Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NMAP XML Output

From: Fyodor <fyodor () insecure org>
Date: Wed, 26 May 2010 19:51:19 -0700
[Oops, I wrote this reply without realizing that the original message
 was sent to security-basics@securityfocus.  I'm sending my reply to
 nmap-dev instead.  The original mail is at
 http://seclists.org/basics/2010/May/54 ]

On Thu, May 20, 2010 at 05:38:34AM -0700, Matthew Bryan wrote:


When viewing the XML file output of NMAP, the stylesheet seems to cause
some information within the output to not display properly. For example,
this is part of the display after running my scan:

Nmap scan report for 10.174.10.2
Host is up (0.19s latency).
PORT    STATE  SERVICE VERSION
161/tcp closed snmp
161/udp open   snmp    SNMPv1 server (public)
| snmp-sysdescr: Cisco IOS Software, Catalyst 4500 L3 Switch Software
(cat4500e-ENTSERVICESK9-M), Version 12.2(53)SG, RELEASE SOFTWARE (fc3)
| Technical Support: http://www.cisco.com/techsupport
| Copyright (c) 1986-2009 by Cisco Systems, Inc.
| Compiled Thu 16-Jul-09 22:44 
|_  System uptime: 204 days, 0:47:36.55 (1762845655 timeticks)

However, when viewing the XML file through Word, IE or any other
application that utilitizes nmap.xsl, all of the information on lines
that start with the pipe are not displayed. It defeats the purpose of me
running the scan with the SNMP info if it will not show up in the
standard XML display.


What version of Nmap are you using?  When I do the command "nmap -T4
-A --webxml -oX /t/crap/nmap-webxml.xml scanme.nmap.org", it generates
normal output including:

80/tcp    open   http    Apache httpd 2.2.3 ((CentOS))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_html-title: Go ahead and ScanMe!

Then I posted it on the web so you can see the XML output through the
stylesheet:

http://nmap.org/tmp/nmap-webxml.xml

Note that (at least on my Firefox and IE), you can see the script
output under port 80 in the table.  But maybe there are problems with
script output in some cases?  The nmap.xsl could definitely do with
more love and attention if someone wants to try and improve it.

On a side note, when I do (with latest svn):

nmap -oX /t/crap/nmap.xml scanme.nmap.org

And then I open up file:///t/crap/nmap.xml in firefox, I get a blank
page.  View source shows the original XML.  The file includes:

<?xml-stylesheet href="file:///usr/local/share/nmap/nmap.xsl" type="text/xsl"?>

When I put that xsl file:// URL in the browser, I get the XSL as
expected.  And it works (shows the proper Nmap output) with the same
browser if I use --webxml and place the file on nmap.org as in
http://nmap.org/tmp/nmap-webxml.xml.

Does this sort of local XML file viewing work or not work for anyone
else?  Anyone have an idea why?

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: