automated nmap scans

Posted on 2009/03/13 by nathan

Whipped this up for work, figured I’d share with the world, since it’s decently useful. Stick it in cron nightly, needs to run as root. It will run a diff on what it sees and email you if there are new ports/hosts that pop up on your networks. If you find errors or mods, use this: http://pastebin.com/f635a7517 to modify it and post in the comments.

#! /bin/sh

DIR="/opt/nmap/scans"
NETWORKS="192.168.1.0-255"
TODAY=`date +%Y%m%d`
YESTERDAY=`date -d yesterday +%Y%m%d`

for network in $NETWORKS
do
      nmap -n -sS $network -oG $DIR/$network.$TODAY.nmap
done

for network in $NETWORKS
do
      diff -I "^#" $DIR/$network.$TODAY.nmap $DIR/$network.$YESTERDAY.nmap  > $DIR/$network.$TODAY.diff
done

for network in $NETWORKS
do
      SIZE=`find $DIR/$network.$TODAY.diff -size +0b`
      if [ "$SIZE" = "$DIR/$network.$TODAY.diff" ]
      then
              cat $DIR/$network.$TODAY.diff | mail -s "Change Detected for $network"  user@host.com
      fi
done
This entry was posted in sysadmin, uncategorized and tagged . Bookmark the permalink.

2 Responses to automated nmap scans

  1. Anonymous says:
    2009/03/13 at 11:19 PM

    Thanks, I needed that.
    E

    Reply
  2. tsaavik says:
    2009/10/29 at 11:15 PM

    Heya N8, GREAT idea for combining nmap+diff. I really liked this, but felt like it could use some more bells and whistles.

    I have a re-write up over at http://www.hellspark.com/dm/linux/nmap-scanner.html Let me know what you (and others) think.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>