XSLT 1.0, NMAP XML, Transform node, whose specified attribute is the highest value
https://stackoverflow.com/questions/12132616
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
I'm currently working on NMAP XML, and while my XSLT 1.0 has improved some, I'm still very inexperienced. Just in case anyone is considering other solutions, This must be done with XSLT 1.0. My XSLT Processor only supports XSLT 1.0, and I'm unable to use any of the perl/python/ruby NMAP XML specific libraries. Any EXSLT functions must be supported by LibXML/xsltproc.
This is a valid, but significantly reduced/redacted NMAP XML example.
<?xml version="1.0"?>
<nmaprun scanner="nmap" args="nmap -sU -sS -sV -O -p T:20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157,U:53,67,69,111,123,137-138,161-162,199,705,1993,5353 -oX - 192.168.100.1 192.168.100.3 192.168.100.5 192.168.100.6 192.168.100.7 192.168.100.8 192.168.100.9 192.168.100.10 192.168.100.13 192.168.100.15 192.168.100.16 192.168.100.17 192.168.100.18 192.168.100.20 192.168.100.21 192.168.100.24 192.168.100.25" start="1341847779" startstr="Mon Jul 9 11:29:39 2012" version="5.51.6" xmloutputversion="1.03">
<scaninfo type="syn" protocol="tcp" numservices="105" services="20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157"/>
<scaninfo type="udp" protocol="udp" numservices="13" services="53,67,69,111,123,137-138,161-162,199,705,1993,5353"/>
<verbose level="0"/>
<debugging level="0"/>
<host starttime="1341847779" endtime="1341854063">
<status state="up" reason="reset"/>
<address addr="192.168.100.1" addrtype="ipv4"/>
<hostnames>
<hostname name="sub1.example.com" type="PTR"/>
</hostnames>
<ports>
<extraports state="filtered" count="103">
<extrareasons reason="no-responses" count="103"/>
</extraports>
<port protocol="tcp" portid="22">
<state state="closed" reason="reset" reason_ttl="43"/>
<service name="ssh" method="table" conf="3"/>
</port>
<port protocol="tcp" portid="443">
<state state="closed" reason="reset" reason_ttl="53"/>
<service name="https" method="table" conf="3"/>
</port>
<port protocol="udp" portid="5353">
<state state="open|filtered" reason="no-response" reason_ttl="0"/>
<service name="zeroconf" method="table" conf="3"/>
</port>
</ports>
<os>
<portused state="closed" proto="tcp" portid="22"/>
<osclass type="VoIP phone" vendor="Cisco" osfamily="embedded" accuracy="92"/>
<osclass type="terminal" vendor="CMI" osfamily="embedded" accuracy="92"/>
<osclass type="switch" vendor="Enterasys" osfamily="embedded" accuracy="92"/>
<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="4.X" accuracy="92"/>
<osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="92"/>
<osclass type="printer" vendor="Intermec" osfamily="embedded" accuracy="92"/>
<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="92"/>
<osclass type="load balancer" vendor="Radware" osfamily="APsolute OS" osgen="10.X" accuracy="92"/>
<osclass type="load balancer" vendor="Cisco" osfamily="embedded" accuracy="91"/>
<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="91"/>
<osclass type="router" vendor="Linksys" osfamily="embedded" accuracy="90"/>
<osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="90"/>
<osclass type="broadband router" vendor="Neuf" osfamily="embedded" accuracy="89"/>
<osclass type="VoIP adapter" vendor="Avaya" osfamily="embedded" accuracy="89"/>
<osclass type="specialized" vendor="Fuji" osfamily="Windows" osgen="XP" accuracy="89"/>
<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="89"/>
<osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="89"/>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="89"/>
<osclass type="WAP" vendor="Motorola" osfamily="embedded" accuracy="89"/>
<osclass type="firewall" vendor="Netasq" osfamily="embedded" accuracy="89"/>
<osclass type="WAP" vendor="Orange" osfamily="embedded" accuracy="89"/>
<osclass type="WAP" vendor="Sagem Communication" osfamily="embedded" accuracy="89"/>
<osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="89"/>
<osclass type="broadband router" vendor="Thomson" osfamily="embedded" accuracy="89"/>
<osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="89"/>
<osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89"/>
<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="89"/>
<osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="NT" accuracy="89"/>
<osclass type="phone" vendor="Nokia" osfamily="Symbian OS" accuracy="89"/>
<osclass type="firewall" vendor="3Com" osfamily="embedded" accuracy="88"/>
<osclass type="WAP" vendor="AirSpan" osfamily="embedded" accuracy="88"/>
<osmatch name="Cisco IP Phone 7941" accuracy="92" line="9973"/>
<osmatch name="CMI Genus NEMA terminal" accuracy="92" line="12553"/>
<osmatch name="Enterasys Matrix E1 switch" accuracy="92" line="16101"/>
<osmatch name="FreeBSD 4.10-RELEASE (x86)" accuracy="92" line="17037"/>
<osmatch name="FreeBSD 6.1-RELEASE" accuracy="92" line="17563"/>
<osmatch name="Intermec PM4i label printer" accuracy="92" line="25391"/>
<osmatch name="Microsoft Windows XP SP3" accuracy="92" line="50241"/>
<osmatch name="Radware OnDemand Switch 2 XL (APsolute OS 10.31)" accuracy="92" line="56138"/>
<osmatch name="Cisco ACE load balancer" accuracy="91" line="9310"/>
<osmatch name="Microsoft Windows Server 2003" accuracy="91" line="41896"/>
</os>
<distance value="2"/>
<times srtt="1260" rttvar="454" to="100000"/>
</host>
<host starttime="1341847779" endtime="1341854043">
<status state="up" reason="echo-reply"/>
<address addr="192.168.100.3" addrtype="ipv4"/>
<hostnames>
<hostname name="sub2.example.com" type="PTR"/>
</hostnames>
<ports>
<extraports state="filtered" count="102">
<extrareasons reason="no-responses" count="102"/>
</extraports>
<port protocol="tcp" portid="22">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
</port>
<port protocol="tcp" portid="80">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
</port>
<port protocol="tcp" portid="631">
<state state="closed" reason="reset" reason_ttl="64"/>
<service name="ipp" method="table" conf="3"/>
</port>
<port protocol="udp" portid="5353">
<state state="open|filtered" reason="no-response" reason_ttl="0"/>
<service name="zeroconf" method="table" conf="3"/>
</port>
</ports>
<os>
<portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="631"/>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
<osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
</os>
<uptime seconds="3662901" lastboot="Mon May 28 03:46:31 2012"/>
<distance value="2"/>
<tcpsequence index="258" difficulty="Good luck!" values="E1B9999,E6F5E488,274272DD,94D932E2,B9CF9CA8,F7C309B"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="DA505426,DA50548C,DA5054F2,DA505558,DA5055BD,DA505621"/>
<times srtt="1424" rttvar="772" to="100000"/>
</host>
<host starttime="1341847779" endtime="1341854075">
<status state="up" reason="echo-reply"/>
<address addr="192.168.100.5" addrtype="ipv4"/>
<hostnames>
<hostname name="sub3.example.com" type="PTR"/>
</hostnames>
<ports>
<extraports state="filtered" count="100">
<extrareasons reason="no-responses" count="100"/>
</extraports>
<port protocol="tcp" portid="21">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="ftp" product="ProFTPD" version="1.3.3c" ostype="Unix" method="probed" conf="10"/>
</port>
<port protocol="tcp" portid="22">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
</port>
<port protocol="tcp" portid="80">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
</port>
<port protocol="udp" portid="5353">
<state state="open|filtered" reason="no-response" reason_ttl="0"/>
<service name="zeroconf" method="table" conf="3"/>
</port>
</ports>
<os>
<portused state="open" proto="tcp" portid="21"/>
<portused state="closed" proto="tcp" portid="631"/>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
<osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
</os>
<uptime seconds="2854295" lastboot="Wed Jun 6 12:23:17 2012"/>
<distance value="2"/>
<tcpsequence index="261" difficulty="Good luck!" values="D0B97175,E38B93CA,E038B6D0,E754B4D7,4F3B8565,2E948D89"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
<times srtt="1561" rttvar="679" to="100000"/>
</host>
<host starttime="1341847779" endtime="1341854050">
<status state="up" reason="echo-reply"/>
<address addr="192.168.100.6" addrtype="ipv4"/>
<hostnames>
<hostname name="sub4.example.com" type="PTR"/>
</hostnames>
<ports>
<extraports state="filtered" count="100">
<extrareasons reason="no-responses" count="100"/>
</extraports>
<port protocol="tcp" portid="21">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="ftp" product="ProFTPD" method="probed" conf="10"/>
</port>
<port protocol="tcp" portid="22">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
</port>
<port protocol="tcp" portid="80">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
</port>
<port protocol="udp" portid="5353">
<state state="open|filtered" reason="no-response" reason_ttl="0"/>
<service name="zeroconf" method="table" conf="3"/>
</port>
</ports>
<os>
<portused state="open" proto="tcp" portid="21"/>
<portused state="closed" proto="tcp" portid="631"/>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
<osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
</os>
<uptime seconds="2854295" lastboot="Wed Jun 6 12:23:17 2012"/>
<distance value="2"/>
<tcpsequence index="264" difficulty="Good luck!" values="D5B1C96,FE5DF509,C56A40B8,DF3C5676,63A52AF7,D9A58AAE"/>
<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
<tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
<times srtt="1608" rttvar="697" to="100000"/>
</host>
<host starttime="1341847779" endtime="1341854049">
<status state="up" reason="echo-reply"/>
<address addr="192.168.100.10" addrtype="ipv4"/>
<hostnames>
<hostname name="sub5.example.com" type="PTR"/>
</hostnames>
<ports>
<extraports state="closed" count="109">
<extrareasons reason="resets" count="100"/>
<extrareasons reason="port-unreaches" count="9"/>
</extraports>
<port protocol="tcp" portid="22">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="ssh" method="table" conf="3"/>
</port>
<port protocol="tcp" portid="111">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="rpcbind" method="table" conf="3"/>
</port>
<port protocol="tcp" portid="199">
<state state="open" reason="syn-ack" reason_ttl="64"/>
<service name="smux" method="table" conf="3"/>
</port>
<port protocol="udp" portid="111">
<state state="open" reason="udp-response" reason_ttl="64"/>
<service name="rpcbind" method="probed" conf="10"/>
</port>
<port protocol="udp" portid="123">
<state state="open" reason="udp-response" reason_ttl="64"/>
<service name="ntp" product="NTP" version="v4" method="probed" conf="10"/>
</port>
<port protocol="udp" portid="161">
<state state="open|filtered" reason="no-response" reason_ttl="0"/>
<service name="snmp" method="table" conf="3"/>
</port>
</ports>
<os>
<portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="20"/>
<portused state="closed" proto="udp" portid="53"/>
<osclass type="firewall" vendor="Cisco" osfamily="embedded" accuracy="95"/>
<osclass type="switch" vendor="Cisco" osfamily="NX-OS" osgen="4.X" accuracy="93"/>
<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="91"/>
</os>
<distance value="2"/>
<times srtt="529" rttvar="321" to="100000"/>
</host>
<runstats>
<finished time="1341854092" timestr="Mon Jul 9 13:14:52 2012" elapsed="6314.31" summary="Nmap done at Mon Jul 9 13:14:52 2012; 25 IP addresses (5 hosts up) scanned in 156.31 seconds" exit="success"/>
<hosts up="119" down="29" total="148"/>
</runstats>
</nmaprun>
I'm attempting to transform this into a simple CSV, with only these three values,
Hostname,IP Address,OS Class
I've already created a stylesheet, and it works as expected. I'd also like to specify, only output a host if os/osclass/@osfamily value is Linux. This is what I have so far,
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="text" encoding="utf-8"/>
<xsl:strip-space elements="*"/>
<xsl:variable name="delimiter" select="','"/>
<xsl:template match="/nmaprun/host">
<xsl:if test="os/osclass[@osfamily='Linux']">
<xsl:value-of select="hostnames/hostname/@name"/>
<xsl:value-of select="$delimiter"/>
<xsl:value-of select="address[@addrtype='ipv4']/@addr"/>
<xsl:value-of select="$delimiter"/>
<xsl:value-of select="os/osclass/@osfamily"/>
<xsl:text> </xsl:text>
</xsl:if>
</xsl:template>
</xsl:stylesheet>
This is the example output, transformed with this stylesheet,
sub1.example.com,192.168.100.1,embedded
sub2.example.com,192.168.100.3,Linux
sub3.example.com,192.168.100.5,Linux
sub4.example.com,192.168.100.6,Linux
sub5.example.com,192.168.100.10,embedded
Unfortunately I'm getting those embedded hosts, but I've figured out the cause.
It's because a host can have multiple os/osclass/@osfamily attributes, one specified for each os/osclass element. I'd like to consider only one os/osclass/@osfamily value per host, whose os/osclass@accuracy value is the highest of all os/osclasss. I'm really not sure how to go about this at all, although I have been reading about sorting values. If anyone has experience, and can help me with this, I would be most appreciative.
Soluzione
I'd like to consider only one
os/osclass/@osfamilyvalue per host, whoseos/osclass@accuracyvalue is the highest of allos/osclasss.
You are very close, use:
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="text" encoding="utf-8"/>
<xsl:strip-space elements="*"/>
<xsl:variable name="delimiter" select="','"/>
<xsl:template match="/nmaprun/host">
<xsl:if test=
"os/osclass
[@osfamily='Linux'
and
not(../osclass/@accuracy > @accuracy)
]">
<xsl:value-of select="hostnames/hostname/@name"/>
<xsl:value-of select="$delimiter"/>
<xsl:value-of select="address[@addrtype='ipv4']/@addr"/>
<xsl:value-of select="$delimiter"/>
<xsl:value-of select="os/osclass/@osfamily"/>
<xsl:text> </xsl:text>
</xsl:if>
</xsl:template>
</xsl:stylesheet>
When this transformation is applied to the provided XML document, the result now is:
sub2.example.com,192.168.100.3,Linux
sub3.example.com,192.168.100.5,Linux
sub4.example.com,192.168.100.6,Linux
Remark:
The above solution is rather inefficient (O(N^2)).
Here is a more efficient solution (O(N*log(N))), using sorting:
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="text" encoding="utf-8"/>
<xsl:strip-space elements="*"/>
<xsl:variable name="delimiter" select="','"/>
<xsl:template match="/nmaprun/host">
<xsl:variable name="vMaxAccuracy">
<xsl:for-each select="os/osclass/@accuracy">
<xsl:sort data-type="number" order="descending"/>
<xsl:if test="position()=1">
<xsl:value-of select="."/>
</xsl:if>
</xsl:for-each>
</xsl:variable>
<xsl:if test=
"os/osclass[@osfamily='Linux' and @accuracy = $vMaxAccuracy]">
<xsl:value-of select="hostnames/hostname/@name"/>
<xsl:value-of select="$delimiter"/>
<xsl:value-of select="address[@addrtype='ipv4']/@addr"/>
<xsl:value-of select="$delimiter"/>
<xsl:value-of select="os/osclass/@osfamily"/>
<xsl:text> </xsl:text>
</xsl:if>
</xsl:template>
</xsl:stylesheet>
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
