Nmap Development mailing list archives
RE: PostgreSQL patch
From: "Max" <musitechman () earthlink net>
Date: Mon, 08 Jul 2002 09:15:05 -6756
Hi,
Have you considered parsing Nmap XML output rather than hooking into a parallel set of Nmap output routines? This has several advantages: Someday I would like to have a general Nmap DB output driver, so I could just run something like:
The external API you are asking about, Fyodor, is available via perl in my Nmap::Scanner classes ... at this point I parse "normal" output because, as of a beta release a few minor revisions ago, the XML output option does not provide information as the scan happens the way super-verbose mode does ... the "-v -v -v" output with -oN lets me create an event driven programming model that is nice if you want to capture events as they happen ... event listeners. In any case, it would be easy to add DB independent capture of scans to Nmap::Scanner as it is in perl and the DBI/DBD modules for perl are tried and true ... making a general nmapdb tool without too much effort. If people on this list are against perl ;), I have thought of porting my classes to Ruby and/or python ... if that would spur interest. The latest version of Nmap::Scanner is available at http://webwizarddesign.com/nmap/ I could see changing the XML mode in nmap so that it does work in live mode ... if -v -v -v is selected, then output starts with <?xml version="1.0" ?> Then perhaps the live output is all captured in a set of <live> tags to separate it from the end output ... <live> <host name="blah"> <port state="open" number="80" service="http"/> </host> etc... </live> This way, until there is a shared object/DLL for nmap, programs can also get the live information which, as I have stated earlier, works nicely into an event-driven API. If -v -v -v is not selected, then the output would be as it is today .. no output until the end ... what do you think?
Nmap to finish running before processing any results. Does anyone on the list know of a good way to handle this? I am not any sort of XML expert. Perhaps some parsers can deal with incremental XML? Or perhaps Nmap should spit out a new complete XML document for each host and just concatenate them all together?
the SAX parser is event-driven .. you specify handlers for start of tags, end of tags, and content and then "listen" for just the tags you want .. so it works well with streams. SAX is available for just about every programming language I can think of :). I welcome feedback on my thoughts/ideas. Max --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- RE: PostgreSQL patch Max (Jul 08)
- <Possible follow-ups>
- Re: PostgreSQL patch Max Schubert (Jul 08)
- Re: PostgreSQL patch Brett Hutley (Jul 08)