diff --git a/README.md b/README.md
index b063d5e..ffb45e9 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,9 @@ One of my favorite features of Nmap is the ability to output our scan results to
### Parse for Live Hosts
-The first case where this will be useful for us is to determine which hosts from our host discovery probes are considered up. To facilitate this task in python we'll take advantage of the `xml.etree.ElementTree` (https://docs.python.org/3/library/xml.etree.elementtree.html) library. Our helper function will take in the path of an XML file we designate and parse out the hosts that are flagged as being 'up'.
+The first case where this will be useful for us is to determine which hosts from our host discovery probes are considered up. To facilitate this task in python we'll take advantage of the `xml.etree.ElementTree` (https://docs.python.org/3/library/xml.etree.elementtree.html) library. Take a look at the note in https://github.com/gh0x0st/pythonizing_nmap/blob/main/XML%20Parser%20Scripts/README.md for an alternate library if you do not free comfortble with using ElementTree.
+
+Our helper function will take in the path of an XML file we designate and parse out the hosts that are flagged as being 'up'.
Since I use all possible discovery probes I use `parseDiscoverXml()` to take in the results from all the Xml files, then I use a second helper function to remove any duplicates and output them space delimited so I can use those at the target input values for future Nmap calls.
@@ -1040,7 +1042,7 @@ if __name__ == '__main__':
main()
```
-### Detected Hosts With Guessed Operation Systems
+### Detected Hosts With Guessed Operating Systems
| IP | Port
| :--- | :---|
diff --git a/XML Parser Scripts/README.md b/XML Parser Scripts/README.md
new file mode 100644
index 0000000..842b8ac
--- /dev/null
+++ b/XML Parser Scripts/README.md
@@ -0,0 +1,29 @@
+# Question of Trust
+
+The xml.etree.ElementTree module provides an easy-to-use library to parse XML data that you trust, such as the XML ouput generated from NMAP. However, when dealing with data you do not trust, there are better avenues.
+
+The below information comes from https://docs.python.org/3/library/xml.html#xml-vulnerabilities as of 11/19/2021.
+
+## Vulnerabilities For ElementTre
+
+| Attack | Vulnerable |
+| :---------|------------|
+| billion laughs | **Yes** |
+| quadratic blowup | **Yes** |
+| external entity expansion | No |
+| DTD retrieval | No |
+| decompression bomb | No |
+
+## Attack Descriptions
+
+The Billion Laughs attack – also known as exponential entity expansion – uses multiple levels of nested entities. Each entity refers to another entity several times, and the final entity definition contains a small string. The exponential expansion results in several gigabytes of text and consumes lots of memory and CPU time.
+
+The quadratic blowup attack is similar to a Billion Laughs attack; it abuses entity expansion, too. Instead of nested entities it repeats one large entity with a couple of thousand chars over and over again. The attack isn’t as efficient as the exponential case but it avoids triggering parser countermeasures that forbid deeply-nested entities.
+
+## Alternative Package
+
+The defusedxml library is a pure Python package with modified subclasses of all stdlib XML parsers that prevent any potentially malicious operation. Use of this package is recommended for any server code that parses untrusted XML data. The package also ships with example exploits and extended documentation on more XML exploits such as XPath injection.
+
+## References
+* https://docs.python.org/3/library/xml.html#xml-vulnerabilities
+* https://pypi.org/project/defusedxml/
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy