Re: [RFC] Zenmap search interface overhaul

[Vladimir Mitrovic <snipe714 () gmail com>]

David Fifield wrote:
> target: and hostname: should be synonyms, and they should both match the
> hardware address, the IP address, the user-supplied name, or the rDNS
> name. I want to avoid the situation where something fails to match
> because the user is searching for the rDNS name when she thinks she's
> searching for the user-supplied name.
>
> Perhaps hostname: should be abbreviated to host:

Sounds reasonable.

> I don't like the proposed syntax for searching for port states,
> especially portstate:. One reason is that ports can be TCP or UDP, and
> Nmap can scan IP protocols too (-sO). My proposed improvement is to use
> the syntax used by the getpts function in nmap.cc, and to use the states
> as the operators. If no type T:, U:, or P: type specifier is given, it
> would match any of those.
>
> open:22 or open:T:22
> closed:auth
> open|filtered:U:53
>
> I don't know, this still needs some thought. Maybe it's still too
> complicated, but most people I suspect would just use open: anyway.

Ok, we'll wait a couple of days and see if there's any input regarding this. 
I'm currently working on the GUI, so there's still time.

Here are my 2 cents:

I like introducing the T: and U: sub-operators and aliases for services, like 
"auth". What you proposed as "open:", "closed:", "open|filtered:", etc. is 
basically what I proposed with "oport:", "cport:", etc., only I like your 
syntax more. So that part is all cool.

However, in addition to the above mentioned operators, I'd like it if we would 
hold on to Kris' proposal of the "portstate:" operator. It doesn't conflict 
with the previous notion, but rather adds another way of expressing the query. 
I see no reason to ditch it.

Cheers,
Vladimir

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org