1

I'm again working with Nmap XML, and while my XSLT is improving... I'm constantly reminded of my current limitations.

An example of the Nmap XML,

<?xml version="1.0"?>
<nmaprun scanner="nmap" args="nmap -sU -sS -sV -O -p T:20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157,U:53,67,69,111,123,137-138,161-162,199,705,1993,5353 -oX - 192.168.100.1 192.168.100.3 192.168.100.5 192.168.100.6 192.168.100.7 192.168.100.8 192.168.100.9 192.168.100.10 192.168.100.13 192.168.100.15 192.168.100.16 192.168.100.17 192.168.100.18 192.168.100.20 192.168.100.21 192.168.100.24 192.168.100.25" start="1341847779" startstr="Mon Jul  9 11:29:39 2012" version="5.51.6" xmloutputversion="1.03">
  <scaninfo type="syn" protocol="tcp" numservices="105" services="20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157"/>
  <scaninfo type="udp" protocol="udp" numservices="13" services="53,67,69,111,123,137-138,161-162,199,705,1993,5353"/>
  <verbose level="0"/>
  <debugging level="0"/>
  <host starttime="1341847779" endtime="1341854043">
    <status state="up" reason="echo-reply"/>
    <address addr="192.168.100.3" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub2.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="filtered" count="102">
        <extrareasons reason="no-responses" count="102"/>
      </extraports>
      <port protocol="tcp" portid="22">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="80">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="631">
        <state state="closed" reason="reset" reason_ttl="64"/>
        <service name="ipp" method="table" conf="3"/>
      </port>
      <port protocol="udp" portid="5353">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="zeroconf" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="open" proto="tcp" portid="22"/>
      <portused state="closed" proto="tcp" portid="631"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
      <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
    </os>
    <uptime seconds="3662901" lastboot="Mon May 28 03:46:31 2012"/>
    <distance value="2"/>
    <tcpsequence index="258" difficulty="Good luck!" values="E1B9999,E6F5E488,274272DD,94D932E2,B9CF9CA8,F7C309B"/>
    <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
    <tcptssequence class="1000HZ" values="DA505426,DA50548C,DA5054F2,DA505558,DA5055BD,DA505621"/>
    <times srtt="1424" rttvar="772" to="100000"/>
  </host>
  <host starttime="1341847779" endtime="1341854075">
    <status state="up" reason="echo-reply"/>
    <address addr="192.168.100.5" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub3.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="filtered" count="100">
        <extrareasons reason="no-responses" count="100"/>
      </extraports>
      <port protocol="tcp" portid="21">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ftp" product="ProFTPD" version="1.3.3c" ostype="Unix" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="22">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="80">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
      </port>
      <port protocol="udp" portid="5353">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="zeroconf" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="open" proto="tcp" portid="21"/>
      <portused state="closed" proto="tcp" portid="631"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
      <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
    </os>
    <uptime seconds="2854295" lastboot="Wed Jun  6 12:23:17 2012"/>
    <distance value="2"/>
    <tcpsequence index="261" difficulty="Good luck!" values="D0B97175,E38B93CA,E038B6D0,E754B4D7,4F3B8565,2E948D89"/>
    <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
    <tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
    <times srtt="1561" rttvar="679" to="100000"/>
  </host>
  <host starttime="1341847779" endtime="1341854050">
    <status state="up" reason="echo-reply"/>
    <address addr="192.168.100.6" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub4.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="filtered" count="100">
        <extrareasons reason="no-responses" count="100"/>
      </extraports>
      <port protocol="tcp" portid="21">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ftp" product="ProFTPD" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="22">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="80">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="443">
        <state state="open" reason="syn-ack" reason_ttl="48"/>
        <service name="http" product="Apache httpd" tunnel="ssl" method="probed" conf="10"/>
        <script id="ssl-cert" output="Subject: commonName=sub4.example.comm&#10;Issuer: commonName=SSL CA/organizationName=SSL, Inc./countryName=US&#10;Public Key type: rsa&#10;Public Key bits: 2048&#10;Not valid before: 2012-06-03 22:50:03&#10;Not valid after:  2014-06-07 10:21:17&#10;MD5:   hexbits&#10;SHA-1:   hexbits"/>
      </port>
      <port protocol="udp" portid="5353">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="zeroconf" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="open" proto="tcp" portid="21"/>
      <portused state="closed" proto="tcp" portid="631"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
      <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
    </os>
    <uptime seconds="2854295" lastboot="Wed Jun  6 12:23:17 2012"/>
    <distance value="2"/>
    <tcpsequence index="264" difficulty="Good luck!" values="D5B1C96,FE5DF509,C56A40B8,DF3C5676,63A52AF7,D9A58AAE"/>
    <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
    <tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
    <times srtt="1608" rttvar="697" to="100000"/>
  </host>
  <runstats>
    <finished time="1341854092" timestr="Mon Jul  9 13:14:52 2012" elapsed="6314.31" summary="Nmap done at Mon Jul  9 13:14:52 2012; 25 IP addresses (5 hosts up) scanned in 156.31 seconds" exit="success"/>
    <hosts up="119" down="29" total="148"/>
  </runstats>
</nmaprun>

I'm iterating per host, and am having trouble with this particular attribute,

<script id="ssl-cert" output="Subject: commonName=sub4.example.comm&#10;Issuer: commonName=SSL CA/organizationName=SSL, Inc./countryName=US&#10;Public Key type: rsa&#10;Public Key bits: 2048&#10;Not valid before: 2012-06-03 22:50:03&#10;Not valid after:  2014-06-07 10:21:17&#10;MD5:   hexbits&#10;SHA-1:   hexbits"/>

UPDATE

This is the altered XSL File, I was able to finish it. Please recommend any improvements, as I'm still learning XSL.

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
    <xsl:output method="text" encoding="utf-8"/>
    <xsl:strip-space elements="*"/>
    <xsl:variable name="delimiter" select="','"/>

    <xsl:template match="/nmaprun/host">

        <xsl:value-of select="address[@addrtype='ipv4']/@addr"/>
        <xsl:value-of select="$delimiter"/>

        <xsl:apply-templates select="hostnames"/>
        <xsl:value-of select="$delimiter"/>

        <xsl:apply-templates select="os"/>
        <xsl:value-of select="$delimiter"/>

        <xsl:apply-templates select="ports"/>
        <xsl:text>&#10;</xsl:text>
    </xsl:template>


    <xsl:template match="hostnames">

        <xsl:value-of select="hostname[@type='PTR']/@name"/>
    </xsl:template>


    <xsl:template match="os">

        <xsl:value-of select="osclass[1]/@osfamily"/>
    </xsl:template>


    <xsl:template match="ports">

        <xsl:apply-templates select="port[@portid='443' and @protocol='tcp']/script[@id='ssl-cert' and @output]"/>
    </xsl:template>


    <xsl:template match="port[@portid='443' and @protocol='tcp']/script[@id='ssl-cert' and @output]">

        <xsl:variable name="vText" select="@output"/>
        <xsl:value-of select="concat(443,'_',substring-before(substring-after($vText, '&#10;Public Key type: '),'&#10;'),'_',substring-before(substring-after($vText, '&#10;Public Key bits: '),'&#10;'))"/>
    </xsl:template>

</xsl:stylesheet>

This is post-transformation output,

192.168.100.3,sub2.example.com,Linux,
192.168.100.5,sub3.example.com,Linux,
192.168.100.6,sub4.example.com,Linux,443_rsa_2048

The 443 is the @portid, which contains the script id="ssl-cert" @output.
The portid could be something other than 443, namely whatever was specified in the original scope.

The rsa is Public Key type:, which is contained in that crazy @output. Public Key type could be something other than rsa, such as dsa.

the 2048 is Public Key bits:, also contained in the @output. Additionally their could be more or less Public Key bits, than 2048.

4

1 回答 1

1

这种转变

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >
 <xsl:output method="text"/>
 <xsl:strip-space elements="*"/>

 <xsl:template match=
 "/nmaprun
    /host
      /ports
            /port
              [@portid='443'
              and @protocol='tcp']
                  /script[@id='ssl-cert' and @output]

 ">

   <xsl:variable name="vText" select="@output"/>
   <xsl:value-of select=
   "concat('rsa ',
       substring-before
           (substring-after
              (substring-after($vText, 'rsa'),
               'bits: '),
            '&#10;')
      )"
    />
 </xsl:template>
</xsl:stylesheet>

应用于提供的 XML 文档时:

<nmaprun scanner="nmap" args="nmap -sU -sS -sV -O -p T:20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157,U:53,67,69,111,123,137-138,161-162,199,705,1993,5353 -oX - 192.168.100.1 192.168.100.3 192.168.100.5 192.168.100.6 192.168.100.7 192.168.100.8 192.168.100.9 192.168.100.10 192.168.100.13 192.168.100.15 192.168.100.16 192.168.100.17 192.168.100.18 192.168.100.20 192.168.100.21 192.168.100.24 192.168.100.25" start="1341847779" startstr="Mon Jul  9 11:29:39 2012" version="5.51.6" xmloutputversion="1.03">
      <scaninfo type="syn" protocol="tcp" numservices="105" services="20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157"/>
      <scaninfo type="udp" protocol="udp" numservices="13" services="53,67,69,111,123,137-138,161-162,199,705,1993,5353"/>
      <verbose level="0"/>
      <debugging level="0"/>
      <host starttime="1341847779" endtime="1341854043">
        <status state="up" reason="echo-reply"/>
        <address addr="192.168.100.3" addrtype="ipv4"/>
        <hostnames>
          <hostname name="sub2.example.com" type="PTR"/>
        </hostnames>
        <ports>
          <extraports state="filtered" count="102">
            <extrareasons reason="no-responses" count="102"/>
          </extraports>
          <port protocol="tcp" portid="22">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
          </port>
          <port protocol="tcp" portid="80">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
          </port>
          <port protocol="tcp" portid="631">
            <state state="closed" reason="reset" reason_ttl="64"/>
            <service name="ipp" method="table" conf="3"/>
          </port>
          <port protocol="udp" portid="5353">
            <state state="open|filtered" reason="no-response" reason_ttl="0"/>
            <service name="zeroconf" method="table" conf="3"/>
          </port>
        </ports>
        <os>
          <portused state="open" proto="tcp" portid="22"/>
          <portused state="closed" proto="tcp" portid="631"/>
          <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
          <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
        </os>
        <uptime seconds="3662901" lastboot="Mon May 28 03:46:31 2012"/>
        <distance value="2"/>
        <tcpsequence index="258" difficulty="Good luck!" values="E1B9999,E6F5E488,274272DD,94D932E2,B9CF9CA8,F7C309B"/>
        <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
        <tcptssequence class="1000HZ" values="DA505426,DA50548C,DA5054F2,DA505558,DA5055BD,DA505621"/>
        <times srtt="1424" rttvar="772" to="100000"/>
      </host>
      <host starttime="1341847779" endtime="1341854075">
        <status state="up" reason="echo-reply"/>
        <address addr="192.168.100.5" addrtype="ipv4"/>
        <hostnames>
          <hostname name="sub3.example.com" type="PTR"/>
        </hostnames>
        <ports>
          <extraports state="filtered" count="100">
            <extrareasons reason="no-responses" count="100"/>
          </extraports>
          <port protocol="tcp" portid="21">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="ftp" product="ProFTPD" version="1.3.3c" ostype="Unix" method="probed" conf="10"/>
          </port>
          <port protocol="tcp" portid="22">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
          </port>
          <port protocol="tcp" portid="80">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
          </port>
          <port protocol="udp" portid="5353">
            <state state="open|filtered" reason="no-response" reason_ttl="0"/>
            <service name="zeroconf" method="table" conf="3"/>
          </port>
        </ports>
        <os>
          <portused state="open" proto="tcp" portid="21"/>
          <portused state="closed" proto="tcp" portid="631"/>
          <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
          <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
        </os>
        <uptime seconds="2854295" lastboot="Wed Jun  6 12:23:17 2012"/>
        <distance value="2"/>
        <tcpsequence index="261" difficulty="Good luck!" values="D0B97175,E38B93CA,E038B6D0,E754B4D7,4F3B8565,2E948D89"/>
        <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
        <tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
        <times srtt="1561" rttvar="679" to="100000"/>
      </host>
      <host starttime="1341847779" endtime="1341854050">
        <status state="up" reason="echo-reply"/>
        <address addr="192.168.100.6" addrtype="ipv4"/>
        <hostnames>
          <hostname name="sub4.example.com" type="PTR"/>
        </hostnames>
        <ports>
          <extraports state="filtered" count="100">
            <extrareasons reason="no-responses" count="100"/>
          </extraports>
          <port protocol="tcp" portid="21">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="ftp" product="ProFTPD" method="probed" conf="10"/>
          </port>
          <port protocol="tcp" portid="22">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
          </port>
          <port protocol="tcp" portid="80">
            <state state="open" reason="syn-ack" reason_ttl="64"/>
            <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
          </port>
          <port protocol="tcp" portid="443">
            <state state="open" reason="syn-ack" reason_ttl="48"/>
            <service name="http" product="Apache httpd" tunnel="ssl" method="probed" conf="10"/>
            <script id="ssl-cert" output="Subject: commonName=sub4.example.comm&#10;Issuer: commonName=SSL CA/organizationName=SSL, Inc./countryName=US&#10;Public Key type: rsa&#10;Public Key bits: 2048&#10;Not valid before: 2012-06-03 22:50:03&#10;Not valid after:  2014-06-07 10:21:17&#10;MD5:   hexbits&#10;SHA-1:   hexbits"/>
          </port>
          <port protocol="udp" portid="5353">
            <state state="open|filtered" reason="no-response" reason_ttl="0"/>
            <service name="zeroconf" method="table" conf="3"/>
          </port>
        </ports>
        <os>
          <portused state="open" proto="tcp" portid="21"/>
          <portused state="closed" proto="tcp" portid="631"/>
          <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
          <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
        </os>
        <uptime seconds="2854295" lastboot="Wed Jun  6 12:23:17 2012"/>
        <distance value="2"/>
        <tcpsequence index="264" difficulty="Good luck!" values="D5B1C96,FE5DF509,C56A40B8,DF3C5676,63A52AF7,D9A58AAE"/>
        <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
        <tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
        <times srtt="1608" rttvar="697" to="100000"/>
      </host>
      <runstats>
        <finished time="1341854092" timestr="Mon Jul  9 13:14:52 2012" elapsed="6314.31" summary="Nmap done at Mon Jul  9 13:14:52 2012; 25 IP addresses (5 hosts up) scanned in 156.31 seconds" exit="success"/>
        <hosts up="119" down="29" total="148"/>
      </runstats>
</nmaprun>

产生想要的正确结果:

rsa 2048
于 2012-10-01T04:55:23.957 回答