Friday, March 13, 2009
automated nmap scans
Whipped this up for work, figured I'd share with the world, since it's decently useful. Stick it in cron nightly, needs to run as root. It will run a diff on what it sees and email you if there are new ports/hosts that pop up on your networks. If you find errors or mods, use this: http://pastebin.com/f635a7517 to modify it and post in the comments.
#! /bin/sh
DIR="/opt/nmap/scans"
NETWORKS="192.168.1.0-255"
TODAY=`date +%Y%m%d`
YESTERDAY=`date -d yesterday +%Y%m%d`
for network in $NETWORKS
do
nmap -n -sS $network -oG $DIR/$network.$TODAY.nmap
done
for network in $NETWORKS
do
diff -I "^#" $DIR/$network.$TODAY.nmap $DIR/$network.$YESTERDAY.nmap > $DIR/$network.$TODAY.diff
done
for network in $NETWORKS
do
SIZE=`find $DIR/$network.$TODAY.diff -size +0b`
if [ "$SIZE" = "$DIR/$network.$TODAY.diff" ]
then
cat $DIR/$network.$TODAY.diff | mail -s "Change Detected for $network" user@host.com
fi
done
Comments:
Links to this post:
<< Home
Heya N8, GREAT idea for combining nmap+diff. I really liked this, but felt like it could use some more bells and whistles.
I have a re-write up over at http://www.hellspark.com/dm/linux/nmap-scanner.html Let me know what you (and others) think.
I have a re-write up over at http://www.hellspark.com/dm/linux/nmap-scanner.html Let me know what you (and others) think.
Links to this post:
<< Home
Subscribe to Posts [Atom]


Post a Comment