xml - XSLT 1.0、NMAP XML、変換ノード、指定された属性が最大値

Question

私は現在NMAPXMLに取り組んでおり、XSLT 1.0はいくつか改善されていますが、まだ非常に経験が浅いです。誰かが他のソリューションを検討している場合に備えて、これはXSLT1.0で実行する必要があります。私のXSLTプロセッサはXSLT1.0のみをサポートしており、perl / python / rubyNMAPXML固有のライブラリを使用できません。EXSLT関数は、LibXML/xsltprocでサポートされている必要があります。

これは有効ですが、大幅に削減/編集されたNMAPXMLの例です。

<?xml version="1.0"?>
<nmaprun scanner="nmap" args="nmap -sU -sS -sV -O -p T:20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157,U:53,67,69,111,123,137-138,161-162,199,705,1993,5353 -oX - 192.168.100.1 192.168.100.3 192.168.100.5 192.168.100.6 192.168.100.7 192.168.100.8 192.168.100.9 192.168.100.10 192.168.100.13 192.168.100.15 192.168.100.16 192.168.100.17 192.168.100.18 192.168.100.20 192.168.100.21 192.168.100.24 192.168.100.25" start="1341847779" startstr="Mon Jul  9 11:29:39 2012" version="5.51.6" xmloutputversion="1.03">
  <scaninfo type="syn" protocol="tcp" numservices="105" services="20-23,25-26,53,79-81,88,106,110-111,113,119,135-139,143-144,161-162,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,705,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,1993,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5354,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157"/>
  <scaninfo type="udp" protocol="udp" numservices="13" services="53,67,69,111,123,137-138,161-162,199,705,1993,5353"/>
  <verbose level="0"/>
  <debugging level="0"/>
  <host starttime="1341847779" endtime="1341854063">
    <status state="up" reason="reset"/>
    <address addr="192.168.100.1" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub1.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="filtered" count="103">
        <extrareasons reason="no-responses" count="103"/>
      </extraports>
      <port protocol="tcp" portid="22">
        <state state="closed" reason="reset" reason_ttl="43"/>
        <service name="ssh" method="table" conf="3"/>
      </port>
      <port protocol="tcp" portid="443">
        <state state="closed" reason="reset" reason_ttl="53"/>
        <service name="https" method="table" conf="3"/>
      </port>
      <port protocol="udp" portid="5353">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="zeroconf" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="closed" proto="tcp" portid="22"/>
      <osclass type="VoIP phone" vendor="Cisco" osfamily="embedded" accuracy="92"/>
      <osclass type="terminal" vendor="CMI" osfamily="embedded" accuracy="92"/>
      <osclass type="switch" vendor="Enterasys" osfamily="embedded" accuracy="92"/>
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="4.X" accuracy="92"/>
      <osclass type="general purpose" vendor="FreeBSD" osfamily="FreeBSD" osgen="6.X" accuracy="92"/>
      <osclass type="printer" vendor="Intermec" osfamily="embedded" accuracy="92"/>
      <osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="XP" accuracy="92"/>
      <osclass type="load balancer" vendor="Radware" osfamily="APsolute OS" osgen="10.X" accuracy="92"/>
      <osclass type="load balancer" vendor="Cisco" osfamily="embedded" accuracy="91"/>
      <osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2003" accuracy="91"/>
      <osclass type="router" vendor="Linksys" osfamily="embedded" accuracy="90"/>
      <osclass type="firewall" vendor="Nokia" osfamily="IPSO" osgen="4.X" accuracy="90"/>
      <osclass type="broadband router" vendor="Neuf" osfamily="embedded" accuracy="89"/>
      <osclass type="VoIP adapter" vendor="Avaya" osfamily="embedded" accuracy="89"/>
      <osclass type="specialized" vendor="Fuji" osfamily="Windows" osgen="XP" accuracy="89"/>
      <osclass type="printer" vendor="HP" osfamily="embedded" accuracy="89"/>
      <osclass type="general purpose" vendor="HP" osfamily="OpenVMS" osgen="7.X" accuracy="89"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="89"/>
      <osclass type="WAP" vendor="Motorola" osfamily="embedded" accuracy="89"/>
      <osclass type="firewall" vendor="Netasq" osfamily="embedded" accuracy="89"/>
      <osclass type="WAP" vendor="Orange" osfamily="embedded" accuracy="89"/>
      <osclass type="WAP" vendor="Sagem Communication" osfamily="embedded" accuracy="89"/>
      <osclass type="broadband router" vendor="Sagem Communication" osfamily="embedded" accuracy="89"/>
      <osclass type="broadband router" vendor="Thomson" osfamily="embedded" accuracy="89"/>
      <osclass type="switch" vendor="Cisco" osfamily="embedded" accuracy="89"/>
      <osclass type="switch" vendor="Cisco" osfamily="IOS" osgen="12.X" accuracy="89"/>
      <osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="2000" accuracy="89"/>
      <osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="NT" accuracy="89"/>
      <osclass type="phone" vendor="Nokia" osfamily="Symbian OS" accuracy="89"/>
      <osclass type="firewall" vendor="3Com" osfamily="embedded" accuracy="88"/>
      <osclass type="WAP" vendor="AirSpan" osfamily="embedded" accuracy="88"/>
      <osmatch name="Cisco IP Phone 7941" accuracy="92" line="9973"/>
      <osmatch name="CMI Genus NEMA terminal" accuracy="92" line="12553"/>
      <osmatch name="Enterasys Matrix E1 switch" accuracy="92" line="16101"/>
      <osmatch name="FreeBSD 4.10-RELEASE (x86)" accuracy="92" line="17037"/>
      <osmatch name="FreeBSD 6.1-RELEASE" accuracy="92" line="17563"/>
      <osmatch name="Intermec PM4i label printer" accuracy="92" line="25391"/>
      <osmatch name="Microsoft Windows XP SP3" accuracy="92" line="50241"/>
      <osmatch name="Radware OnDemand Switch 2 XL (APsolute OS 10.31)" accuracy="92" line="56138"/>
      <osmatch name="Cisco ACE load balancer" accuracy="91" line="9310"/>
      <osmatch name="Microsoft Windows Server 2003" accuracy="91" line="41896"/>
    </os>
    <distance value="2"/>
    <times srtt="1260" rttvar="454" to="100000"/>
  </host>
  <host starttime="1341847779" endtime="1341854043">
    <status state="up" reason="echo-reply"/>
    <address addr="192.168.100.3" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub2.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="filtered" count="102">
        <extrareasons reason="no-responses" count="102"/>
      </extraports>
      <port protocol="tcp" portid="22">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="80">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="631">
        <state state="closed" reason="reset" reason_ttl="64"/>
        <service name="ipp" method="table" conf="3"/>
      </port>
      <port protocol="udp" portid="5353">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="zeroconf" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="open" proto="tcp" portid="22"/>
      <portused state="closed" proto="tcp" portid="631"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
      <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
    </os>
    <uptime seconds="3662901" lastboot="Mon May 28 03:46:31 2012"/>
    <distance value="2"/>
    <tcpsequence index="258" difficulty="Good luck!" values="E1B9999,E6F5E488,274272DD,94D932E2,B9CF9CA8,F7C309B"/>
    <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
    <tcptssequence class="1000HZ" values="DA505426,DA50548C,DA5054F2,DA505558,DA5055BD,DA505621"/>
    <times srtt="1424" rttvar="772" to="100000"/>
  </host>
  <host starttime="1341847779" endtime="1341854075">
    <status state="up" reason="echo-reply"/>
    <address addr="192.168.100.5" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub3.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="filtered" count="100">
        <extrareasons reason="no-responses" count="100"/>
      </extraports>
      <port protocol="tcp" portid="21">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ftp" product="ProFTPD" version="1.3.3c" ostype="Unix" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="22">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="80">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
      </port>
      <port protocol="udp" portid="5353">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="zeroconf" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="open" proto="tcp" portid="21"/>
      <portused state="closed" proto="tcp" portid="631"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
      <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
    </os>
    <uptime seconds="2854295" lastboot="Wed Jun  6 12:23:17 2012"/>
    <distance value="2"/>
    <tcpsequence index="261" difficulty="Good luck!" values="D0B97175,E38B93CA,E038B6D0,E754B4D7,4F3B8565,2E948D89"/>
    <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
    <tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
    <times srtt="1561" rttvar="679" to="100000"/>
  </host>
  <host starttime="1341847779" endtime="1341854050">
    <status state="up" reason="echo-reply"/>
    <address addr="192.168.100.6" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub4.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="filtered" count="100">
        <extrareasons reason="no-responses" count="100"/>
      </extraports>
      <port protocol="tcp" portid="21">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ftp" product="ProFTPD" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="22">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ssh" product="OpenSSH" version="4.3" extrainfo="protocol 2.0" method="probed" conf="10"/>
      </port>
      <port protocol="tcp" portid="80">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="http" product="Apache httpd" version="2.2.3" extrainfo="(CentOS)" method="probed" conf="10"/>
      </port>
      <port protocol="udp" portid="5353">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="zeroconf" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="open" proto="tcp" portid="21"/>
      <portused state="closed" proto="tcp" portid="631"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"/>
      <osmatch name="Linux 2.6.11 - 2.6.18" accuracy="100" line="30082"/>
    </os>
    <uptime seconds="2854295" lastboot="Wed Jun  6 12:23:17 2012"/>
    <distance value="2"/>
    <tcpsequence index="264" difficulty="Good luck!" values="D5B1C96,FE5DF509,C56A40B8,DF3C5676,63A52AF7,D9A58AAE"/>
    <ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
    <tcptssequence class="1000HZ" values="AA1DFC6D,AA1DFCD3,AA1DFD39,AA1DFD9F,AA1DFE04,AA1DFE69"/>
    <times srtt="1608" rttvar="697" to="100000"/>
  </host>
  <host starttime="1341847779" endtime="1341854049">
    <status state="up" reason="echo-reply"/>
    <address addr="192.168.100.10" addrtype="ipv4"/>
    <hostnames>
      <hostname name="sub5.example.com" type="PTR"/>
    </hostnames>
    <ports>
      <extraports state="closed" count="109">
        <extrareasons reason="resets" count="100"/>
        <extrareasons reason="port-unreaches" count="9"/>
      </extraports>
      <port protocol="tcp" portid="22">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="ssh" method="table" conf="3"/>
      </port>
      <port protocol="tcp" portid="111">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="rpcbind" method="table" conf="3"/>
      </port>
      <port protocol="tcp" portid="199">
        <state state="open" reason="syn-ack" reason_ttl="64"/>
        <service name="smux" method="table" conf="3"/>
      </port>
      <port protocol="udp" portid="111">
        <state state="open" reason="udp-response" reason_ttl="64"/>
        <service name="rpcbind" method="probed" conf="10"/>
      </port>
      <port protocol="udp" portid="123">
        <state state="open" reason="udp-response" reason_ttl="64"/>
        <service name="ntp" product="NTP" version="v4" method="probed" conf="10"/>
      </port>
      <port protocol="udp" portid="161">
        <state state="open|filtered" reason="no-response" reason_ttl="0"/>
        <service name="snmp" method="table" conf="3"/>
      </port>
    </ports>
    <os>
      <portused state="open" proto="tcp" portid="22"/>
      <portused state="closed" proto="tcp" portid="20"/>
      <portused state="closed" proto="udp" portid="53"/>
      <osclass type="firewall" vendor="Cisco" osfamily="embedded" accuracy="95"/>
      <osclass type="switch" vendor="Cisco" osfamily="NX-OS" osgen="4.X" accuracy="93"/>
      <osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="91"/>
    </os>
    <distance value="2"/>
    <times srtt="529" rttvar="321" to="100000"/>
  </host>
  <runstats>
    <finished time="1341854092" timestr="Mon Jul  9 13:14:52 2012" elapsed="6314.31" summary="Nmap done at Mon Jul  9 13:14:52 2012; 25 IP addresses (5 hosts up) scanned in 156.31 seconds" exit="success"/>
    <hosts up="119" down="29" total="148"/>
  </runstats>
</nmaprun>

これを、これら3つの値のみを使用して単純なCSVに変換しようとしています。

Hostname,IP Address,OS Class

すでにスタイルシートを作成しましたが、期待どおりに機能します。os/osclass/@osfamilyまた、値がLinuxの場合にのみホストを出力するように指定したいと思います。これは私がこれまでに持っているものです、

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
  <xsl:output method="text" encoding="utf-8"/>
  <xsl:strip-space elements="*"/>
  <xsl:variable name="delimiter" select="','"/>

  <xsl:template match="/nmaprun/host">

    <xsl:if test="os/osclass[@osfamily='Linux']">
        <xsl:value-of select="hostnames/hostname/@name"/>
        <xsl:value-of select="$delimiter"/>
        <xsl:value-of select="address[@addrtype='ipv4']/@addr"/>
        <xsl:value-of select="$delimiter"/>
        <xsl:value-of select="os/osclass/@osfamily"/>
        <xsl:text>&#10;</xsl:text>
    </xsl:if>

  </xsl:template>
</xsl:stylesheet>

これは、このスタイルシートで変換された出力例です。

sub1.example.com,192.168.100.1,embedded
sub2.example.com,192.168.100.3,Linux
sub3.example.com,192.168.100.5,Linux
sub4.example.com,192.168.100.6,Linux
sub5.example.com,192.168.100.10,embedded

残念ながら、私はそれらのembeddedホストを取得していますが、原因を突き止めました。これは、ホストが複数の属性を持つことができ、要素os/osclass/@osfamilyごとに1つずつ指定できるためです。ホストごとにos/osclass1つの値のみを検討したいと思います。その値は、すべての中で最も高い値です。値の並べ替えについて読んでいますが、これをどうやって行うのかまったくわかりません。誰かが経験を持っていて、これを手伝ってくれるなら、私は最も感謝するでしょう。os/osclass/@osfamilyos/osclass@accuracyos/osclass

score 2 · Accepted Answer

os/osclass/@osfamilyホストごとに1つの値のみを検討したいと思います。そのos/osclass@accuracy値は、すべての中で最も高い値ですos/osclasss。

あなたは非常に近いです、使用してください：

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
      <xsl:output method="text" encoding="utf-8"/>
      <xsl:strip-space elements="*"/>
      <xsl:variable name="delimiter" select="','"/>

      <xsl:template match="/nmaprun/host">

        <xsl:if test=
         "os/osclass
            [@osfamily='Linux'
           and
             not(../osclass/@accuracy > @accuracy)
            ]">
            <xsl:value-of select="hostnames/hostname/@name"/>
            <xsl:value-of select="$delimiter"/>
            <xsl:value-of select="address[@addrtype='ipv4']/@addr"/>
            <xsl:value-of select="$delimiter"/>
            <xsl:value-of select="os/osclass/@osfamily"/>
            <xsl:text>&#10;</xsl:text>
        </xsl:if>
      </xsl:template>
</xsl:stylesheet>

この変換を提供されたXMLドキュメントに適用すると、結果は次のようになります。

sub2.example.com,192.168.100.3,Linux
sub3.example.com,192.168.100.5,Linux
sub4.example.com,192.168.100.6,Linux

備考：

上記の解決策はかなり非効率的です（O（N ^ 2））。

並べ替えを使用した、より効率的なソリューション（O（N * log（N）））を次に示します。

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
      <xsl:output method="text" encoding="utf-8"/>
      <xsl:strip-space elements="*"/>
      <xsl:variable name="delimiter" select="','"/>

      <xsl:template match="/nmaprun/host">
       <xsl:variable name="vMaxAccuracy">
         <xsl:for-each select="os/osclass/@accuracy">
          <xsl:sort data-type="number" order="descending"/>
          <xsl:if test="position()=1">
            <xsl:value-of select="."/>
          </xsl:if>
         </xsl:for-each>
       </xsl:variable>

        <xsl:if test=
         "os/osclass[@osfamily='Linux' and @accuracy = $vMaxAccuracy]">
            <xsl:value-of select="hostnames/hostname/@name"/>
            <xsl:value-of select="$delimiter"/>
            <xsl:value-of select="address[@addrtype='ipv4']/@addr"/>
            <xsl:value-of select="$delimiter"/>
            <xsl:value-of select="os/osclass/@osfamily"/>
            <xsl:text>&#10;</xsl:text>
        </xsl:if>
      </xsl:template>
</xsl:stylesheet>

xml - XSLT 1.0、NMAP XML、変換ノード、指定された属性が最大値

1 に答える 1

Related

Reference