Home > Mobile >  php Interpret xml file provided by NMAP
php Interpret xml file provided by NMAP

Time:02-25

I have a xml file provided by NMAP 7.80, and I would like to interpret it using php version 7.4.3.

First I tried to use 'SimpleXMLElement', but I am not sure how to handle results.

$xml=simplexml_load_string($file, 'SimpleXMLElement', LIBXML_NOCDATA | LIBXML_NOBLANKS) or die("Error: Cannot create object");

Seems that @attributes is the main field, but I am not able to call it.

echo $xml1->attributes;

This is the output from the dump

object(SimpleXMLElement)#2 (6) { ["@attributes"]=> array(6) { ["scanner"]=> string(4) "nmap" ["args"]=> string(111) "nmap --script nmap-vulners/ -sV -oX /var/scripts/bash/security/log/UCFGSP.xml 192.168.1.1/32" ["start"]=> string(10) "1645692795" ["startstr"]=> string(24) "Thu Feb 24 05:53:15 2022" ["version"]=> string(4) "7.80" ["xmloutputversion"]=> string(4) "1.04" } ["scaninfo"]=> object(SimpleXMLElement)#8 (1) { ["@attributes"]=> array(4) { ["type"]=> string(3) "syn" ["protocol"]=> string(3) "tcp" ["numservices"]=> string(4) "1000" ["services"]=> string(3813) "1,3-4,6-7,9,13,17,(...)" } } ["verbose"]=> (I have omitted the rest...)

I also have tried to decode to json format. It works better, but the array structure is very hard to understand.

$xml = json_decode(json_encode((array) simplexml_load_string($file)), 1);

I can decode the data using e.g.

echo "type:".$xml['scaninfo']['@attributes']['type'] // output: type:syn
echo "scanner:".$xml["@attributes"]["scanner"] // output: scanner:nmap

Occurs there are too many fields, and I still creating several loops (foreach) in order to understand each multidimensional array loop.

Here is the dump:

array(6) { ["@attributes"]=> array(6) { ["scanner"]=> string(4) "nmap" ["args"]=> string(111) "nmap --script nmap-vulners/ -sV -oX /var/scripts/bash/security/log/UCFGSP.xml 192.168.1.1/32" ["start"]=> string(10) "1645692795" ["startstr"]=> string(24) "Thu Feb 24 05:53:15 2022" ["version"]=> string(4) "7.80" ["xmloutputversion"]=> string(4) "1.04" } ["scaninfo"]=> array(1) { ["@attributes"]=> array(4) { ["type"]=> string(3) "syn" ["protocol"]=> string(3) "tcp" ["numservices"]=> string(4) "1000" ["services"]=> string(3813) "1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389" } } ["verbose"]=> array(1) { ["@attributes"]=> array(1) { ["level"]=> string(1) "0" } } ["debugging"]=> array(1) { ["@attributes"]=> array(1) { ["level"]=> string(1) "0" } } ["host"]=> array(6) { ["@attributes"]=> array(2) { ["starttime"]=> string(10) "1645692796" ["endtime"]=> string(10) "1645692856" } ["status"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(2) "up" ["reason"]=> string(10) "echo-reply" ["reason_ttl"]=> string(3) "126" } } ["address"]=> array(1) { ["@attributes"]=> array(2) { ["addr"]=> string(15) "192.168.1.1" ["addrtype"]=> string(4) "ipv4" } } ["hostnames"]=> array(0) { } ["ports"]=> array(2) { ["extraports"]=> array(2) { ["@attributes"]=> array(2) { ["state"]=> string(6) "closed" ["count"]=> string(3) "983" } ["extrareasons"]=> array(1) { ["@attributes"]=> array(2) { ["reason"]=> string(6) "resets" ["count"]=> string(3) "983" } } } ["port"]=> array(17) { [0]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(2) "22" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(6) { ["name"]=> string(3) "ssh" ["product"]=> string(7) "OpenSSH" ["version"]=> string(15) "for_Windows_8.1" ["extrainfo"]=> string(12) "protocol 2.0" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(38) "cpe:/a:openbsd:openssh:for_windows_8.1" } } [1]=> array(4) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(2) "80" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(6) { ["name"]=> string(4) "http" ["product"]=> string(19) "Microsoft IIS httpd" ["version"]=> string(3) "8.0" ["ostype"]=> string(7) "Windows" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> array(2) { [0]=> string(24) "cpe:/a:microsoft:iis:8.0" [1]=> string(24) "cpe:/o:microsoft:windows" } } ["script"]=> array(2) { [0]=> array(2) { ["@attributes"]=> array(2) { ["id"]=> string(18) "http-server-header" ["output"]=> string(17) "Microsoft-IIS/8.0" } ["elem"]=> string(17) "Microsoft-IIS/8.0" } [1]=> array(2) { ["@attributes"]=> array(2) { ["id"]=> string(7) "vulners" ["output"]=> string(91) " cpe:/a:microsoft:iis:8.0: SMNTC-70937 7.6 https://vulners.com/symantec/SMNTC-70937" } ["table"]=> array(2) { ["@attributes"]=> array(1) { ["key"]=> string(24) "cpe:/a:microsoft:iis:8.0" } ["table"]=> array(1) { ["elem"]=> array(4) { [0]=> string(8) "symantec" [1]=> string(5) "false" [2]=> string(3) "7.6" [3]=> string(11) "SMNTC-70937" } } } } } } [2]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(3) "135" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(5) "msrpc" ["product"]=> string(21) "Microsoft Windows RPC" ["ostype"]=> string(7) "Windows" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(24) "cpe:/o:microsoft:windows" } } [3]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(3) "139" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(11) "netbios-ssn" ["product"]=> string(29) "Microsoft Windows netbios-ssn" ["ostype"]=> string(7) "Windows" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(24) "cpe:/o:microsoft:windows" } } [4]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(3) "445" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(12) "microsoft-ds" ["product"]=> string(52) "Microsoft Windows Server 2008 R2 - 2012 microsoft-ds" ["ostype"]=> string(29) "Windows Server 2008 R2 - 2012" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(24) "cpe:/o:microsoft:windows" } } [5]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(4) "1801" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(1) { ["@attributes"]=> array(3) { ["name"]=> string(4) "msmq" ["method"]=> string(5) "table" ["conf"]=> string(1) "3" } } } [6]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(4) "2103" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(5) "msrpc" ["product"]=> string(21) "Microsoft Windows RPC" ["ostype"]=> string(7) "Windows" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(24) "cpe:/o:microsoft:windows" } } [7]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(4) "2105" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(5) "msrpc" ["product"]=> string(21) "Microsoft Windows RPC" ["ostype"]=> string(7) "Windows" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(24) "cpe:/o:microsoft:windows" } } [8]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(4) "2107" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(5) "msrpc" ["product"]=> string(21) "Microsoft Windows RPC" ["ostype"]=> string(7) "Windows" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(24) "cpe:/o:microsoft:windows" } } [9]=> array(4) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(4) "3128" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(10) "http-proxy" ["product"]=> string(16) "Squid http proxy" ["version"]=> string(6) "3.5.28" ["method"]=> string(6) "probed" ["conf"]=> string(2) "10" } ["cpe"]=> string(31) "cpe:/a:squid-cache:squid:3.5.28" } ["script"]=> array(2) { [0]=> array(2) { ["@attributes"]=> array(2) { ["id"]=> string(18) "http-server-header" ["output"]=> string(12) "squid/3.5.28" } ["elem"]=> string(12) "squid/3.5.28" } [1]=> array(2) { ["@attributes"]=> array(2) { ["id"]=> string(7) "vulners" ["output"]=> string(2014) " cpe:/a:squid-cache:squid:3.5.28: MSF:ILITIES/UBUNTU-CVE-2019-12525/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2019-12525/ *EXPLOIT* MSF:ILITIES/CENTOS_LINUX-CVE-2020-11945/ 7.5 https://vulners.com/metasploit/MSF:ILITIES/CENTOS_LINUX-CVE-2020-11945/ *EXPLOIT* CVE-2020-11945 7.5 https://vulners.com/cve/CVE-2020-11945 CVE-2019-12526 7.5 https://vulners.com/cve/CVE-2019-12526 CVE-2019-12525 7.5 https://vulners.com/cve/CVE-2019-12525 CVE-2019-12519 7.5 https://vulners.com/cve/CVE-2019-12519 CVE-2020-24606 7.1 https://vulners.com/cve/CVE-2020-24606 CVE-2020-15049 6.5 https://vulners.com/cve/CVE-2020-15049 CVE-2019-12523 6.4 https://vulners.com/cve/CVE-2019-12523 CVE-2019-18677 5.8 https://vulners.com/cve/CVE-2019-18677 MSF:ILITIES/UBUNTU-CVE-2021-31807/ 5.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2021-31807/ *EXPLOIT* CVE-2021-28651 5.0 https://vulners.com/cve/CVE-2021-28651 CVE-2020-25097 5.0 https://vulners.com/cve/CVE-2020-25097 CVE-2020-14058 5.0 https://vulners.com/cve/CVE-2020-14058 CVE-2019-18679 5.0 https://vulners.com/cve/CVE-2019-18679 CVE-2019-18678 5.0 https://vulners.com/cve/CVE-2019-18678 CVE-2019-18676 5.0 https://vulners.com/cve/CVE-2019-18676 CVE-2019-12529 4.3 https://vulners.com/cve/CVE-2019-12529 CVE-2019-12521 4.3 https://vulners.com/cve/CVE-2019-12521 CVE-2021-31807 4.0 https://vulners.com/cve/CVE-2021-31807 CVE-2021-28652 4.0 https://vulners.com/cve/CVE-2021-28652 MSF:ILITIES/UBUNTU-CVE-2021-28651/ 0.0 https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2021-28651/ *EXPLOIT* MSF:ILITIES/SUSE-CVE-2021-28652/ 0.0 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2021-28652/ *EXPLOIT* MSF:ILITIES/SUSE-CVE-2021-28651/ 0.0 https://vulners.com/metasploit/MSF:ILITIES/SUSE-CVE-2021-28651/ *EXPLOIT* MSF:ILITIES/DEBIAN-CVE-2021-31807/ 0.0 https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2021-31807/ *EXPLOIT*" } ["table"]=> array(2) { ["@attributes"]=> array(1) { ["key"]=> string(31) "cpe:/a:squid-cache:squid:3.5.28" } ["table"]=> array(25) { [0]=> array(1) { ["elem"]=> array(4) { [0]=> string(10) "metasploit" [1]=> string(4) "true" [2]=> string(3) "7.5" [3]=> string(34) "MSF:ILITIES/UBUNTU-CVE-2019-12525/" } } [1]=> array(1) { ["elem"]=> array(4) { [0]=> string(10) "metasploit" [1]=> string(4) "true" [2]=> string(3) "7.5" [3]=> string(40) "MSF:ILITIES/CENTOS_LINUX-CVE-2020-11945/" } } [2]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "7.5" [3]=> string(14) "CVE-2020-11945" } } [3]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "7.5" [3]=> string(14) "CVE-2019-12526" } } [4]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "7.5" [3]=> string(14) "CVE-2019-12525" } } [5]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "7.5" [3]=> string(14) "CVE-2019-12519" } } [6]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "7.1" [3]=> string(14) "CVE-2020-24606" } } [7]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "6.5" [3]=> string(14) "CVE-2020-15049" } } [8]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "6.4" [3]=> string(14) "CVE-2019-12523" } } [9]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "5.8" [3]=> string(14) "CVE-2019-18677" } } [10]=> array(1) { ["elem"]=> array(4) { [0]=> string(10) "metasploit" [1]=> string(4) "true" [2]=> string(3) "5.0" [3]=> string(34) "MSF:ILITIES/UBUNTU-CVE-2021-31807/" } } [11]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "5.0" [3]=> string(14) "CVE-2021-28651" } } [12]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "5.0" [3]=> string(14) "CVE-2020-25097" } } [13]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "5.0" [3]=> string(14) "CVE-2020-14058" } } [14]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "5.0" [3]=> string(14) "CVE-2019-18679" } } [15]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "5.0" [3]=> string(14) "CVE-2019-18678" } } [16]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "5.0" [3]=> string(14) "CVE-2019-18676" } } [17]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "4.3" [3]=> string(14) "CVE-2019-12529" } } [18]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "4.3" [3]=> string(14) "CVE-2019-12521" } } [19]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "4.0" [3]=> string(14) "CVE-2021-31807" } } [20]=> array(1) { ["elem"]=> array(4) { [0]=> string(3) "cve" [1]=> string(5) "false" [2]=> string(3) "4.0" [3]=> string(14) "CVE-2021-28652" } } [21]=> array(1) { ["elem"]=> array(4) { [0]=> string(10) "metasploit" [1]=> string(4) "true" [2]=> string(3) "0.0" [3]=> string(34) "MSF:ILITIES/UBUNTU-CVE-2021-28651/" } } [22]=> array(1) { ["elem"]=> array(4) { [0]=> string(10) "metasploit" [1]=> string(4) "true" [2]=> string(3) "0.0" [3]=> string(32) "MSF:ILITIES/SUSE-CVE-2021-28652/" } } [23]=> array(1) { ["elem"]=> array(4) { [0]=> string(10) "metasploit" [1]=> string(4) "true" [2]=> string(3) "0.0" [3]=> string(32) "MSF:ILITIES/SUSE-CVE-2021-28651/" } } [24]=> array(1) { ["elem"]=> array(4) { [0]=> string(10) "metasploit" [1]=> string(4) "true" [2]=> string(3) "0.0" [3]=> string(34) "MSF:ILITIES/DEBIAN-CVE-2021-31807/" } } } } } } } [10]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(4) "3389" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(1) { ["@attributes"]=> array(4) { ["name"]=> string(13) "ms-wbt-server" ["tunnel"]=> string(3) "ssl" ["method"]=> string(5) "table" ["conf"]=> string(1) "3" } } } [11]=> array(3) { ["@attributes"]=> array(2) { ["protocol"]=> string(3) "tcp" ["portid"]=> string(5) "49152" } ["state"]=> array(1) { ["@attributes"]=> array(3) { ["state"]=> string(4) "open" ["reason"]=> string(7) "syn-ack" ["reason_ttl"]=> string(3) "126" } } ["service"]=> array(2) { ["@attributes"]=> array(5) { ["name"]=> string(5) "msrpc" ["product"]=> (...)

My question is : Based on xml file, should I keep working with json decode (arrays), or give more attention to SimpleXMLElement?

I believe json is easier, but is there a way to give a structural output from the entire array?

e.g.

array(
    array(
        '@attributes' => array(
            array(
                'scanner' => 'nmap',
                'args' => 'nmap --script nmap-vulners...',
                'start' => '1645692795',
                (etc...)

Here is a sample of the XML format:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/.../nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.80 scan initiated Thu Feb 24 05:53:15 2022 as: nmap -&#45;script nmap-vulners/ -sV -oX /var/scripts/bash/security/log/UCFGSP.xml 192.168.1.1/32 -->
<nmaprun scanner="nmap" args="nmap -&#45;script nmap-vulners/ -sV -oX /var/scripts/bash/security/log/UCFGSP.xml 192.168.1.1/32" start="1645692795" startstr="Thu Feb 24 05:53:15 2022" version="7.80" xmloutputversion="1.04">
<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,(...)"/>
<verbose level="0"/>
<debugging level="0"/>
<host starttime="1645692796" endtime="1645692856"><status state="up" reason="echo-reply" reason_ttl="126"/>
<address addr="192.168.1.1" addrtype="ipv4"/>
<hostnames>
</hostnames>
<ports><extraports state="closed" count="983">
<extrareasons reason="resets" count="983"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="126"/><service name="ssh" product="OpenSSH" version="for_Windows_8.1" extrainfo="protocol 2.0" method="probed" conf="10"><cpe>cpe:/a:openbsd:openssh:for_windows_8.1</cpe></service></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="126"/><service name="http" product="Microsoft IIS httpd" version="8.0" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:microsoft:iis:8.0</cpe><cpe>cpe:/o:microsoft:windows</cpe></service><script id="http-server-header" output="Microsoft-IIS/8.0"><elem>Microsoft-IIS/8.0</elem>
</script><script id="vulners" output="&#xa;  cpe:/a:microsoft:iis:8.0: &#xa;    &#x9;SMNTC-70937&#x9;7.6&#x9;https://vulners.com/symantec/SMNTC-70937"><table key="cpe:/a:microsoft:iis:8.0">
<table>
<elem key="type">symantec</elem>
<elem key="is_exploit">false</elem>
<elem key="cvss">7.6</elem>
<elem key="id">SMNTC-70937</elem>
</table>
</table>
</script></port>
<port>
<table key="cpe:/a:squid-cache:squid:3.5.28">
<elem key="type">metasploit</elem>
<elem key="is_exploit">true</elem>
<elem key="cvss">7.5</elem>
<elem key="id">MSF:ILITIES/UBUNTU-CVE-2019-12525/</elem>
</table>
</port>
</ports>
</host>
</nmaprun>

CodePudding user response:

A few things to get out of the habit of:

  • Don't bother with LIBXML_NOCDATA; it's a formatting flag for when you're outputting XML, and generally makes no difference to reading it.
  • Don't try to encode XML as JSON, or a PHP array; you'll just get in a muddle.
  • Don't trust the output of var_dump and friends for these objects, because they have rather a lot of "magic" that isn't displayed well.

What you should do is:

  • Have a look at the examples in the PHP manual. The simplest explanation is that you use ->name to access child elements (tags), and ['name'] to access attributes.
  • Cast values using (string)$foo when you want them as a plain string rather than an object to navigate further.

So in your case, to get the "type" in the "scaninfo", you simply write this:

$type = (string)$xml->scaninfo['type'];

Or to get all the "portids", you would write this:

$portids = [];
foreach ( $xml->host->ports->port as $port ) {
    $portids[] = (string)$port['portid'];
}

CodePudding user response:

I got it working with this syntax:

$xml=simplexml_load_string($file, 'SimpleXMLElement', LIBXML_NOBLANKS) or die("Error: Cannot create object");

echo $xml->scaninfo->attributes()->protocol;

Thank you all.

  • Related