[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nmap-dev
Subject:    Re: Zenmap Compare really broken?
From:       bensonk () acm ! wwu ! edu
Date:       2008-05-31 23:25:41
Message-ID: 20080531232541.GA31246 () winterfell ! acm ! wwu ! edu
[Download RAW message or body]

This is a MIME-formatted message.  If you see this text it means that your
E-mail software does not support MIME-formatted messages.

[Attachment #2 (multipart/signed)]
This is a MIME-formatted message.  If you see this text it means that your
E-mail software does not support MIME-formatted messages.


I really like the idea of it being an external program.  I'd use it to
keep track of changes on the servers I run.  Loose coupling and modular
design is for the win.  Zenmap could run the compare script on each pair
of saved scan files in order and present a resultant chronological
report of how your network has changed over time.

If you could somehow tag the xml output files, you could pass the 
comparison tool a tag and it could run it on all the outputs with that 
tag.  This would require some sort of zenmap database to keep track of
scan results, though.  Does anything like this exist already, or is
anything like it in the plans?  It seems like with the web 2.0 frenzy
tags are getting all popular.  While popularity is often not a good
metric for usefulness, I think tags have proved to be a useful tool.  I
won't go so far as to suggest adding a "find your scan by tag cloud"
option -- that'd just be silly.  

Benson

On Sat, May 31, 2008 at 03:46:45PM -0700, Fyodor wrote:
> On Sat, May 31, 2008 at 03:44:08PM -0600, David Fifield wrote:
> > On Fri, May 30, 2008 at 08:58:30PM -0700, Fyodor wrote:
> > > On Fri, May 30, 2008 at 05:11:05PM -0600, David Fifield wrote:
> > 
> > Agreed. Current Zenmap comparison is not helpful. Part of Jurand's
> > Summer of Code proposal has to do with this:
> 
> Great!
> 
> > 
> > I would like to see diff output something like this:
> > 
> > 10.0.0.1: changed from down to up.
> > 10.0.0.1: port 22/tcp changed from unknown to open.
> > 10.0.0.1: 1664 ports changed from unknown to filtered.
> > 10.0.0.2: reverse DNS changed from "mail.site.whatever" to "www.site.whatever".
> > 10.0.0.2: service on port 10250 changed from "Foobar 1.99" to "Foobar 2.00".
> > 10.0.0.2: port 80/tcp changed from open to closed.
> > etc.
> 
> Looks good to me, though figuring out the best way to present it
> certainly merits plenty of thought and brainstorming.
> 
> And for output like this, I believe it would be best to have an
> independent program/script which compares two Nmap XML output files
> and then produces output like this (and maybe in an XML format too).
> After all, this diff functionality is useful for all Nmap users, not
> just the Zenmap folks.  Though Zenmap could possibly improve the
> output in some way since it has advantages of being able to change
> colors, include icons, etc. if desired.
> 
> It would be nice to just be able to run ndiff /tmp/scan1.xml /tmp/scan2.xml
> 
> > The hard part, I think, is designing the interface for specifying that
> > two scans are "the same scan," just displaced in time. It's easy enough
> > to just have the user manually select two scans to compare, but a higher
> > degree of sophistication would be better. For example, say you have a
> > scan you run every day. Zenmap should be able to give you a nice report
> > with output like I showed above for every day in a long sequence, like
> > this:
> 
> If the external ndiff application generates the report, someone can
> write a 5-line cron script which runs Nmap every day and emails them
> the results.  Or they can hook it into their processes in other ways.
> 
> Cheers,
> -F
> 
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
> 

[Attachment #5 (application/pgp-signature)]

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic