From: Cheng, Derek (US - San Jose) (dcheng@deloitte.com)
Date: Tue Oct 28 2003 - 13:04:35 EST
Hi there.
Try using Nlog. It seems to work relatively well to manage Nmap output
using a web-based GUI.
http://lists.insecure.org/lists/nmap-hackers/1998/Oct-Dec/0079.html
Derek Cheng
Deloitte & Touche
NLog is a set of PERL scripts for managing and analyzing your nmap 2.0+
log
files. It allows you to keep all of your scan logs in a single
searchable
database. The CGI interface for viewing your scan logs is completly
customizable and easy to modify and improve. The core CGI script allows
you
to add your own extension scripts for different services, so all hosts
with
a certain service running will have a hyperlink to the extension script.
An Overview:
------------------
Basically this is a multi-purpose web-based nmap log browser. The
extension
scripts allow you to get detailed information about specific services
like
netbios, the RPC services, the finger service, and BIND version of a DNS
server. It is extremely easy to create your own extensions for things
like
a snmpwalk wrapper, a popper vulnerablility check, etc.
Nlog provides a standard database format to build your own scripts for
any
purpose. Whether to provide a graphical representation of a network or
as a
web based service gateway to an internal network. Included are the
example
CGI scripts, the nmap log to database conversion tool, a sample template
for
building your own PERL scripts, and couple extra scripts for dumping
IP's
from a domain and the like.
A possible use of nlog is for a network administrator who scans his
local
network regularly, to make sure none of the machines are listening on
wierd
ports and that they all are running the services they should be. A cron
script could scan his internal network, convert the log files to the
database format and store them on a web server by time or date. The
adminstrator could then load the nlog search form page preferably
protected
by the normal http authentication methods and run comparisons between
databases collected on different dates or at different times from
anywhere.
If the web server is on a gateway machine, he could run RPC or finger
requests on the internal hosts through the CGI interface thus removing
his
need to be on the possibly firewalled or masqued network to check a
hosts
status.
-----Original Message-----
From: a55mnky@yahoo.com [mailto:a55mnky@yahoo.com]
Sent: Tuesday, October 28, 2003 6:43 AM
To: pen-test@securityfocus.com
Subject: Nmap output
I am in the midst of a wide scale Pentest egangement for a client - they
have 7 class C networks. We are overwhelmed with the output from nmap.
Does anybody know of a tool to manage the output - preferably in a
graphical format. I tried the XML output but cannot figure out what to
do with that.
J
------------------------------------------------------------------------
--- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ------------------------------------------------------------------------ ---- This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT