Re: nmap output bug?

[Daniel Miller <bonsaiviking () gmail com>]

On 10/21/2011 08:24 AM, Paul Griggs wrote:
> Hi dev list,
>
> I'm parsing nmap standard output using various techniques, and just discovered an anomaly.  For reasons that are not clear to me, sometimes the line that reports an open port 
> contain "<portnumber>/tcp open" with a single space between "tcp" and "open", and other times with two spaces between "tcp" and 
> "open".  I can't imagine any legitimate reason for it.  Yeah, I should probably be parsing XML instead, but I thought I would throw this out there.
>
> Paul
>
>
>
>
> -----------------------------------------
> Notice: This e-mail message, together with any attachments,
> contains information of Cadre Computer Resources, Co. that may be
> confidential, proprietary, copyrighted and/or legally privileged,
> and is intended solely for the use of the individual or entity
> named on this message.  If you are not the intended recipient, and
> have received this message in error, please immediately return this
> by e-mail and then delete it.
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
Paul,

The reason is that the output is placed in a variable-width table for 
each host. You could have up to 5 spaces there, in reality. Here is an 
example, using X instead of spaces:

PORTXXXXXXSTATEXSERVICE
1/tcpXXXXXopenXXtcpmux
31337/tcpXopenXXElite

And yes, you really should be parsing the XML, or at the very least, the 
grepable output (-oG).

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/