Nmap Development mailing list archives
Re: stream output
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 23 Feb 2012 20:53:04 +0100
On Thu, Feb 23, 2012 at 06:19:47PM +0100, Patrik Karlsson wrote:
On Thu, Feb 23, 2012 at 5:22 PM, Corey Quinn <corey () sequestered net> wrote:Yup! Pass a -v or two as an argument to nmap. Toni Ruottu <toni.ruottu () iki fi> wrote:Does nmap support outputting scan results as a stream of findings as they come up? Such functionality could be used to refresh user interfaces or send warning emails to admins while the scan is still running.
Reporting all the results of a host will not be easy without mixing things... since we have parallel scans, and results depend on external data from the network, but we can add a simple output tag (not debug) to show that the scan of the X host has finished.
--Toni _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/That would give you any verbose/debug messages added by the developer, which may or may not include what's reported as a result string by the script. AFAIK there's no such capability in Nmap yet and "script results" can only be returned as a string by the action method. As scripts use different methods of building their "result string", using tables or concatenation of strings etc, I don't see an easy way of achieving this.
This behaviour is perfect for postrule scripts since they only report results. Storing and manipulating that _big_ information in memory is not the best thing, not to mention that postrule scripts in general will not yield, they just do data processing/reporting. After a look it seems that postrule scripts are using the script_set_output() function to save data, IIRC I'm the one who did this but there was/is not another solution. So _all_ the results of all the postrule scripts will be kept in memory before reporting output to the user (memory can explode). The good news is that postrule scripts results are reported separately only at the end, so we can modify Nmap and NSE, add some special NSE functions to directly report to the user without storing anything in memory. We can start by the POST_SCAN phase and see what we can do to the other scan phases. We should ask our self: do the postrule scripts need to run in parallel ? or why all the script results are kept in memory ? Thanks -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- stream output Toni Ruottu (Feb 23)
- <Possible follow-ups>
- Re: stream output Corey Quinn (Feb 23)
- Re: stream output Patrik Karlsson (Feb 23)
- Re: stream output Djalal Harouni (Feb 23)
- Re: stream output Toni Ruottu (Feb 27)
- Re: stream output David Fifield (Feb 27)
- Re: stream output Abuse 007 (Feb 29)
- Re: stream output Patrik Karlsson (Feb 23)