Open happyc0ding opened 3 years ago
I experienced this same issue. This only seems to happen with certain NSE scan modules.
The data above (for the http=methods
NSE scan results) SHOULD look like this {'id': 'http-methods', 'output': '\n Supported Methods: GET HEAD POST OPTIONS', 'elements': {'Supported Methods': ['GET', 'HEAD', 'POST', 'OPTIONS']}}
Where the Supported Methods
key has an array as its value rather than a dictionary (object).
This same issue also occurs in the ssl-cert
NSE scan within the extensions
sub-key.
To be more specific, I have identified that the problem seems to be occurring in the the elements
attribute of an NSE object. I think you can access it by like this:
nmap_process = NmapProcess(targets=target_list)
nmap_process_output = NmapParser.parse(nmap_process.stdout)
hosts = nmap_process_output.hosts
for host in hosts:
services = host.services
for service in services:
nse_results = service.script_results
for nse_script in nse_results:
nse_id = nse_script.get('id')
nse_output = nse_script.get('output')
nse_elements = nse_script.get('elements') # THIS IS WHERE THE PROBLEM APPEARS TO BE
When parsing Nmap XML files with service detection I ran into an interesting scenario: Let's assume I have the following script output in a file:
<script id="http-server-header" output="CerberusFTPServer/11.0"><elem>CerberusFTPServer/11.0</elem></script>
This will result in the following object in the attributeservices
ofNmapHost
(NmapService
):{'id': 'http-server-header', 'output': 'CerberusFTPServer/11.0', 'elements': {None: 'CerberusFTPServer/11.0'}}
As the output shows, the key insideelements
isNone
. This may lead to problems when processing the data with other software, i.e. elasticsearch.In comparison other elements within the XML have a
key
attribute which seems to be used like here:<script id="http-methods" output="
 Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods"><elem>GET</elem><elem>HEAD</elem><elem>POST</elem><elem>OPTIONS</elem></table></script>
This results in:{'id': 'http-methods', 'output': '\n Supported Methods: GET HEAD POST OPTIONS', 'elements': {'Supported Methods': {None: ['GET', 'HEAD', 'POST', 'OPTIONS']}}}
(Please note the key insideSupported Methods
is alsoNone
.)Tested with libnmap versions 0.7.0 and 0.7.2. Nmap version 7.80.