you DISLIKE
any of these changes, as we don't want to be changing back and forth.

Cheers,
Fyodor


One of the most common questions we see in #nmap on Freenode is, "how an I find every host with port xx open?" -- I 
think your proposed modification to --open will make that a far easier question to answer. Sounds good to me!

--
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: