diff options
Diffstat (limited to 'ndiff/docs/ndiff.dtd')
| -rw-r--r-- | ndiff/docs/ndiff.dtd | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/ndiff/docs/ndiff.dtd b/ndiff/docs/ndiff.dtd new file mode 100644 index 0000000..087ab33 --- /dev/null +++ b/ndiff/docs/ndiff.dtd @@ -0,0 +1,139 @@ +<!-- +DTD for the Ndiff XML output format. +David Fifield <david@bamsoftware.com> + +Ndiff XML output is similar to Nmap XML output. Inside of the root +nmapdiff element, the scandiff element represents a single diff of two +scans. Inside scandiff, host differences are within hostdiff elements +and port differences are within portdiff elements. These may appear +anywhere where host and port elements would appear, respectively. + +Within a hostdiff or portdiff, differences are shown with a and b +elements, which show the state of things in the A and B +scan, respectively. These elements can appear most places in the output. + +The output may contain hosts and ports that haven't changed. These are +stored in normal host and port elements. + +Examples: +A host in the A scan but not in the B scan. + <hostdiff> + <a> + <host>...</host> + </a> + </hostdiff> +A host in the B scan but not in the A scan. + <hostdiff> + <b> + <host>...</host> + </b> + </hostdiff> +A host that gained a hostname and had a port change state. Port 22 is +unchanged. + <hostdiff> + <host> + <hostnames> + <hostname name="abc.example.com/> + <b> + <hostname name="xyz.example.com/> + </b> + </hostnames> + <ports> + <portdiff> + <a> + <port portid="10" protocol="tcp"> + <state state="open"/> + </port> + </a> + <b> + <port portid="10" protocol="tcp"> + <state state="closed"/> + </port> + </b> + <port portid="22" protocol="tcp"> + <state state="open"/> + </port> + </portdiff> + </ports> + </host> + </hostdiff> +--> + +<!-- Parameter entities defining "data types" used in the rest of the + DTD. --> +<!ENTITY % host-state "(unknown | up | down)"> +<!ENTITY % address-type "(ipv4 | ipv6 | mac)"> +<!ENTITY % protocol "(ip | tcp | udp)"> +<!ENTITY % port-state "CDATA"> + +<!ELEMENT nmapdiff (scandiff)> +<!-- The current version is "1". Lack of a version attribute indicates +version 0, which was rather different. --> +<!ATTLIST nmapdiff version CDATA #IMPLIED> + +<!ELEMENT scandiff (prescript | hostdiff | host | postscript | (a, b?) | b)*> + +<!ELEMENT nmaprun EMPTY> +<!ATTLIST nmaprun + scanner CDATA #REQUIRED + args CDATA #IMPLIED + start CDATA #IMPLIED + startstr CDATA #IMPLIED + version CDATA #REQUIRED> + +<!ELEMENT prescript (script* | (a, b?) | b)> +<!ELEMENT postscript (script* | (a, b?) | b)> + +<!ELEMENT hostdiff (host | (a, b?) | b)> + +<!ELEMENT host (status | address | hostnames | ports | os | hostscript | a | b)*> + +<!ELEMENT status EMPTY> +<!ATTLIST status state %host-state; #REQUIRED> + +<!ELEMENT hostnames (hostname | a | b)*> + +<!ELEMENT address EMPTY> +<!ATTLIST address addr CDATA #REQUIRED + addrtype %address-type; "ipv4"> + +<!ELEMENT hostname EMPTY> +<!ATTLIST hostname name CDATA #REQUIRED> + +<!ELEMENT ports ((extraports* | (a, b))?, (portdiff | port)*)> + + +<!ELEMENT portdiff (port | (a, b?) | b)> + +<!ELEMENT extraports EMPTY> +<!ATTLIST extraports state %port-state; #REQUIRED + count CDATA #REQUIRED> + +<!ELEMENT port (state | service | script | a | b)*> +<!ATTLIST port protocol %protocol; #REQUIRED + portid CDATA #REQUIRED> + +<!ELEMENT state EMPTY> +<!ATTLIST state state %port-state; #REQUIRED> + +<!ELEMENT service EMPTY> +<!ATTLIST service name CDATA #IMPLIED + product CDATA #IMPLIED + version CDATA #IMPLIED + extrainfo CDATA #IMPLIED + tunnel CDATA #IMPLIED> + +<!ELEMENT script EMPTY> +<!ATTLIST script id CDATA #REQUIRED + output CDATA #REQUIRED> + +<!ELEMENT os (osmatch | a | b)*> + +<!ELEMENT osmatch EMPTY> +<!ATTLIST osmatch name CDATA #REQUIRED> + +<!ELEMENT hostscript (script | a | b)*> + +<!ENTITY % diff-elem "(nmaprun | prescript | postscript | host | status | address | hostname | extraports* | port | state | service | script | os | osmatch* | hostscript)"> +<!ELEMENT a %diff-elem;> +<!ELEMENT b %diff-elem;> |