logstash-codec-nmap 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/logstash/codecs/nmap.rb +115 -59
- data/logstash-codec-nmap.gemspec +1 -1
- data/spec/fixtures/scanme_traceroute.xml +46 -0
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 143adb46a1b2feaab1d6044904306db059bf9926
|
|
4
|
+
data.tar.gz: d8702c4591629eb9132e5240dce2ad2d5384f00d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d8218521bb1492e7a218b1112b17f309a579f21379b04a3bcfc8a4eec678a9e46ecb18ece60c56e25d2fe6b3692850f7e5fe3a4cf2185e804d154d6087ae268
|
|
7
|
+
data.tar.gz: ebf1d0a5f9ba96cec647c10210be09ffff9ab665e54af0b0884f08930bec505c74356cd1c3b00473a74458632b3da2ed63eb68e028919776f74a85a118c421e1
|
data/lib/logstash/codecs/nmap.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# encoding: utf-8
|
|
2
2
|
require "logstash/codecs/base"
|
|
3
3
|
require "nmap/xml"
|
|
4
|
+
require 'securerandom'
|
|
4
5
|
|
|
5
6
|
# This codec may be used to decode (via inputs) only.
|
|
6
7
|
# It decodes nmap generated XML and outputs each host as its own event
|
|
@@ -8,6 +9,13 @@ require "nmap/xml"
|
|
|
8
9
|
class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
9
10
|
config_name "nmap"
|
|
10
11
|
|
|
12
|
+
# Emit all host data as a nested document (including ports + traceroutes) with the type 'nmap_fullscan'
|
|
13
|
+
config :emit_hosts, :validate => :boolean, :default => true
|
|
14
|
+
# Emit each port as a separate document with type 'nmap_port'
|
|
15
|
+
config :emit_ports, :validate => :boolean, :default => true
|
|
16
|
+
# Emit each hop_tuple of the traceroute with type 'nmap_traceroute_link'
|
|
17
|
+
config :emit_traceroute_links, :validate => :boolean, :default => true
|
|
18
|
+
|
|
11
19
|
public
|
|
12
20
|
def register
|
|
13
21
|
end
|
|
@@ -15,13 +23,57 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
15
23
|
public
|
|
16
24
|
def decode(data)
|
|
17
25
|
xml = Nmap::XML.parse(data)
|
|
18
|
-
|
|
19
|
-
|
|
26
|
+
scan_id = SecureRandom.uuid
|
|
27
|
+
|
|
28
|
+
xml.hosts.each_with_index do |host,idx|
|
|
29
|
+
# Convert the host to a 'base' host event
|
|
30
|
+
# This will be used for the later port/hop types
|
|
31
|
+
base = hashify_host(host, xml)
|
|
32
|
+
|
|
33
|
+
# Add some scanner-wide attributes
|
|
34
|
+
base['arguments'] = xml.scanner.arguments
|
|
35
|
+
base['version'] = xml.scanner.version
|
|
36
|
+
base['scan_id'] = scan_id
|
|
37
|
+
|
|
38
|
+
# Pull out the detail
|
|
39
|
+
ports = host.ports.map {|p| hashify_port(p)}
|
|
40
|
+
traceroute = hashify_traceroute(host.traceroute)
|
|
41
|
+
|
|
42
|
+
scan_host_id = scan_id + "-h#{idx}"
|
|
43
|
+
|
|
44
|
+
if @emit_ports && ports
|
|
45
|
+
ports.each.with_index do |port,idx|
|
|
46
|
+
yield LogStash::Event.new(base.merge(
|
|
47
|
+
'type' => 'nmap_port',
|
|
48
|
+
'port' => port,
|
|
49
|
+
'scan_host_id' => scan_host_id,
|
|
50
|
+
'id' => scan_host_id+"-p#{idx}"
|
|
51
|
+
))
|
|
52
|
+
end
|
|
53
|
+
end
|
|
20
54
|
|
|
21
|
-
|
|
22
|
-
|
|
55
|
+
if @emit_traceroute_links && traceroute && (hops = traceroute['hops'])
|
|
56
|
+
hops.each_with_index do |hop,idx|
|
|
57
|
+
next_hop = hops[idx+1]
|
|
58
|
+
yield LogStash::Event.new(base.merge(
|
|
59
|
+
'type' =>'nmap_traceroute_link',
|
|
60
|
+
'from' => hop,
|
|
61
|
+
'to' => next_hop,
|
|
62
|
+
'rtt_diff' => (next_hop ? next_hop['rtt'] - hop['rtt'] : nil),
|
|
63
|
+
'scan_host_id' => scan_host_id,
|
|
64
|
+
'id' => scan_host_id+"-tl#{idx}"
|
|
65
|
+
))
|
|
66
|
+
end
|
|
67
|
+
end
|
|
23
68
|
|
|
24
|
-
|
|
69
|
+
if @emit_hosts
|
|
70
|
+
yield LogStash::Event.new(base.merge(
|
|
71
|
+
'type' => 'nmap_host',
|
|
72
|
+
'ports' => ports,
|
|
73
|
+
'traceroute' => traceroute,
|
|
74
|
+
'id' => scan_host_id
|
|
75
|
+
))
|
|
76
|
+
end
|
|
25
77
|
end
|
|
26
78
|
rescue StandardError => e
|
|
27
79
|
@logger.warn("An unexpected error occurred parsing nmap XML",
|
|
@@ -31,38 +83,36 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
31
83
|
:backtrace => e.backtrace)
|
|
32
84
|
end
|
|
33
85
|
|
|
34
|
-
def
|
|
86
|
+
def hashify_host(host, xml)
|
|
35
87
|
scan_start = timeify(xml.scanner.start_time)
|
|
36
88
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
89
|
+
h = {}
|
|
90
|
+
h['start_time'] = timeify(host.start_time, scan_start)
|
|
91
|
+
h['end_time'] = timeify(host.end_time, scan_start)
|
|
40
92
|
|
|
41
93
|
# These two are actually different.
|
|
42
94
|
# Address may contain a MAC, addresses will not AFAICT
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
event
|
|
95
|
+
h['addresses'] = hashify_structs(host.addresses)
|
|
96
|
+
h['address'] = host.address # str
|
|
97
|
+
|
|
98
|
+
h['ip'] = host.ip # str
|
|
99
|
+
h['ipv4'] = host.ipv4 # str
|
|
100
|
+
h['ipv6'] = host.ipv6 # str
|
|
101
|
+
h['mac'] = host.mac # str
|
|
102
|
+
h['status'] = hashify_status(host.status)
|
|
103
|
+
h['hostname'] = hashify_hostname(host.hostname)
|
|
104
|
+
h['uptime'] = hashify_uptime(host.uptime)
|
|
105
|
+
h['os'] = hashify_os(host.os)
|
|
106
|
+
|
|
107
|
+
h
|
|
58
108
|
end
|
|
59
109
|
|
|
60
110
|
def hashify_status(status)
|
|
61
111
|
return unless status
|
|
62
112
|
|
|
63
113
|
{
|
|
64
|
-
'state'
|
|
65
|
-
'reason'
|
|
114
|
+
'state' => status.state.to_s, # str
|
|
115
|
+
'reason' => status.reason # str
|
|
66
116
|
}
|
|
67
117
|
end
|
|
68
118
|
|
|
@@ -70,8 +120,8 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
70
120
|
return unless hostname
|
|
71
121
|
|
|
72
122
|
{
|
|
73
|
-
'name'
|
|
74
|
-
'type'
|
|
123
|
+
'name' => hostname.name, # str
|
|
124
|
+
'type' => hostname.type, # str
|
|
75
125
|
}
|
|
76
126
|
end
|
|
77
127
|
|
|
@@ -79,10 +129,10 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
79
129
|
return unless os
|
|
80
130
|
|
|
81
131
|
{
|
|
82
|
-
'ports_used'
|
|
83
|
-
'fingerprint'
|
|
84
|
-
'classes'
|
|
85
|
-
'matches'
|
|
132
|
+
'ports_used' => os.ports_used,
|
|
133
|
+
'fingerprint' => os.fingerprint,
|
|
134
|
+
'classes' => hashify_os_matches(os.classes),
|
|
135
|
+
'matches' => hashify_structs(os_matches)
|
|
86
136
|
}
|
|
87
137
|
end
|
|
88
138
|
|
|
@@ -91,11 +141,11 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
91
141
|
|
|
92
142
|
classes.each do |klass|
|
|
93
143
|
{
|
|
94
|
-
'type'
|
|
95
|
-
'vendor'
|
|
96
|
-
'family'
|
|
97
|
-
'gen'
|
|
98
|
-
'accuracy'
|
|
144
|
+
'type' => klass.type.to_s, # returned as sym originally
|
|
145
|
+
'vendor' => klass.vendor.to_s,
|
|
146
|
+
'family' => klass.family.to_s,
|
|
147
|
+
'gen' => klass.gen.to_s,
|
|
148
|
+
'accuracy' => klass.accuracy # int
|
|
99
149
|
}
|
|
100
150
|
end
|
|
101
151
|
end
|
|
@@ -104,8 +154,8 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
104
154
|
return unless uptime
|
|
105
155
|
|
|
106
156
|
{
|
|
107
|
-
'seconds'
|
|
108
|
-
'last_boot'
|
|
157
|
+
'seconds' => uptime.seconds,
|
|
158
|
+
'last_boot' => timeify(uptime.last_boot)
|
|
109
159
|
}
|
|
110
160
|
end
|
|
111
161
|
|
|
@@ -113,15 +163,15 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
113
163
|
return unless service
|
|
114
164
|
|
|
115
165
|
{
|
|
116
|
-
'name'
|
|
117
|
-
'ssl'
|
|
118
|
-
'protocol'
|
|
119
|
-
'product'
|
|
120
|
-
'hostname'
|
|
121
|
-
'device_type'
|
|
122
|
-
'fingerprint_method'
|
|
123
|
-
'fingerprint'
|
|
124
|
-
'confidence'
|
|
166
|
+
'name' => service.name,
|
|
167
|
+
'ssl' => service.ssl?,
|
|
168
|
+
'protocol' => service.protocol,
|
|
169
|
+
'product' => service.product,
|
|
170
|
+
'hostname' => service.hostname, # This is just a string
|
|
171
|
+
'device_type' => service.device_type,
|
|
172
|
+
'fingerprint_method' => service.fingerprint_method.to_s,
|
|
173
|
+
'fingerprint' => service.fingerprint,
|
|
174
|
+
'confidence' => service.confidence
|
|
125
175
|
}
|
|
126
176
|
end
|
|
127
177
|
|
|
@@ -129,11 +179,11 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
129
179
|
return unless port
|
|
130
180
|
|
|
131
181
|
{
|
|
132
|
-
'number'
|
|
133
|
-
'reason'
|
|
134
|
-
'protocol'
|
|
135
|
-
'service'
|
|
136
|
-
'state'
|
|
182
|
+
'number' => port.number,
|
|
183
|
+
'reason' => port.reason,
|
|
184
|
+
'protocol' => port.protocol.to_s,
|
|
185
|
+
'service' => hashify_service(port.service),
|
|
186
|
+
'state' => port.state.to_s
|
|
137
187
|
}
|
|
138
188
|
end
|
|
139
189
|
|
|
@@ -141,13 +191,14 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
141
191
|
return unless traceroute
|
|
142
192
|
|
|
143
193
|
{
|
|
144
|
-
'port'
|
|
145
|
-
'protocol'
|
|
194
|
+
'port' => traceroute.port, # int
|
|
195
|
+
'protocol' => traceroute.protocol.to_s,
|
|
146
196
|
'hops' => traceroute.map.with_index do |hop, idx|
|
|
147
197
|
{
|
|
148
|
-
'address'
|
|
149
|
-
'hostname'
|
|
150
|
-
'ttl'
|
|
198
|
+
'address' => hop.addr, # str
|
|
199
|
+
'hostname' => hop.host, # str
|
|
200
|
+
'ttl' => hop.ttl.to_i, # int
|
|
201
|
+
'rtt' => hop.rtt.to_i, # int
|
|
151
202
|
'index' => idx # int (for searching by distance)
|
|
152
203
|
}
|
|
153
204
|
end
|
|
@@ -166,7 +217,6 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
166
217
|
value.is_a?(Symbol) ? value.to_s : value
|
|
167
218
|
end
|
|
168
219
|
|
|
169
|
-
|
|
170
220
|
EPOCH = LogStash::Timestamp.new(Time.at(0))
|
|
171
221
|
def timeify(time, default=nil)
|
|
172
222
|
timestamp = time ? LogStash::Timestamp.new(time) : nil
|
|
@@ -178,4 +228,10 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
|
|
|
178
228
|
end
|
|
179
229
|
end
|
|
180
230
|
|
|
231
|
+
# Some strings have quoted values, we may want to remove leading/trailing quotes
|
|
232
|
+
def dequote(str)
|
|
233
|
+
return nil unless str
|
|
234
|
+
str.gsub(/\A"|"\Z/, '')
|
|
235
|
+
end
|
|
236
|
+
|
|
181
237
|
end
|
data/logstash-codec-nmap.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-codec-nmap'
|
|
4
|
-
s.version = '0.0.
|
|
4
|
+
s.version = '0.0.6'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "This codec may be used to decode Nmap XML"
|
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
+
<!DOCTYPE nmaprun>
|
|
3
|
+
<?xml-stylesheet href="file:///usr/local/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
|
|
4
|
+
<!-- Nmap 7.01 scan initiated Sun Jan 17 11:19:16 2016 as: nmap -tr -oX - scanme.netmap.org -->
|
|
5
|
+
<nmaprun scanner="nmap" args="nmap -tr -oX - scanme.netmap.org" start="1453051156" startstr="Sun Jan 17 11:19:16 2016" version="7.01" xmloutputversion="1.04">
|
|
6
|
+
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
|
|
7
|
+
<verbose level="0"/>
|
|
8
|
+
<debugging level="0"/>
|
|
9
|
+
<taskprogress task="SYN Stealth Scan" time="1453051160" percent="74.30" remaining="2" etc="1453051161"/>
|
|
10
|
+
<taskprogress task="SYN Stealth Scan" time="1453051161" percent="85.85" remaining="1" etc="1453051162"/>
|
|
11
|
+
<taskprogress task="SYN Stealth Scan" time="1453051161" percent="97.60" remaining="1" etc="1453051161"/>
|
|
12
|
+
<taskprogress task="Traceroute" time="1453051163" percent="70.97" remaining="1" etc="1453051164"/>
|
|
13
|
+
<host starttime="1453051156" endtime="1453051161"><status state="up" reason="echo-reply" reason_ttl="49"/>
|
|
14
|
+
<address addr="207.148.248.143" addrtype="ipv4"/>
|
|
15
|
+
<hostnames>
|
|
16
|
+
<hostname name="scanme.netmap.org" type="user"/>
|
|
17
|
+
</hostnames>
|
|
18
|
+
<ports><extraports state="filtered" count="997">
|
|
19
|
+
<extrareasons reason="no-responses" count="997"/>
|
|
20
|
+
</extraports>
|
|
21
|
+
<port protocol="tcp" portid="43"><state state="closed" reason="reset" reason_ttl="49"/><service name="whois" method="table" conf="3"/></port>
|
|
22
|
+
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="49"/><service name="http" method="table" conf="3"/></port>
|
|
23
|
+
<port protocol="tcp" portid="443"><state state="closed" reason="reset" reason_ttl="49"/><service name="https" method="table" conf="3"/></port>
|
|
24
|
+
</ports>
|
|
25
|
+
<trace port="443" proto="tcp">
|
|
26
|
+
<hop ttl="1" ipaddr="192.168.1.1" rtt="2.69" host="router.asus.com"/>
|
|
27
|
+
<hop ttl="2" ipaddr="96.120.48.165" rtt="15.63"/>
|
|
28
|
+
<hop ttl="3" ipaddr="68.85.165.253" rtt="26.58" host="te-0-3-0-20-sur01.swmpls.mn.minn.comcast.net"/>
|
|
29
|
+
<hop ttl="4" ipaddr="69.139.219.214" rtt="26.59" host="te-0-0-0-0-sur02.swmpls.mn.minn.comcast.net"/>
|
|
30
|
+
<hop ttl="5" ipaddr="69.139.219.225" rtt="26.61" host="te-0-8-0-11-ar01.roseville.mn.minn.comcast.net"/>
|
|
31
|
+
<hop ttl="6" ipaddr="68.86.94.81" rtt="26.62" host="be-13367-cr02.350ecermak.il.ibone.comcast.net"/>
|
|
32
|
+
<hop ttl="7" ipaddr="68.86.83.50" rtt="26.62" host="hu-0-10-0-0-pe04.350ecermak.il.ibone.comcast.net"/>
|
|
33
|
+
<hop ttl="8" ipaddr="23.30.206.134" rtt="26.64"/>
|
|
34
|
+
<hop ttl="9" ipaddr="154.54.46.177" rtt="26.65" host="be2766.ccr42.ord01.atlas.cogentco.com"/>
|
|
35
|
+
<hop ttl="10" ipaddr="154.54.7.130" rtt="28.16" host="be2718.ccr22.cle04.atlas.cogentco.com"/>
|
|
36
|
+
<hop ttl="11" ipaddr="154.54.43.185" rtt="47.97" host="be2189.ccr22.alb02.atlas.cogentco.com"/>
|
|
37
|
+
<hop ttl="12" ipaddr="154.54.43.13" rtt="56.51" host="be2302.ccr22.bos01.atlas.cogentco.com"/>
|
|
38
|
+
<hop ttl="13" ipaddr="154.54.47.254" rtt="51.16" host="te0-4-1-7.agr21.bos01.atlas.cogentco.com"/>
|
|
39
|
+
<hop ttl="14" ipaddr="38.104.186.138" rtt="50.43"/>
|
|
40
|
+
<hop ttl="16" ipaddr="207.148.248.143" rtt="50.38"/>
|
|
41
|
+
</trace>
|
|
42
|
+
<times srtt="50527" rttvar="6451" to="100000"/>
|
|
43
|
+
</host>
|
|
44
|
+
<runstats><finished time="1453051164" timestr="Sun Jan 17 11:19:24 2016" elapsed="8.53" summary="Nmap done at Sun Jan 17 11:19:24 2016; 1 IP address (1 host up) scanned in 8.53 seconds" exit="success"/><hosts up="1" down="0" total="1"/>
|
|
45
|
+
</runstats>
|
|
46
|
+
</nmaprun>
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-codec-nmap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
@@ -76,6 +76,7 @@ files:
|
|
|
76
76
|
- spec/fixtures/ipv6_all.xml
|
|
77
77
|
- spec/fixtures/localscan.xml
|
|
78
78
|
- spec/fixtures/pingsweep.xml
|
|
79
|
+
- spec/fixtures/scanme_traceroute.xml
|
|
79
80
|
- spec/fixtures/traceroutes.xml
|
|
80
81
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
|
81
82
|
licenses:
|
|
@@ -108,4 +109,5 @@ test_files:
|
|
|
108
109
|
- spec/fixtures/ipv6_all.xml
|
|
109
110
|
- spec/fixtures/localscan.xml
|
|
110
111
|
- spec/fixtures/pingsweep.xml
|
|
112
|
+
- spec/fixtures/scanme_traceroute.xml
|
|
111
113
|
- spec/fixtures/traceroutes.xml
|