Hi,

I tried to implement a simple lib and tests in Go for this standard (ReconJSON-Go) and during this time I encountered some problem, especially about the "Service" object.

It's not defined in the draft but used in an example. Here are my issues :

• What's the purpose of the "protocol" key ? Is it simply the same as in the parent Port object ?
• What's the format of the Content field ? a simple key/value string ? What about duplicated lines, should we truncate them or just consider this array is a "splitted by line" version of the returned file ? (And what about binary file then ?)

I've encountered other ambiguity during the writing of this lib (should I create other(s) separate issue?) :

• What should be done about duplicated key ? There is a lot of scenario possible (I'm writing a distributed recon tool since some time, so some problem were already though)
  • Same IP but in different network (If multiple scan are working on different internal network)
  • Same Host but with 2 or more IP : should we de-duplicate them ? (if so, how to determine it's the same host ?).
  • Some Hosts won't respond the same between IPv4 and IPv6 requests (firewall, Virtual Host poorly configured, etc...)
• Why limiting the DNS Key to A,AAAA,CNAME,PTR,MX,NS,TXT ? Some other field like DNSSEC might be interresting, and I don't see why we should limit these (as they are only Key/Value strings...)
• Some ambiguity about the "protocol" in the Port object :
  • Do we have a "definitive" list ? or is it more flexible ?
  • Should we use a upper case ? lower case ? case insensitive ?

Then, thanks, this is definitely a needed initiative and I hope it will continue and be supported by others tools. I look forward to implement it in mines.