Nmap Development mailing list archives

Re: stream output

From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 23 Feb 2012 20:53:04 +0100

On Thu, Feb 23, 2012 at 06:19:47PM +0100, Patrik Karlsson wrote:

On Thu, Feb 23, 2012 at 5:22 PM, Corey Quinn <corey () sequestered net> wrote:

Yup! Pass a -v or two as an argument to nmap.

Toni Ruottu <toni.ruottu () iki fi> wrote:

Does nmap support outputting scan results as a stream of findings as
they come up? Such functionality could be used to refresh user
interfaces or send warning emails to admins while the scan is still
running.

Reporting all the results of a host will not be easy without mixing
things... since we have parallel scans, and results depend on external
data from the network, but we can add a simple output tag (not debug) to
show that the scan of the X host has finished.


 --Toni
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


That would give you any verbose/debug messages added by the developer,
which may or may not include what's reported as a result string by the
script. AFAIK there's no such capability in Nmap yet and "script results"
can only be returned as a string by the action method.
As scripts use different methods of building their "result string", using
tables or concatenation of strings etc, I don't see an easy way of
achieving this.

This behaviour is perfect for postrule scripts since they only report
results. Storing and manipulating that _big_ information in memory is not
the best thing, not to mention that postrule scripts in general will not
yield, they just do data processing/reporting.


After a look it seems that postrule scripts are using the
script_set_output() function to save data, IIRC I'm the one who did this
but there was/is not another solution. So _all_ the results of all the
postrule scripts will be kept in memory before reporting output to the
user (memory can explode).

The good news is that postrule scripts results are reported separately only
at the end, so we can modify Nmap and NSE, add some special NSE functions
to directly report to the user without storing anything in memory. We can
start by the POST_SCAN phase and see what we can do to the other scan
phases.

We should ask our self: do the postrule scripts need to run in parallel ?
or why all the script results are kept in memory ?


Thanks

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

stream output Toni Ruottu (Feb 23)
- <Possible follow-ups>
- Re: stream output Corey Quinn (Feb 23)
  - Re: stream output Patrik Karlsson (Feb 23)
    - Re: stream output Djalal Harouni (Feb 23)
    - Re: stream output Toni Ruottu (Feb 27)
    - Re: stream output David Fifield (Feb 27)
    - Re: stream output Abuse 007 (Feb 29)