Re: [RFC] Vulnerability library proposal

[Djalal Harouni <tixxdz () opendz org>]

On Sun, Aug 07, 2011 at 06:59:06PM +0200, Henri Doreau wrote:
> Hello,
>
> 2011/8/7 Rob Nicholls <robert () robnicholls co uk>:
> > [...]
> > This probably goes outside the scope, but what would the XML output look
> > like? It'd be great if we could somehow use the internal tags to create XML
> > tags to easily identify the state/risk factor/references etc. (to save us
> > from having to parse all of the script output first).
> This is one of the long term goal, having vulnerabilities clearly
> identified within the XML output. So far we haven't discussed the
> format that this might have (or maybe do you Djalal have ideas about
> it?) but the plan was to make extensive use of stdnse.format_output()
> so that the vulns lib would benefit any improvement there.
After a quick look I think that we can save and register XML data in the
ScriptResult class, file: nse_main.h

Later we just add some functions to stdnse.lua file to push XML data
into the current 'ScriptResults' object (associated with the script), and
when Nmap will report the script output then we can write our XML
data. (I'll repeat my self: I think that NSE output code needs to be
cleaned first).

And with this every NSE script or library can register XML data with the
stdnse.lua or xml.lua functions. For vulns we can add a function to achieve
this: vulns.save_xml_data() or whatever to do it automatically, of course
we need to define and discuss the XML output format :)

I'll try to define some samples later.

Thanks.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/