Whipped this up for work, figured I’d share with the world, since it’s decently useful. Stick it in cron nightly, needs to run as root. It will run a diff on what it sees and email you if there are new ports/hosts that pop up on your networks. If you find errors or mods, use this: http://pastebin.com/f635a7517 to modify it and post in the comments.
#! /bin/sh
DIR="/opt/nmap/scans"
NETWORKS="192.168.1.0-255"
TODAY=`date +%Y%m%d`
YESTERDAY=`date -d yesterday +%Y%m%d`
for network in $NETWORKS
do
nmap -n -sS $network -oG $DIR/$network.$TODAY.nmap
done
for network in $NETWORKS
do
diff -I "^#" $DIR/$network.$TODAY.nmap $DIR/$network.$YESTERDAY.nmap > $DIR/$network.$TODAY.diff
done
for network in $NETWORKS
do
SIZE=`find $DIR/$network.$TODAY.diff -size +0b`
if [ "$SIZE" = "$DIR/$network.$TODAY.diff" ]
then
cat $DIR/$network.$TODAY.diff | mail -s "Change Detected for $network" user@host.com
fi
done
Thanks, I needed that.
E
Heya N8, GREAT idea for combining nmap+diff. I really liked this, but felt like it could use some more bells and whistles.
I have a re-write up over at http://www.hellspark.com/dm/linux/nmap-scanner.html Let me know what you (and others) think.