logstash-codec-nmap 0.0.8 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c543021609ff02abbd46bcee4e6e19a03a0f633
-  data.tar.gz: d7a3a506e59afa50b3aea025efd8fe26cf0f1a6c
+  metadata.gz: 9b915c7826f05f545606e74a99585c670f3cf1e0
+  data.tar.gz: 49b35f3cf3d483d5c4e0c54a5b51c6d27137a9f2
 SHA512:
-  metadata.gz: 14386bf959fc10399a5bd055e19000d63ebe4c3cffcab6d78449f21f88da96c8ada6d3dadaace05da7e373b669cf89703ec99b34946d2a266f3cba04ae0a89ff
-  data.tar.gz: b1094edbf2f42fa2bef8a3e97af97d6beceae221bc612d1684e36e4fceba6ab8e7440a94bc19970182528fa1a944cda076ffa5060ea4efe07402ed464c8463a5
+  metadata.gz: a03fbdfe80a2d20230dde379fe416f51844e909d259bfc28164518b674d61aa4b0c573aa264ca1d80465d970fd2e4d043561fd1f526b69670dc7b633bc5fdd45
+  data.tar.gz: f3aa9ea6a1976e59a2bc8f6bfc2a62c2a20edcd0f7e8f5ac63eadac5b2f320ed2620ba86c79bee5676021935b78eae5af99d5606e55a73da8c418c4c20b49fcc

data/lib/logstash/codecs/nmap.rb

@@ -76,6 +76,7 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
       end
     end
   rescue StandardError => e
+    raise e
     @logger.warn("An unexpected error occurred parsing nmap XML",
                  :input => data,
                  :message => e.message,
@@ -193,9 +194,10 @@ class LogStash::Codecs::Nmap < LogStash::Codecs::Base
   def hashify_traceroute(traceroute)
     return unless traceroute
 
+    protocol = traceroute.protocol rescue nil
     {
       'port' => traceroute.port, # int
-      'protocol' => traceroute.protocol.to_s,
+      'protocol' => protocol,
       'hops' => traceroute.map.with_index do |hop, idx|
         {
           'address' => hop.addr, # str

data/logstash-codec-nmap.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-codec-nmap'
-  s.version         = '0.0.8'
+  s.version         = '0.0.9'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "This codec may be used to decode Nmap XML"
   s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/nmap_spec.rb

@@ -53,7 +53,13 @@ describe LogStash::Codecs::Nmap do
     end
 
     describe "scanme_A.xml" do
-      let(:xml_string) { File.open("spec/fixtures/localscan.xml").read }
+      let(:xml_string) { File.open("spec/fixtures/scanme_A.xml").read }
+      it_should_behave_like "a valid parse"
+    end
+
+
+    describe "full_scan.xml" do
+      let(:xml_string) { File.open("spec/fixtures/full_scan.xml").read }
       it_should_behave_like "a valid parse"
     end
 

data/spec/fixtures/full_scan.xml

@@ -0,0 +1,261 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 6.00 scan initiated Sun Jan 17 21:27:08 2016 as: nmap -A -T5 -oX - 192.168.1.0/24 -->
+<nmaprun scanner="nmap" args="nmap -A -T5 -oX - 192.168.1.0/24" start="1453066028" startstr="Sun Jan 17 21:27:08 2016" version="6.00" xmloutputversion="1.04">
+<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+<verbose level="0"/>
+<debugging level="0"/>
+<host starttime="1453066029" endtime="1453066187"><status state="up" reason="arp-response"/>
+<address addr="192.168.1.1" addrtype="ipv4"/>
+<address addr="10:C3:7B:44:3F:F5" addrtype="mac"/>
+<hostnames>
+<hostname name="router.asus.com" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="domain" product="dnsmasq" version="2.72test3" method="probed" conf="10"><cpe>cpe:/a:thekelleys:dnsmasq:2.72test3</cpe></service><script id="dns-nsid" output="&#xa;  NSID: rose-cns02 (726f73652d636e733032)&#xa;  id.server: rose-cns02&#xa;  bind.version: dnsmasq-2.72test3&#xa;"/></port>
+<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="http" product="Linksys wireless-G WAP http config" extrainfo="Name RT-N56U" devicetype="WAP" method="probed" conf="10"/><script id="http-methods" output="No Allow or Public header in OPTIONS response (status code 501)"/><script id="http-auth" output="&#xa;HTTP/1.0 401 Unauthorized&#xd;&#xa;  Basic realm=RT-N56U&#xa;"/><script id="http-title" output="401 Unauthorized"/></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="53"/>
+<portused state="closed" proto="tcp" portid="1"/>
+<portused state="closed" proto="udp" portid="43706"/>
+<osmatch name="Linux 2.6.8 - 2.6.27" accuracy="100" line="39673">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="100"><cpe>cpe:/o:linux:kernel:2.6</cpe></osclass>
+</osmatch>
+</os>
+<uptime seconds="608348" lastboot="Sun Jan 10 20:30:39 2016"/>
+<distance value="1"/>
+<tcpsequence index="196" difficulty="Good luck!" values="423560BA,4213027E,41CC9F3A,41CB07DB,422DC3A7,41E632B5"/>
+<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
+<tcptssequence class="other" values="9109F86,9109F9F,9109FB8,9109FD1,9109FEA,910A003"/>
+<trace>
+<hop ttl="1" ipaddr="192.168.1.1" rtt="0.41" host="router.asus.com"/>
+</trace>
+<times srtt="407" rttvar="48" to="50000"/>
+</host>
+<host starttime="1453066029" endtime="1453066187"><status state="up" reason="arp-response"/>
+<address addr="192.168.1.130" addrtype="ipv4"/>
+<address addr="04:15:52:E5:96:E5" addrtype="mac"/>
+<hostnames>
+<hostname name="AndrewTV" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="500">
+<extrareasons reason="resets" count="500"/>
+</extraports>
+<extraports state="filtered" count="498">
+<extrareasons reason="no-responses" count="498"/>
+</extraports>
+<port protocol="tcp" portid="3689"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="daap" product="Apple iTunes DAAP" version="11.1b37" ostype="OS X" method="probed" conf="10"/></port>
+<port protocol="tcp" portid="62078"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="tcpwrapped" method="probed" conf="8"/></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="3689"/>
+<portused state="closed" proto="tcp" portid="4"/>
+<portused state="closed" proto="udp" portid="30548"/>
+<osmatch name="Apple iOS 4.4.2 - 5.0.1 (Darwin 11.0.0)" accuracy="100" line="2951">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="100"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="100"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="100"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="100"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+</osmatch>
+</os>
+<uptime seconds="472254" lastboot="Tue Jan 12 10:18:53 2016"/>
+<distance value="1"/>
+<tcpsequence index="262" difficulty="Good luck!" values="CD649027,A26474D9,3DBC0136,481DA3D2,D7045104,74255443"/>
+<ipidsequence class="Randomized" values="E3BE,6CE3,FA52,D788,3938,5BE4"/>
+<tcptssequence class="1000HZ" values="1C25F483,1C25F4E8,1C25F54A,1C25F5AE,1C25F612,1C25F675"/>
+<trace>
+<hop ttl="1" ipaddr="192.168.1.130" rtt="1.54" host="AndrewTV"/>
+</trace>
+<times srtt="1538" rttvar="207" to="50000"/>
+</host>
+<host starttime="1453066029" endtime="1453066187"><status state="up" reason="arp-response"/>
+<address addr="192.168.1.132" addrtype="ipv4"/>
+<address addr="3C:15:C2:EA:B8:72" addrtype="mac"/>
+<hostnames>
+<hostname name="andrew-bfg" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="960">
+<extrareasons reason="resets" count="960"/>
+</extraports>
+<extraports state="filtered" count="34">
+<extrareasons reason="no-responses" count="34"/>
+</extraports>
+<port protocol="tcp" portid="111"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="rpcbind" version="2-4" extrainfo="rpc #100000" method="probed" conf="10" rpcnum="100000" lowver="2" highver="4" proto="rpc"/><script id="rpcinfo" output="&#xa;  program version   port/proto  service&#xa;  100000  2,3,4        111/tcp  rpcbind&#xa;  100000  2,3,4        111/udp  rpcbind&#xa;  100003  2,3         2049/tcp  nfs&#xa;  100003  2,3         2049/udp  nfs&#xa;  100005  1,3          895/udp  mountd&#xa;  100005  1,3         1023/tcp  mountd&#xa;  100011  1,2          994/udp  rquotad&#xa;  100011  1,2          999/tcp  rquotad&#xa;  100021  0,1,3,4      733/udp  nlockmgr&#xa;  100021  0,1,3,4     1017/tcp  nlockmgr&#xa;  100024  1            896/udp  status&#xa;  100024  1           1021/tcp  status&#xa;"/></port>
+<port protocol="tcp" portid="999"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="garcon" servicefp="SF-Port999-TCP:V=6.00%I=7%D=1/17%Time=569C0760%P=armv7l-unknown-linux-gnueabi%r(RPCCheck,1C,&quot;\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03&quot;);" method="table" conf="3"/></port>
+<port protocol="tcp" portid="1021"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="exp1" servicefp="SF-Port1021-TCP:V=6.00%I=7%D=1/17%Time=569C0760%P=armv7l-unknown-linux-gnueabi%r(RPCCheck,1C,&quot;\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03&quot;);" method="table" conf="3"/></port>
+<port protocol="tcp" portid="1023"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="netvenuechat" servicefp="SF-Port1023-TCP:V=6.00%I=7%D=1/17%Time=569C0760%P=armv7l-unknown-linux-gnueabi%r(RPCCheck,1C,&quot;\x80\0\0\x18r\xfe\x1d\x13\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03&quot;);" method="table" conf="3"/></port>
+<port protocol="tcp" portid="2049"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="tcpwrapped" method="probed" conf="8"/></port>
+<port protocol="tcp" portid="3689"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="daap" product="Apple iTunes DAAP" version="12.3.2.35" ostype="OS X" method="probed" conf="10"/></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="111"/>
+<portused state="closed" proto="tcp" portid="1"/>
+<portused state="closed" proto="udp" portid="38850"/>
+<osmatch name="Apple iOS 4.4.2 - 5.0.1 (Darwin 11.0.0)" accuracy="96" line="2951">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+</osmatch>
+<osmatch name="Apple Mac OS X 10.7.0 - 10.7.2 (Lion) (Darwin 11.0.0 - 11.2.0)" accuracy="96" line="5120">
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.7.X" accuracy="96"><cpe>cpe:/o:apple:mac_os_x:10.7.0</cpe></osclass>
+</osmatch>
+<osmatch name="Apple Mac OS X 10.7.0 - 10.7.2 (Lion) (Darwin 11.0.0 - 11.2.0) or iOS 4.2 - 4.3.5" accuracy="96" line="5281">
+<osclass type="media device" vendor="Apple" osfamily="Mac OS X" osgen="10.7.X" accuracy="96"><cpe>cpe:/o:apple:mac_os_x:10.7</cpe></osclass>
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iPad tablet computer (iOS 4.3.3)" accuracy="95" line="3029">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="95"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iOS 5.0.1" accuracy="95" line="3243">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="95"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="95"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+</osmatch>
+<osmatch name="Apple Mac OS X 10.7.2 (Lion) (Darwin 11.2.0)" accuracy="95" line="5162">
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.7.X" accuracy="95"><cpe>cpe:/o:apple:mac_os_x:10.7</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iOS 4.2 - 4.3.4" accuracy="94" line="2885">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="94"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="94"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iOS 4.3.3 - 4.3.5" accuracy="93" line="2926">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="93"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="93"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iPad tablet computer (iOS 4.3.2)" accuracy="93" line="2993">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="93"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iPad tablet computer or iPhone mobile phone (iOS 4.0 - 4.1)" accuracy="93" line="3126">
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="93"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+</os>
+<uptime seconds="328190" lastboot="Thu Jan 14 02:19:57 2016"/>
+<distance value="1"/>
+<tcpsequence index="257" difficulty="Good luck!" values="33207C1A,1CC7D5FC,75E4778,4B5E4C3,47A0936F"/>
+<ipidsequence class="Randomized" values="78D5,C238,6666,879C,2760"/>
+<tcptssequence class="1000HZ" values="138FB522,138FB570,138FB5D1,138FB634,138FB712"/>
+<trace>
+<hop ttl="1" ipaddr="192.168.1.132" rtt="4.51" host="andrew-bfg"/>
+</trace>
+<times srtt="4515" rttvar="5884" to="50000"/>
+</host>
+<host starttime="1453066189" endtime="1453066202"><status state="up" reason="localhost-response"/>
+<address addr="192.168.1.223" addrtype="ipv4"/>
+<hostnames>
+<hostname name="raspberrypi" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="998">
+<extrareasons reason="resets" count="998"/>
+</extraports>
+<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ssh" product="OpenSSH" version="6.0p1 Debian 4+deb7u2" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:6.0p1</cpe><cpe>cpe:/o:linux:kernel</cpe></service><script id="ssh-hostkey" output="1024 ac:75:c8:bb:ed:0a:34:72:66:9c:34:22:73:d2:e2:7b (DSA)&#xa;2048 ae:6f:19:45:61:88:eb:61:15:b8:07:fe:e7:e1:ad:3e (RSA)"/></port>
+<port protocol="tcp" portid="8000"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="upnp" product="Microsoft Windows UPnP" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="http-methods" output="No Allow or Public header in OPTIONS response (status code 200)"/><script id="http-open-proxy" output="Potentially OPEN proxy.&#xa;Methods supported: CONNECTION"/></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="22"/>
+<portused state="closed" proto="tcp" portid="1"/>
+<portused state="closed" proto="udp" portid="38217"/>
+<osmatch name="Netgear DG834G WAP or Western Digital WD TV media player" accuracy="96" line="54647">
+<osclass type="WAP" vendor="Netgear" osfamily="embedded" accuracy="96"/>
+<osclass type="media device" vendor="Western Digital" osfamily="embedded" accuracy="96"/>
+</osmatch>
+<osmatch name="AXIS 210A or 211 Network Camera (Linux 2.6)" accuracy="92" line="6344">
+<osclass type="webcam" vendor="AXIS" osfamily="Linux" osgen="2.6.X" accuracy="92"><cpe>cpe:/o:axis:linux:2.6</cpe></osclass>
+</osmatch>
+<osmatch name="HP P2000 G3 NAS device" accuracy="92" line="22329">
+<osclass type="storage-misc" vendor="HP" osfamily="embedded" accuracy="92"/>
+</osmatch>
+<osmatch name="Crestron XPanel control system" accuracy="91" line="13468">
+<osclass type="specialized" vendor="Crestron" osfamily="2-Series" accuracy="91"><cpe>cpe:/o:crestron:2_series</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 2.4.26 (Slackware 10.0.0)" accuracy="91" line="30040">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="91"><cpe>cpe:/o:linux:kernel:2.4.26</cpe></osclass>
+</osmatch>
+<osmatch name="Linux 2.6.24" accuracy="90" line="35144">
+<osclass type="general purpose" vendor="Linux" osfamily="Linux" osgen="2.6.X" accuracy="90"><cpe>cpe:/o:linux:kernel:2.6.24</cpe></osclass>
+</osmatch>
+<osmatch name="Tomato 1.27 - 1.28 (Linux 2.4.20)" accuracy="90" line="30716">
+<osclass type="WAP" vendor="Linux" osfamily="Linux" osgen="2.4.X" accuracy="90"><cpe>cpe:/o:linux:kernel:2.4</cpe></osclass>
+</osmatch>
+<osmatch name="Linksys WRV54G WAP" accuracy="90" line="29022">
+<osclass type="WAP" vendor="Linksys" osfamily="embedded" accuracy="90"><cpe>cpe:/h:linksys:wrv54g</cpe></osclass>
+</osmatch>
+<osmatch name="Check Point SBox-200 firewall" accuracy="89" line="9047">
+<osclass type="firewall" vendor="Check Point" osfamily="embedded" accuracy="89"/>
+</osmatch>
+<osmatch name="Check Point VPN-1 UTM appliance" accuracy="89" line="9191">
+<osclass type="firewall" vendor="Check Point" osfamily="Linux" osgen="2.4.X" accuracy="89"><cpe>cpe:/o:checkpoint:linux:2.4</cpe></osclass>
+</osmatch>
+</os>
+<uptime seconds="99778" lastboot="Sat Jan 16 17:47:04 2016"/>
+<distance value="0"/>
+<tcpsequence index="258" difficulty="Good luck!" values="87BBB03A,213E2AAE,F4DC2F81,156010B4,CA190AB2,A93B3C87"/>
+<ipidsequence class="All zeros" values="0,0,0,0,0,0"/>
+<tcptssequence class="100HZ" values="983E67,983E71,983E7B,983E85,983E8F,983E99"/>
+<times srtt="130" rttvar="13" to="50000"/>
+</host>
+<host starttime="1453066187" endtime="1453066218"><status state="up" reason="arp-response"/>
+<address addr="192.168.1.251" addrtype="ipv4"/>
+<address addr="48:D7:05:B7:10:BF" addrtype="mac"/>
+<hostnames>
+<hostname name="ZJ0071JessicaN" type="PTR"/>
+</hostnames>
+<ports><extraports state="closed" count="629">
+<extrareasons reason="resets" count="629"/>
+</extraports>
+<extraports state="filtered" count="369">
+<extrareasons reason="no-responses" count="369"/>
+</extraports>
+<port protocol="tcp" portid="497"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="retrospect" product="Dantz Retrospect backup client" method="probed" conf="10"/></port>
+<port protocol="tcp" portid="5900"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="vnc" product="Apple remote desktop vnc" ostype="Mac OS X" method="probed" conf="10"><cpe>cpe:/o:apple:mac_os_x</cpe></service><script id="vnc-info" output="&#xa;  Protocol version: 3.889&#xa;  Security types:&#xa;    Mac OS X security type (30)&#xa;    Mac OS X security type (35)&#xa;"/></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="497"/>
+<portused state="closed" proto="tcp" portid="1"/>
+<portused state="closed" proto="udp" portid="40440"/>
+<osmatch name="Apple iOS 4.4.2 - 5.0.1 (Darwin 11.0.0)" accuracy="96" line="2951">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+</osmatch>
+<osmatch name="Apple Mac OS X 10.7.0 - 10.7.2 (Lion) (Darwin 11.0.0 - 11.2.0)" accuracy="96" line="5120">
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.7.X" accuracy="96"><cpe>cpe:/o:apple:mac_os_x:10.7.0</cpe></osclass>
+</osmatch>
+<osmatch name="Apple Mac OS X 10.7.0 - 10.7.2 (Lion) (Darwin 11.0.0 - 11.2.0) or iOS 4.2 - 4.3.5" accuracy="96" line="5281">
+<osclass type="media device" vendor="Apple" osfamily="Mac OS X" osgen="10.7.X" accuracy="96"><cpe>cpe:/o:apple:mac_os_x:10.7</cpe></osclass>
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="96"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iPad tablet computer (iOS 4.3.3)" accuracy="95" line="3029">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="95"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iOS 5.0.1" accuracy="95" line="3243">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="95"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="5.X" accuracy="95"><cpe>cpe:/o:apple:iphone_os:5</cpe></osclass>
+</osmatch>
+<osmatch name="Apple Mac OS X 10.7.2 (Lion) (Darwin 11.2.0)" accuracy="95" line="5162">
+<osclass type="general purpose" vendor="Apple" osfamily="Mac OS X" osgen="10.7.X" accuracy="95"><cpe>cpe:/o:apple:mac_os_x:10.7</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iOS 4.2 - 4.3.4" accuracy="94" line="2885">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="94"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="94"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iPad tablet computer (iOS 4.3.2)" accuracy="93" line="2993">
+<osclass type="media device" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="93"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iPad tablet computer or iPhone mobile phone (iOS 4.0 - 4.1)" accuracy="93" line="3126">
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="93"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+<osmatch name="Apple iPhone mobile phone (iOS 4.3.2)" accuracy="93" line="3162">
+<osclass type="phone" vendor="Apple" osfamily="iOS" osgen="4.X" accuracy="93"><cpe>cpe:/o:apple:iphone_os:4</cpe></osclass>
+</osmatch>
+</os>
+<uptime seconds="988514" lastboot="Wed Jan  6 10:55:04 2016"/>
+<distance value="1"/>
+<trace>
+<hop ttl="1" ipaddr="192.168.1.251" rtt="1.73" host="ZJ0071JessicaN"/>
+</trace>
+<times srtt="1727" rttvar="307" to="50000"/>
+</host>
+<runstats><finished time="1453066218" timestr="Sun Jan 17 21:30:18 2016" elapsed="193.66" summary="Nmap done at Sun Jan 17 21:30:18 2016; 256 IP addresses (5 hosts up) scanned in 193.66 seconds" exit="success"/><hosts up="5" down="251" total="256"/>
+</runstats>
+</nmaprun>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-nmap
 version: !ruby/object:Gem::Version
-  version: 0.0.8
+  version: 0.0.9
 platform: ruby
 authors:
 - Elastic
@@ -73,6 +73,7 @@ files:
 - lib/logstash/codecs/nmap.rb
 - logstash-codec-nmap.gemspec
 - spec/codecs/nmap_spec.rb
+- spec/fixtures/full_scan.xml
 - spec/fixtures/ipv6_all.xml
 - spec/fixtures/localscan.xml
 - spec/fixtures/pingsweep.xml
@@ -108,6 +109,7 @@ specification_version: 4
 summary: This codec may be used to decode Nmap XML
 test_files:
 - spec/codecs/nmap_spec.rb
+- spec/fixtures/full_scan.xml
 - spec/fixtures/ipv6_all.xml
 - spec/fixtures/localscan.xml
 - spec/fixtures/pingsweep.xml