Nmap Development mailing list archives

Re: Suggestion: Using script output - Human-readable and machine-parseable

From: David Fifield <david () bamsoftware com>
Date: Thu, 31 Mar 2011 20:02:13 -0700

On Thu, Mar 31, 2011 at 03:46:41PM -0500, Daniel Miller wrote:

Hey list,

From the Nmap TODO:

o Nmap should have a better way to handle XML script output.
o We currently just stick the current script output text into an XML tag.

May I make a suggestion? If we format script output as YAML
(http://www.yaml.org/), it will be machine-readable, while
preserving the human-readable nature. There are a couple of YAML
bindings for Lua: libyaml (http://yaml.luaforge.net/) and libsyck
(https://github.com/indeyets/syck/tree/master/ext/lua)

The quickest way to support this straight off would be to modify
stdnse.format_output to output YAML. The NSE runtime could quote
non-YAML return values as block-literal scalars, until such time as
they are rewritten to return more useful formatted output. A
downside would be that output would take a few more lines than
before, though this could be overcome by using "flow styles," of
which JSON is a proper subset.

Benefits of doing this are:
* extensibility without requiring modifications to Nmap XML schema
* Human-readable nature of YAML means a single output format for
human and machine consumers
* existing structured-output using stdnse.format_output means very
few changes for script authors
* YAML bindings available for Lua, Python, Perl, Ruby, C, and many
other languages.


At first blush, I like this YAML idea. How might it handle tabular data,
like that of nfs-ls?

|   NFS Export: /mnt/nfs/files
|   NFS Access: Read Lookup NoModify NoExtend NoDelete NoExecute
|
|     PERMISSION  UID   GID   SIZE     MODIFICATION TIME  FILENAME
|     drwxr-xr-x  1000  100   4096     2010-06-17 12:28   /mnt/nfs/files
|     drwxr--r--  1000  1002  4096     2010-05-14 12:58   sources
|     -rw-------  1000  1002  23606    2010-06-17 12:28   notes

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Suggestion: Using script output - Human-readable and machine-parseable Daniel Miller (Mar 31)
- Re: Suggestion: Using script output - Human-readable and machine-parseable David Fifield (Mar 31)
  - Re: Suggestion: Using script output - Human-readable and machine-parseable Daniel Miller (Mar 31)