Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

osmatch and osclass nesting

From: David Fifield <david () bamsoftware com>
Date: Sat, 5 May 2012 14:58:36 -0700
I've just committed a change to Nmap's XML output. Now, osclass elements
are children of the osmatch element they belong do, instead of being
presented separately in an uncorrelated list.

Here's an example to make this clear. Old output:
  <os>
    <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="95"/>
    <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="8.X" accuracy="95"/>
    <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="9.X" accuracy="91"/>
    <osclass type="general purpose" vendor="OpenBSD" osfamily="OpenBSD" osgen="4.X" accuracy="91"/>
    <osmatch name="FreeBSD 7.1-RELEASE - 9.0-CURRENT" accuracy="95" line="19272"/>
    <osmatch name="FreeBSD 8.1-RELEASE" accuracy="92" line="19679"/>
    <osmatch name="FreeBSD 8.0-RELEASE" accuracy="91" line="19571"/>
    <osmatch name="FreeBSD 7.0-RELEASE-p1 - 9.0-PRERELEASE" accuracy="91" line="19025"/>
  </os>
New output:
  <os>
    <osmatch name="FreeBSD 7.1-RELEASE - 9.0-CURRENT" accuracy="95" line="19272">
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="95"/>
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="8.X" accuracy="95"/>
    </osmatch>
    <osmatch name="FreeBSD 8.1-RELEASE" accuracy="92" line="19679">
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="8.X" accuracy="92"/>
    </osmatch>
    <osmatch name="FreeBSD 8.0-RELEASE" accuracy="91" line="19571">
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="8.X" accuracy="91"/>
    </osmatch>
    <osmatch name="FreeBSD 7.0-RELEASE-p1 - 9.0-PRERELEASE" accuracy="91" line="19025">
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="7.X" accuracy="91"/>
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="8.X" accuracy="91"/>
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="9.X" accuracy="91"/>
    </osmatch>
  </os>

Previously, if you wanted to find out which osclasses belonged to which
osmatch, you could kind of do it by matching accuracy values. Of course,
this doesn't work when accuracy values are the same in different
osmatches, and also some osclasses might be missing anyway because of
the deduplication that was previously applied (notice how there is no
'accuracy="92"' osclass in the old output).

This new structure matches how OS classification results are structured
internally in Nmap:
  An osmatch is a name, an accuracy, and a list of osclasses.
    An osclass is a vendor, family, generation, device type, and list of CPEs.

I increased the xmloutputversion to 1.04 in case parsers need to tell
the difference. I tested Zenmap's parser; because it doesn't care about
the nesting of osclass and osmatch, it continues to work. However I also
committed a change to Zenmap so that it now understands that osclasses
belong to an osmatch, so it will use the new structuring when available.
Ndiff's parser didn't read osclass elements.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: