Nmap Development mailing list archives
Re: Fathom 0.95 - Release for public testing
From: David Fifield <david () bamsoftware com>
Date: Mon, 28 Jun 2010 21:40:38 -0600
On Sat, Jun 26, 2010 at 03:54:28PM -0500, Tom Sellers wrote:
I just finished polishing up some code that I have been working on and using for some time and thought I would share it. It is essentially Ruby code that uses Kris Katterjohn's Nmap::Parser (1) to perform searches against Nmap XML output. The tool, fathom, can search XML logs for hosts with certain port, service, operating system, NSE script name or NSE script output. Results can be excluded based on port number as well as service, product or OS string. The result is returned in bare (IP only), tab delimited and CSV formats. For those of you that play around with or use fathom I would greatly appreciate any and all feedback you feel like sending regardless of the topic (functionality, code quality, installation, site, etc).
At first I thought this wasn't working, because there wasn't any output. I found out it's because the program is looking for a "logs" directory when I expected it to look in the current directory. I make it work with the -l option. $ cd ~/nmap/ndiff/test-scans $ ruby ~/fathom/fathom.rb -o bsd $ ruby ~/fathom/fathom.rb -l . -o bsd 10.137.81.38 FreeBSD 6.2-RELEASE 03/24/09 17:34:11 10.196.172.89 utkjlegbx-701.example.com FreeBSD 6.2-RELEASE 03/24/09 17:34:11 10.227.126.44 m0n0wall 1.3b11 - 1.3b15 FreeBSD-based firewall 03/24/09 17:34:11 10.137.81.38 FreeBSD 6.2-RELEASE 03/25/09 16:35:27 10.196.172.89 cdgzhwik-216.example.com FreeBSD 6.2-RELEASE 03/25/09 16:35:27 10.227.126.44 m0n0wall 1.3b11 - 1.3b15 FreeBSD-based firewall 03/25/09 16:35:27 $ ruby ~/fathom/fathom.rb -p 445 -l . 10.210.225.168 mtlhxcs-302.example.com 445/tcp netbios-ssn 03/25/09 16:35:27 $ ruby ~/fathom/fathom.rb -s ssl -l . 10.89.230.125 bthpafeg-852.example.com 8443/tcp http Apache SSL-only mode httpd 03/24/09 17:34:11 10.227.126.44 80/tcp http Apache httpd 2.2.6 (FreeBSD) mod_ssl/2.2.6 OpenSSL/0.9.7e-p1 DAV/2 PHP/5.2.5 with Suhosin-Patch 03/24/09 17:34:11 10.89.230.125 bthpafeg-852.example.com 8443/tcp http Apache SSL-only mode httpd 03/25/09 16:35:27 10.227.126.44 80/tcp http Apache httpd 2.2.6 (FreeBSD) mod_ssl/2.2.6 OpenSSL/0.9.7e-p1 DAV/2 PHP/5.2.5 with Suhosin-Patch 03/25/09 16:35:27 The order of options appears to matter. Putting -l before --metrics works, but the other order doesn't. $ ruby ~/fathom/fathom.rb -l . --metrics 3 The logs contain information on 120 hosts. OS statistics: Count OS 40 6 Cisco 2821 router 6 HP 4000M ProCurve switch (J4121A) Port statistics: Count Port 22 80/tcp 16 21/tcp 16 23/tcp Service statistics: Count Service 30 http 22 tcpwrapped 16 telnet $ ruby ~/fathom/fathom.rb --metrics 3 -l . The logs contain information on 0 hosts. OS statistics: Count OS Port statistics: Count Port Service statistics: Count Service David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fathom 0.95 - Release for public testing Tom Sellers (Jun 26)
- Re: Fathom 0.95 - Release for public testing Kris Katterjohn (Jun 26)
- Re: Fathom 0.95 - Release for public testing David Fifield (Jun 28)
- Re: Fathom 0.95 - Release for public testing Tom Sellers (Jun 30)