Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Date formats for structured output

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 16 Aug 2012 10:51:37 -0500
On 08/16/2012 07:08 AM, David Fifield wrote:

On Thu, Aug 16, 2012 at 05:05:18AM -0700, David Fifield wrote:

On Wed, Aug 15, 2012 at 08:00:00PM -0700, commit-mailer () insecure org wrote:

Author: dmiller
Date: Wed Aug 15 20:00:00 2012
New Revision: 29601

Log:
Add @xmloutput nsedoc to ssh-hostkey, smb-os-discovery

Modified: nmap/scripts/smb-os-discovery.nse
==============================================================================
--- nmap/scripts/smb-os-discovery.nse   (original)
+++ nmap/scripts/smb-os-discovery.nse   Wed Aug 15 20:00:00 2012
@@ -56,7 +56,18 @@
  -- |   NetBIOS computer name: SQL2008
  -- |   NetBIOS domain name: LAB
  -- |_  System time: 2011-04-20 13:34:06 UTC-5
------------------------------------------------------------------------
+--
+--@xmloutput
+-- <script id="smb-os-discovery" output="...">
+--   <elem key="OS">Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)</elem>
+--   <elem key="Computer name">Sql2008</elem>
+--   <elem key="Domain name">lab.test.local</elem>
+--   <elem key="Forest name">test.local</elem>
+--   <elem key="FQDN">Sql2008.lab.test.local</elem>
+--   <elem key="NetBIOS computer name">SQL2008</elem>
+--   <elem key="NetBIOS domain name">LAB</elem>
+--   <elem key="System time">2011-04-20 13:34:06 UTC-5</elem>
+-- </script>

As for this part of the output,

+--   <elem key="System time">2011-04-20 13:34:06 UTC-5</elem>

I think there will be a lot of value if we use a common date format in
all scripts that use structured output. I have been using
os.date("%Y-%m-%dT%H:%M:%SZ") which looks like
        2012-08-16T05:03:30Z
This is ISO 8601. However, this supposes UTC, so we would have to
represent the "UTC-5" in the date above separately. Perhaps we should
settle on a date format that also includes a time zone?

Here is something:
https://www.cl.cam.ac.uk/~mgk25/iso-time.html#zone

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
I made this change in r29613 for smb-os-discovery. It involved some math to get the hour and minutes offset, but looks pretty good. Here's the diff, for those interested: 


Modified: nmap/nselib/smb.lua
==============================================================================
--- nmap/nselib/smb.lua (original)
+++ nmap/nselib/smb.lua Thu Aug 16 08:46:37 2012
@@ -3266,7 +3266,9 @@
        response['domain']       = smbstate['domain']
        response['server']       = smbstate['server']
        response['date']         = smbstate['date']
+       response['time']         = smbstate['time']
        response['timezone_str'] = smbstate['timezone_str']
+       response['timezone']     = smbstate['timezone']
        
      -- Kill SMB
      stop(smbstate)

Modified: nmap/scripts/smb-os-discovery.nse
==============================================================================
--- nmap/scripts/smb-os-discovery.nse   (original)
+++ nmap/scripts/smb-os-discovery.nse   Thu Aug 16 08:46:37 2012
@@ -124,7 +124,7 @@
                os_string = string.format( "%s (%s)", get_windows_version( result['os'] ), result['lanmanager'] )
        end
        if (result['date'] and result['timezone_str']) then
-               time_string = string.format("%s %s", result['date'], result['timezone_str'])
+               time_string = string.format("%s%+03d%02d", os.date("%Y-%m-%dT%H:%M:%S", result.time), result.timezone, 
math.abs(math.fmod(result.timezone, 1)) * 60)
        end
One takeaway is that libraries in general should return unformatted data to scripts, and let scripts do their own formatting (smb.get_os() does some formatting of time values that made it necessary to modify it to return raw values to format this timestamp as ISO8601). 

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: