Re: Port Scanner Reports

From: Joachim Schipper (j.schipper@math.uu.nl)
Date: Sat Oct 08 2005 - 04:34:11 EDT

• Next message: Fco. Jose Garrido Matamoros: "Re: Port Scanner Reports"
• Previous message: Brian Loe: "RE: Port Scanner Reports"
• In reply to: Jeff Brossette: "Port Scanner Reports"
• Next in thread: Syv Ritch: "Re: Port Scanner Reports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, Oct 06, 2005 at 02:51:00PM -0500, Jeff Brossette wrote:
> All,
>
> I am looking for a port scanning tool (software or hardware, open
> source or commercial) that I can configure to run on a regularly
> scheduled basis, say
> once a week or once a month, for around 500 internal servers and
> workstations (Unix/Linux, Windows and Novell).
>
> The goal is to produce a "diff" report that will identify any new
> ports that have been opened on any of the servers or workstations from
> the previous scan.
>
> This would need to be a completely automatic process that would email
> out the results after each scan cycle.
>
> Are there any products that can perform this task?
>
> Thanks,
> Jeff B.
>

Pretty much anything that outputs plain text can be trivially scripted
to do this.

Try something like the following (untested):

#!/bin/sh

OLD_FILE=/var/nmap.scanned
MY_NET=192.168.0.0/16
TMPFILE=`mktemp /tmp/nmap.XXXXXXXX` || exit 1

nmap -T1 -sT $MYNET > $TMPFILE 2>&1
diff $TMPFILE $OLD_FILE
mv $OLD_FILE $OLD_FILE.old
mv $TMPFILE $OLD_FILE

And run it from cron. You may even wish to use nmap -T1 -sT $MYNET
2>&1 | tee $TMPFILE, as this will also show you the full report.

I really don't see why this is so hard, unless you want to do really
strange things.

                Joachim

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Fco. Jose Garrido Matamoros: "Re: Port Scanner Reports"
• Previous message: Brian Loe: "RE: Port Scanner Reports"
• In reply to: Jeff Brossette: "Port Scanner Reports"
• Next in thread: Syv Ritch: "Re: Port Scanner Reports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:03 EDT