mirror of
https://github.com/nmap/nmap.git
synced 2025-12-26 17:39:03 +00:00
3a4a181f2d
if there was only one extraports state, would create a Port object for each scanned port that was not listed explictly. So for example, if a scan of 100 ports had 5 open ports and an extraports of "filtered", Ndiff would create 95 port records in the "filtered" state in addition to the 5 "open". If there was more than one extraports state this was not possible. This turned out to be a slow operation, out of all proportion to its utility. Here are times for a diff of random-1.xml and random-2.xml, before and after: real 0m11.912s user 0m10.970s sys 0m0.249s real 0m0.773s user 0m0.726s sys 0m0.046s In most cases extraports are not shown in the output, so this was wasted effort. I know of only one place where it affected the output, when an extraports in the A scan because a non-extraports in a different state in the B scan. Then the previous state would be included in the <a> port, where now it will just be listed without a state.
Ndiff Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it takes two Nmap XML output files and prints the differences between them. It is capable of showing changes in host states (up or down), port states (open, closed, etc.), script results, and changes in service and OS detection. To install, run (as root) python setup.py install It's also possible to run the program from within the distribution without installing it. Use "ndiff --help" for usage instructions. Here is a sample of the output: $ ./ndiff test-scans/random-1.xml test-scans/random-2.xml -Nmap 4.85BETA4 at 2009-03-24 17:34 +Nmap 4.85BETA4 at 2009-03-25 16:35 10.137.81.38: OS details: FreeBSD 6.2-RELEASE Apple AirPort Extreme WAP v7.3.2 + APC Network Management Card (AOS 3.3.5) + Apple iPod touch audio player (iPhone OS 2.1) +10.181.218.66: +Host is up. +Not shown: 998 closed ports +PORT STATE SERVICE VERSION +222/tcp open rsh-spx +8080/tcp filtered http-proxy -bpdygf-130.example.com (10.188.226.230): -Host is up. -Not shown: 1000 filtered ports ysqxnovik-508.example.com (10.253.52.142): PORT STATE SERVICE VERSION +1503/tcp closed imtc-mcs -4567/tcp open tcpwrapped -OS details: - HP 4000M ProCurve switch (J4121A) - Nortel 5530 Ethernet Routing Switch - Nortel 5520 Ethernet Routing Switch - Sun StorageTek 6140 NAS device - FreeBSD 6.2-RELEASE Use -v or --verbose to see all hosts and ports, not just those that have changed. Ndiff started as a project by Michael Pattrick <mpattrick@rhinovirus.org> during the 2008 Google Summer of Code. Michael designed the program and led the discussion of its output formats. He wrote versions of the program in Perl and C++, but the summer ended shortly after it was decided to rewrite the program in Python for the sake of Windows compatibility. This Python version is written by David Fifield <david@bamsoftware.com>. Ndiff web site: http://nmap.org/ndiff/