vdjagilev / nmap-formatter Goto Github PK

• Add docker image (Dockerfile and other required for a build)
• Add example to the README
• Add workflow that will push docker image on tag event

Links:

• https://docs.github.com/en/actions/guides/publishing-docker-images

• Add code climate workflow
• Add code climate badge

Currently CSV outputs only hosts that have some ports opened. If there is none, there is no record for that.

The host record look like this:

[IP], "-", "-", "-", "-" ...

https://github.com/vdjagilev/nmap-formatter/runs/5994716990?check_suite_focus=true

Main issue is that it's impossible to remove temporary file on the runner

https://github.com/softprops/action-gh-release#-usage

It's better to move types closer to the package where they belong. Types package stands out in this case and needs to be moved to formatter package.

Currently spf13/cobra is used as a dependency, however app is quite simple and requires only a few features that are used.

Add TOC for easier navigation in the README.

Due to the nature of go text templates, there is a lot of blank space in markdown output. There should be way to filter output and remove unneeded spaces/newlines.

Implement github action that will do this automatically.

Possibility to use custom templates. It can be achievable via option parameters --use-template [path-to-template]

https://github.com/mvdan/github-actions-golang

on: [push, pull_request]
name: Test
jobs:
  test:
    strategy:
      matrix:
        go-version: [1.15.x, 1.16.x]
        os: [ubuntu-latest, macos-latest, windows-latest]
    runs-on: ${{ matrix.os }}
    steps:
    - name: Install Go
      uses: actions/setup-go@v2
      with:
        go-version: ${{ matrix.go-version }}
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Test
      run: go test ./...

Add build status badge.

Readme: https://docs.github.com/en/actions/managing-workflow-runs/adding-a-workflow-status-badge

![example workflow](https://github.com/<OWNER>/<REPOSITORY>/actions/workflows/<WORKFLOW_FILE>/badge.svg)

![build status](https://github.com/vdjagilev/nmap-formatter/actions/workflows/go.yml/badge.svg)

It's better to rename this option to --skip-down-hosts with default value true.

Update changelog pipeline creates broken changelog file. Needs to be removed.

Implement a possibility use dark or light mode in HTML template.

• Fix the issues reported by golint (mostly warnings about missing comments for exported structs, et cetera)
• Remove remaining TODO's
• Check for variable name consistency (config & Config in formatter structs)

Currently there is a duplicate for ports field. It should be simply Port[] instead of Ports.Port[]

Would be good to know current version of the app by running --help option or just version arg or --version flag.

Services field often contains a big list of ports which is problematic to display in markdown table (it has to be hidden using <details><summary>... html tags). Move this part in a sub-chapter, enclosing it in ``` would be better.

If there is huge output, it's better to navigate on a page using floating table of contents with anchor links.

Also add new option:

--html-floating-index, true by default.

Great project to get the data into Elastic :) One thing is bothering ES, everything is a string in the json output, even stuff like port numbers. This makes it difficult to filter stuff. Could the numeric stuff be parsed that way?

Thanks!

Update golang to 1.18

Create a wiki with more in-depth topics.

• More screenshots
• More examples where nmap-formatter is combined with tools like jq and etc.
• Custom templates
• More automation topics?
  • nse-scripts?
  • combine tools? nmap -> nmap-formatter -> jq (exctract 'http' service ports) -> nikto?
• Use as a library:
  • Simple output to stdin
  • Output as a string
  • Work with struct (based on parsed data: filter entries/do something with the data)
• Simplify readme as much as possible and add links to wiki there

It would be good if it would be possible to skip certain parts of scan output, for example:

• Summary --skip-summary=false
• Traceroute --skip-traceroute=false
• Metrics --skip-metrics=false
• Port-scripts --skip-port-scripts=false

Available only for HTML & Markdown

https://github.com/vdjagilev/nmap-formatter/blob/main/cmd/root.go#L93 args is not used anywhere

There might be more than 1 osmatch nodes.

<osmatch name="Some Linux Example" accuracy="94" line="1234"/>
<osmatch name="Another Linux Example" accuracy="89" line="4321"/>

• Add code coverage workflow
• Add badge to the readme

when running nmap-formatter nmap.xml md > nmap.md, it generates 8 columns when only 7 are identified, you can find below the output :

This will generate rendering issues when viewing mardown because tcp (protocol) would be in the state column.
You could either add protocol column or merge tcp with port like this 22/tcp

Add a possibility to read XML content from stdin. This would allow much easier piping.

nmap -A -T4 -oX - 10.10.10.100 | nmap-formatter json

TODO

• Implement support for stdin read
• Update documentation examples
• Change places for file & format arguments? (Breaking change)

Add possibility to pretty-print JSON, example:

json.MarshalIndent(struct, "", "    ") //  3-th = 4 spaces

Avoid using href links in markdown template

Add go 1.17 to the testing pipeline and binary release pipeline

Those parts needs to be covered with tests:

• Formatter package
  • Workflow
  • HTML
    • check if HTML is valid (parse without error)
    • validate if all parts exist in HTML
      • hosts
      • ports
    • check --skip* output options
  • Markdown
    • parses without error
    • hosts
    • ports
  • JSON
  • CSV
    • Check if hosts that are down skipped by default
    • Check with --skip-down-hosts=false if down hosts are not skipped
• cmd
  • arguments check
  • run
  • validation
• Fix github actions workflow (run all tests via: go test ./... -count=1 -v)

How to use this tool with jq (show hosts that are up, show only http service ports, show only filtered ports, count ports for each host, et cetera)

Add a possibility to pass multiple nmap XML files

nmap-formatter json file1.xml file2.xml ...

For each type json, md, html or csv, there should be an output option 'prefix'.
For example:

--skip-summary should be --html-skip-summary and --md-skip-summary.

https://github.com/golangci/golangci-lint-action

Add a possibility to pass custom variables for custom templates.

Example:

--x-opt "foo=${bar}"

Then this value can be used in a custom template like this:

Some custom variables:

<ul>
  <li><b>Foo value:</b> {{.custom.foo}}</li>
</ul>

This could be used in automated environments (pipelines?) to pass some values to the custom templates.

Can be implemented only after #23

https://github.com/marketplace/actions/release-drafter

In order to access parent scope in templates, variables are used. It is possible to access parent scope via $.Parent.Name

https://docs.codeclimate.com/docs/github-actions-test-coverage

• Add examples with pages (sheets) for each host
• Add charts picture for stats sheet

https://github.com/qax-os/excelize

https://github.com/tealeg/xlsx

It would be good if this repository could be used as a library to parse nmap xml output. For this purpose 2 things must be accomplished:

• Create examples in readme on how to use the library
• Refactor the code in a way that allows easily to use the library