Re: parsing XML with NSE

[David Fifield <david () bamsoftware com>]

On Thu, Aug 26, 2010 at 04:05:46PM -0500, DePriest, Jason R. wrote:
> > Ryan Linn, who wrote an NSE–Metasploit binding called Nsploit, used a
> > Lua binding of Expat called lxp. This is what's reflected at the moment
> > in his online repository viewer.
> >
> > http://trac.happypacket.net/browser/nsploit/trunk/nselib/Nsploit.lua
> >
> > However I spoke to him at the conferences in Las Vegas and he said that
> > he had removed the dependency on lxp. He posted some code at
> > http://www.happypacket.net/VegasCode2010.tar.bz2 and it looks like he
> > made a new library, Nxmlrpc.lua, based on the "Classic Lua-only version"
> > at http://lua-users.org/wiki/LuaXml.
> >
> > If an XML parser can be that small and do everything we need it to, I
> > wouldn't hesitate to add it as a new library.
>
> Do you think you can just pull the library out of the tarball and use
> it as is or would it require further tweaking?
>
> Do you have a way of contacting the author and asking if it is okay
> for us to do that?

You wouldn't need to use the whole XML-RPC library, just the short part
(parseargs and collect) on the LuaXml page. I don't see a license on
that page. But since it's so short, what I recommend is to try
implementing your script with it (or an even simpler script), and if it
looks like it's working out we can ask if it's available under a
suitable license. In any case, implementing the scritp once will give
you a feel for the API and what you need the library to be able to do.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/