Friday, March 13, 2009

automated nmap scans

Whipped this up for work, figured I'd share with the world, since it's decently useful. Stick it in cron nightly, needs to run as root. It will run a diff on what it sees and email you if there are new ports/hosts that pop up on your networks. If you find errors or mods, use this: http://pastebin.com/f635a7517 to modify it and post in the comments.

#! /bin/sh

DIR="/opt/nmap/scans"
NETWORKS="192.168.1.0-255"
TODAY=`date +%Y%m%d`
YESTERDAY=`date -d yesterday +%Y%m%d`


for network in $NETWORKS
do
      nmap -n -sS $network -oG $DIR/$network.$TODAY.nmap
done


for network in $NETWORKS
do
      diff -I "^#" $DIR/$network.$TODAY.nmap $DIR/$network.$YESTERDAY.nmap  > $DIR/$network.$TODAY.diff
done

for network in $NETWORKS
do
      SIZE=`find $DIR/$network.$TODAY.diff -size +0b`
      if [ "$SIZE" = "$DIR/$network.$TODAY.diff" ]
      then
              cat $DIR/$network.$TODAY.diff | mail -s "Change Detected for $network"  user@host.com
      fi
done

# posted by Nathan : 3/13/2009 04:14:00 PM
Comments:
Thanks, I needed that.
E
# posted by Anonymous Anonymous : 4:19 PM
 
Heya N8, GREAT idea for combining nmap+diff. I really liked this, but felt like it could use some more bells and whistles.

I have a re-write up over at http://www.hellspark.com/dm/linux/nmap-scanner.html Let me know what you (and others) think.
# posted by Blogger tsaavik : 4:15 PM
 

Post a Comment



Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]