[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-dev
Subject: Re: XML XLS transform changes - summary of changes from 2b to 2c -
From: David Fifield <david () bamsoftware ! com>
Date: 2010-12-29 17:50:58
Message-ID: 20101229175058.GD3481 () debian ! bamsoftware ! com
[Download RAW message or body]
On Tue, Dec 28, 2010 at 05:38:51PM -0600, Tom Sellers wrote:
> I have just committed the updates to the nmap XML output XSL
> transform. This list below is a summary of changes from when the
> update began on 11/11. A few of these changes were committed 11/14,
> but most have only been submitted to the list.
Nice work Tom.
> Open items:
> 1. Device types - currently have issues with output data consistency
> and formatting when pulling a distinct list.
I don't know what you mean.
> 2. What criteria / counts should be used in situations described below?
> For example, how many fingerprints are too many? How do we know if the
> fingerprint is high enough quality to submit given that it may just be
> present due to the use of -v or -d?
Too many perfect matches is more than 8 (output.cc). Submission-quality
prints have the test and value SCAN.G=Y, but this probably won't be easy
to test in the XSL. Good fingerprints are also wrapped with "OS:"
prefixes. See the isGoodFP and wrapit parameters to write_merged_fpr.
> 3. Does the OS fingerprint need to be printed (to paper/PDF) at all?
> The only scenario that I could think of where this would be useful
> would be if the file was 'printed' to digital media such as PDF.
I think I'd err towards keeping the screen and print versions more
similar (including the fingerprints) to reduce possible surprise. It's
true that a fingerprint on paper isn't much use to anybody. But as you
say, someone could copy and paste from a PDF.
> 4. Does the table of ports need to be changed so that closed and and
> filtered ports are always printed (to paper/PDF) as opposed to
> printing in the format that is currently displayed? My concern here
> is processes that automatically convert documents, for example to PDF
> format.
I think it's best to choose a good default display, as you have done,
and then print what is currently displayed. You can always comment the
XSL file to show what to change if you want to always display all ports.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic