[Ndiff] RFC: Add nmaprun element diff to niff xml output

[Daniel Miller <bonsaiviking () gmail com>]

List,

I've attached a patch for ndiff that does 3 things:

1. Adds a <scan> element to the XML output to show differences between
the <nmaprun> elements of the diffed scans. Ndiff already outputs
similar info in text mode. This information does not affect the diff
cost of 2 scans, so a diff will still not be output if the scan
results did not change. Example:
<nmapdiff version="1">
  <scandiff>
    <a>
      <scan args="nmap -vv -A -sS -sU -oA lan-full-%y%m%d --script not
*brute* and not qscan 192.168.1.0/24" scanner="nmap"
start="1273248523" startstr="Fri May 07 16:08:43 2010"
version="5.30BETA1"/>
    </a>
    <b>
      <scan args="nmap -v -A -oA lan-full-%y%m%d --open
192.168.1.0/24" scanner="nmap" start="1296469222" startstr="Mon Jan 31
10:20:22 2011" version="5.51SVN"/>
    </b>

2. Changed the text-mode output of Ndiff to more closely match the
first line of Nmap output. Example:
Original output:
-Nmap 5.51SVN at 2011-01-31 10:20
+Nmap 5.30BETA1 at 2010-05-07 16:08

New output:
-Nmap 5.51SVN scan initiated Mon Jan 31 10:20:22 2011 as: nmap -v -A
-oA lan-full-%y%m%d --open 192.168.1.0/24
+Nmap 5.30BETA1 scan initiated Fri May 07 16:08:43 2010 as: nmap -vv
-A -sS -sU -oA lan-full-%y%m%d --script not *brute* and not qscan
192.168.1.0/24

3. Changes the Ndiff DTD to reflect changes in XML output.
Essentially, the new <scan> element is now a diffable element, allowed
to be a child of an <a> or <b> element.

Thanks,
Dan

Attachment: ndiff.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/