External Fingerprint Processing

[Fredrick Paul Eisele <phreed () netarx com>]

First some background...
I was trying to perform a os-fingerprint and no os guess was made.
Of course, I got the  fingerprint test results.
I knew the os is correctly recorded in the fingerprint file.
The problem was that the device I was fingerprinting lives on a 
different subnet.
Some filtering/translation is being done by the gateway device.
Despite this filtering I was able to visually examine the returned 
fingerprint and determine the os.

Now the request...
I would like to have the results from the os-fingerprint written to a 
file or stdout for external processing.
Adding the complexity to nmap itself is probably asking to much of nmap.
I would like an output mode that would write the fingerprint information 
as an xml file.
This would be similar to the output mode for nmap to write xml for 
network scans.
(I can code the patch, it would be pretty simple.)

What I have in mind...
Use the fingerprint as input into an expert system engine (e.g. clips).
The os-fingerprint file would be rewritten as a set of rules.
Other os detection mechanisms would also be used as input to the expert 
system, e.g. telnet headers.


Should this have been directed to "nmap-hackers"?



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).