np icon indicating copy to clipboard operation
np copied to clipboard
verified publisher icon leesoh

Explore Timeline Output

Open leesoh opened this issue 3 years ago • 2 comments

It would be neat to show the changes over time rather than the end state. For example, if you run one scan per day, np would start at the oldest and process scan 1:

$ np
2022-01-01 12:10 AM 10.1.23.5 80/tcp open
2022-01-01 12:10 AM 10.1.23.5 22/tcp open

Then a subsequent scan against the host after SNMP has been enabled:

2022-01-02 12:10 AM 10.1.23.5 161/udp open

And later HTTP is disabled:

2022-01-03 12:10 AM 10.1.23.5 80/tcp closed

This would allow us to review only the changes for each new scan processed.

leesoh avatar May 17 '22 15:05 leesoh

This should also call out new hosts:

2022-01-04 12:10 AM 10.1.23.6 added
2022-01-04 12:10 AM 10.1.23.6 443/tcp open

leesoh avatar May 17 '22 19:05 leesoh

This gets a bit thorny based on where we can detect a change (when parsing the scan) and when we surface that to the user (result printing). I wonder if it would be sufficient to do a diff <(np -path scans -exclude newfile.xml) <(np -path newfile.xml)?

leesoh avatar May 24 '22 13:05 leesoh