The unification of Nmap and Zenmap XML output

[David Fifield <david () bamsoftware com>]

On Thu, Jul 17, 2008 at 05:15:42PM -0600, David Fifield wrote:
> Nmap can produce output in XML. When you save scan results in Zenmap,
> they are saved in a format called USR. You may not know that USR is
> almost the same as Nmap XML, with less output supported and a little bit
> of extra information describing the profile and the Nmap text output.
> I want to make the two formats the same, so that there is no difference
> between the XML produced by Nmap and the XML produced by Zenmap.

This has been done. Zenmap no longer outputs anything that is not in the
Nmap DTD. Zenmap's XML files are still missing a few required elements
and attributes, but that's comparatively minor.

XML file format unification may not be too interesting, but a side
effect of this change is pretty cool, so read on. Here's an overview of
the problem from before I started working on it, which is now mostly out
of date with these new changes:

http://www.bamsoftware.com/wiki/Nmap/ComparingNmapAndZenmapXML

The .usr (Umit Scan Results) file name extension is deprecated in favor
of the .xml commonly used with Nmap.

The biggest part of this job was writing a command line parser for
Zenmap, so Zenmap could extract Nmap options from XML files without
having to encode them in its own way in extension attributes. The
command line parser allows a whole bunch of neat features, only a few of
which have been implemented.

The most visible of these is two-way communication between the target
entry and the command entry of the main scan interface. It used to that
if you put something in the target entry it would show up in the command
entry, but it didn't work the other way. Now Zenmap is psychic! Type in
the command entry, and put targets anywhere amidst the options. Zenmap
will know which words are targets and insert them automatically in the
target entry. Now if you type in a command line complete with targets,
then decide to select a scan profile instead, your target list won't be
obliterated but will be merged in the the profile's command line.

The same two-way interactivity applies in the profile editor. I hope you
have as much fun with this as I did. You can click the option widgets
and watch the command line change like you always could, but now you can
type in the command line and watch the option widgets change. Type "-sX"
and watch the "Xmas Tree scan" get selected. Type "-p 1-100" and watch
"Ports to scan" get checked and the text entry get filled in. Type
"-T Polit" and watch it go in the "Extra options defined by user". Huh?
That's because Zenmap knows it's not a real option, but figures since
you typed it, it has to go in the command. Then type the final "e" and
watch -T2 get selected.

As a bonus, the file /usr/share/zenmap/misc/options.xml, which contained
the mapping between Zenmap's internal option specification strings and
Nmap's command-line options, has been removed. Also the file
~/.zenmap/scan_profile.usp has been simplified, because it no longer
needs to store a broken-down representation of Nmap options. Now each
profile is represented simply by a command line and a description. These
changes are backward-compatible so a new Zenmap will still work with old
data files.

Give it a try and let me know of any bugs, or ideas for other uses for
the command line parser (which is in zenmapCore/NmapOptions.py by the
way.)

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org