Closed c-f closed 4 years ago
What software are you using that outputs to json like that?
Thanks for the quick response.
none directly. However i see one big advantage over nmap: the programmatic approach.
Every programming language has the possibility to convert to json. Therefore it comes very handy if json would be supported.
As a User i have multiple heterogene data sources (e.g. asset management exports, databases, csv).
I need to consolidate them in order to scan them with medusa (brutespray).
Nmap is used a lot which is why we wrote for that format. If people want to process their own sources then having a simple format for brutespray to consume makes sense. Although I'd prefer not having another file format, supporting multiple parsers for the output of other tools doesn't sound appealing either (I expect NMAP output will have decent coverage).
JSON with host/service/port works. The nmap parsing does check if the port is open but if people are already doing preprocessing then they could filter out closed ports.
Why a JSON blob per line instead of JSON that is an array of objects?
{[{'host':'', 'service':'','port':}, {'host':'', 'service':'','port':}, ...]}
nice comic indeed :) and yes a new format is not always needed.
But the current situation is to generate a fake gnmap file, which feels wrong.
having jsons per line have a few advantages.
samples and densed information it is very easy to extract samples
# sample
head -n20 services.json > services.20.json
# extract only necessary information
cat services.json | jq -c '{service: .service, host: .host, port: .port}' > services.brutespray.json
debugging: makes debugging much easier
cat services.json | jq '.' > /dev/null
memory consume: Performance optimazation for large datasets. in my scenario i'll have multiple information saved for each service, which are not needed for brutespray. If i only have one giant json file ( MB/GB) the scripts needs to consume the whole document only to extract a tiny bit of the necessary information. So parsing the information by line reduces the amount of cpu/ram needed.
Further Resources, which also favorites json-lines:
Any updates ?
going to see if i can implement this
merged your code into testing branch https://github.com/x90skysn3k/brutespray/commit/6b982bb37a1b521ad31e00e2d1619231c0abac68
if you want to make any changes please create a new pull request from the testing branch. i'll merge it to master so you can be shown as a contrib..
thanks
Implement json input
This pullrequests let the user also choose json. Furthermore the format was adjusted to make a better guess what the input might be.
Simple JSON format includes (per line):