From ccd55623c7bfc2eea8eb6fa7f7bc6cee3d64b02c Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 18 Mar 2009 00:09:14 +0000
Subject: [PATCH] Record OS information in Ndiff.

---
 ndiff/ndiff             |  8 ++++++++
 ndiff/ndifftest.py      |  7 +++++++
 ndiff/test-scans/os.xml | 27 +++++++++++++++++++++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 ndiff/test-scans/os.xml

diff --git a/ndiff/ndiff b/ndiff/ndiff
index d929c8923..4df9b9433 100755
--- a/ndiff/ndiff
+++ b/ndiff/ndiff
@@ -119,6 +119,7 @@ class Host(object):
         self.addresses = []
         self.hostnames = []
         self.ports = PortDict()
+        self.os = []
 
     def get_id(self):
         """Return an id that is used to determine if hosts are "the same" across
@@ -730,6 +731,13 @@ class NmapContentHandler(xml.sax.handler.ContentHandler):
             self.current_port.service.product = attrs.get(u"product")
             self.current_port.service.version = attrs.get(u"version")
             self.current_port.service.extrainfo = attrs.get(u"extrainfo")
+        elif name == u"osmatch":
+            assert self.parent_element() == u"os"
+            assert self.current_host is not None
+            if not attrs.has_key(u"name"):
+                warn("osmatch element of host %s is missing the \"name\" attribute; skipping." % self.current_host.format_name())
+                return
+            self.current_host.os.append(attrs[u"name"])
         elif name == u"finished":
             assert self.parent_element() == u"runstats"
             if attrs.has_key(u"time"):
diff --git a/ndiff/ndifftest.py b/ndiff/ndifftest.py
index 202bdb357..8b6bd7ac7 100755
--- a/ndiff/ndifftest.py
+++ b/ndiff/ndifftest.py
@@ -487,6 +487,13 @@ class scan_test(unittest.TestCase):
         self.assertTrue(len(host.hostnames) == 1)
         self.assertTrue(host.hostnames[0] == u"scanme.nmap.org")
 
+    def test_os(self):
+        """Test that OS information is recorded."""
+        scan = Scan()
+        scan.load_from_file("test-scans/os.xml")
+        host = scan.hosts[0]
+        self.assertTrue(len(host.os) > 0)
+
 # This test is commented out because Nmap XML doesn't store any information
 # about down hosts, not even the fact that they are down. Recovering the list of
 # scanned hosts to infer which ones are down would involve parsing the targets
diff --git a/ndiff/test-scans/os.xml b/ndiff/test-scans/os.xml
new file mode 100644
index 000000000..ebccf5f35
--- /dev/null
+++ b/ndiff/test-scans/os.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" ?>
+<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 4.85BETA3 scan initiated Tue Mar 17 18:08:24 2009 as: nmap -oX os.xml -p 22,113 -O scanme.nmap.org -->
+<nmaprun scanner="nmap" args="nmap -oX os.xml -p 22,113 -O scanme.nmap.org" start="1237334904" startstr="Tue Mar 17 18:08:24 2009" version="4.85BETA3" xmloutputversion="1.03">
+<scaninfo type="syn"  protocol="tcp" numservices="2" services="22,113" />
+<verbose level="0" />
+<debugging level="0" />
+<host starttime="1237334904" endtime="1237334908"><status state="up" reason="echo-reply"/>
+<address addr="64.13.134.52" addrtype="ipv4" />
+<hostnames><hostname name="scanme.nmap.org" type="PTR" /></hostnames>
+<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="50"/><service name="ssh" method="table" conf="3" /></port>
+<port protocol="tcp" portid="113"><state state="closed" reason="reset" reason_ttl="50"/><service name="auth" method="table" conf="3" /></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22" />
+<portused state="closed" proto="tcp" portid="113" />
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100" />
+<osmatch name="Linux 2.6.9 - 2.6.24" accuracy="100" line="19245" />
+</os>
+<uptime seconds="3429372" lastboot="Fri Feb  6 00:32:17 2009" />
+<tcpsequence index="198" difficulty="Good luck!" values="12A06169,12502AB7,1247E0B5,11F5A18E,123FC32F,12C350DC" />
+<ipidsequence class="All zeros" values="0,0,0,0,0,0" />
+<tcptssequence class="1000HZ" values="CC67FE25,CC67FE8D,CC67FEF5,CC67FF5E,CC67FFC5,CC68002D" />
+<times srtt="62494" rttvar="20620" to="144974" />
+</host>
+<runstats><finished time="1237334909" timestr="Tue Mar 17 18:08:29 2009" elapsed="6.45"/><hosts up="1" down="0" total="1" />
+<!-- Nmap done at Tue Mar 17 18:08:29 2009; 1 IP address (1 host up) scanned in 6.45 seconds -->
+</runstats></nmaprun>