Re: [Ndiff] RFC: Add nmaprun element diff to niff xml output

[Daniel Miller <bonsaiviking () gmail com>]

List,

Shamelessly bumping this, but I would like to know if there are any 
suggestions for changes to be made on this patch. I expected it to be 
rather straightforward, since
1. The XML output is already not empty if the scans are the same, and
2. The XML output contains no information to identify the 'a' and 'b' 
scans (i.e. it is entirely dependent on the user to remember the order 
in which he specified the scans on the command line)

I've already written some code for a personal project that depends on 
this functionality, but I would be willing to rewrite if someone has a 
better way of doing this.

Thanks!
Dan

On 02/09/2011 02:18 PM, Daniel Miller wrote:
> List,
>
> Found a bug in my patch, looks like this:
> Traceback (most recent call last):
>    File "<stdin>", line 1, in<module>
>    File "ndiff.py", line 486, in print_text
>      banner_a = format_banner(self.scan_a)
>    File "ndiff.py", line 415, in format_banner
>      return u" ".join(parts)
> TypeError: sequence item 0: expected string or Unicode, NoneType found
>
> Fix was to check scan.scanner is not None in format_banner. Fixed
> patch attached.
>
> Thanks!
> Dan
>
> On Sat, Feb 5, 2011 at 7:48 PM, Daniel Miller<bonsaiviking () gmail com>  wrote:
> > List,
> >
> > I've attached a patch for ndiff that does 3 things:
> >
> > 1. Adds a<scan>  element to the XML output to show differences between
> > the<nmaprun>  elements of the diffed scans. Ndiff already outputs
> > similar info in text mode. This information does not affect the diff
> > cost of 2 scans, so a diff will still not be output if the scan
> > results did not change. Example:
> > <nmapdiff version="1">
> >   <scandiff>
> >     <a>
> >       <scan args="nmap -vv -A -sS -sU -oA lan-full-%y%m%d --script not
> > *brute* and not qscan 192.168.1.0/24" scanner="nmap"
> > start="1273248523" startstr="Fri May 07 16:08:43 2010"
> > version="5.30BETA1"/>
> >     </a>
> >     <b>
> >       <scan args="nmap -v -A -oA lan-full-%y%m%d --open
> > 192.168.1.0/24" scanner="nmap" start="1296469222" startstr="Mon Jan 31
> > 10:20:22 2011" version="5.51SVN"/>
> >     </b>
> >
> > 2. Changed the text-mode output of Ndiff to more closely match the
> > first line of Nmap output. Example:
> > Original output:
> > -Nmap 5.51SVN at 2011-01-31 10:20
> > +Nmap 5.30BETA1 at 2010-05-07 16:08
> >
> > New output:
> > -Nmap 5.51SVN scan initiated Mon Jan 31 10:20:22 2011 as: nmap -v -A
> > -oA lan-full-%y%m%d --open 192.168.1.0/24
> > +Nmap 5.30BETA1 scan initiated Fri May 07 16:08:43 2010 as: nmap -vv
> > -A -sS -sU -oA lan-full-%y%m%d --script not *brute* and not qscan
> > 192.168.1.0/24
> >
> > 3. Changes the Ndiff DTD to reflect changes in XML output.
> > Essentially, the new<scan>  element is now a diffable element, allowed
> > to be a child of an<a>  or<b>  element.
> >
> > Thanks,
> > Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/