Nmap Development mailing list archives
Re: Fathom 0.97 - Full Toolkit release, bug fixes, new features
From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Nov 2010 21:06:45 -0800
On Sun, Nov 07, 2010 at 05:31:51PM -0600, Tom Sellers wrote:
Version 0.97 of the Fathom Toolkit has been released. The Fathom Toolkit is a suite of tools written with the goal of helping utilize Nmap to better understand your environment. The core tools are written in Ruby and leverage Kris Katterjohn's Nmap::Parser[1] Ruby library for searching and manipulating Nmap's XML output. Basic capabilities include querying large datasets for ports, services, OSes as well as providing metrics on the same. This version includes new scripts that round out the functionality of the suite. While previous releases primarily focused on querying existing XML formatted Nmap scan data, the new code handles the scan data's lifecycle including target management, recon, scanning, updating and purging. Release: http://www.fadedcode.net/fathom/index.htm#Fathom0.97 Changelog: http://www.fadedcode.net/fathom/downloads.htm#Changelog New functionality: * Addition of scan-full.sh, scan-recon.sh and scan-noping-full.sh shell scripts. Each of these scripts performs a particular type of single target scan. They can be executed manually for a specific target, or called by the sweep scripts.
Fathom is a great example of how to run Nmap scans on a recurring basis. I also appreciate the insight into how you do your scans. This documentation is good (I was looking for it on the main page but it's on the downloads page): http://www.fadedcode.net/fathom/downloads.htm#BasicSetup
The scan output are files in *each* of Nmap's output formats placed in the ./logs directory. There is ONE set of files PER HOST. While this increases the number of files, it makes single host updating and cleanup much simpler * Addition of sweep-full.sh and sweep-recon.sh shell scripts. These scripts iterate over a list of hosts (./lists/scanlist-random.txt) and execute either scan-full.sh or scan-recon.sh. The scan output are files in *each* of Nmap's output formats placed in the ./logs directory. * Addition of update-data.sh shell script. This script rescans the hosts in the ./logs directory with scan-full.sh starting with the oldest first. * Addition of fill-gaps.sh shell script. This script takes input from ./lists/gaps.txt and scans the hosts with scan-recon.sh ONLY if no files exist for the host in ./logs. * Addition of util-genlist.sh shell script. This script takes a list of target subnets from ./lists/subnets.txt and generates two lists of targets: scanlist.txt and scanlist-random.txt. scanlist-random.txt is the file that sweep-full.sh and sweep-recon.sh use as their source of input. * Addition of report.sh shell script. This script accepts an IP address as input and simply echoes the contents of that IP's .nmap file to the console if it exists. This simplifies quick lookups of data for single hosts.
I like this report.sh option.
Changes to prior functionality: * fathom.rb - Added -m / --mac-address to search by MAC address or MAC vendor string. This will use results from nbstat.nse if the MAC data isn't present but nbstat data is. Thanks to Ron Bowes (www.skullsecurity.org) for this idea.
This is a nice idea. This is another argument for better structured NSE output. Scripts should be able to represent addresses and other data without requiring special knowledge in tools like Fathom. I was surprised at the results of this search: $ ruby fathom.rb -m ab 192.168.0.190 00:16:CB:AE:D4:AC Apple Computer 2010/11/22 20:35:41 I don't see how "ab" matches anything there. Another example: $ ruby fathom.rb -m ac 192.168.0.1 00:15:05:A2:C7:00 Actiontec Electronic 2010/11/22 20:50:24 192.168.0.190 00:16:CB:AE:D4:AC Apple Computer 2010/11/22 20:54:08
* util-cleanup.rb - Added IP address based selection of files to move to the backup directory * util-cleanup.rb - Added --purge command to delete backup directory contents. * Tabular (default) console output is much easier to read now. * Fixed a issue in Fathom where --script-data was not searching host script output. * Misc fixes and enhancements can be found in the 0.97 changelog. All that being said, I have posted the information on Fathom on my site at http://www.fadedcode.net/fathom/ For those of you that play around with or use Fathom I would greatly appreciate any and all feedback you feel like sending regardless of the topic (functionality, code quality, installation, site, etc).
I expected the Ruby and shell scripts to be executable. If that's possible to do in a zip file it would be nice. The scripts even require it: # sh sweep-recon.sh 11/22/2010 08:49:49 PM Scanning 192.168.0.0 sweep-recon.sh: line 18: ./scan-recon.sh: Permission denied 11/22/2010 08:49:49 PM Scanning 192.168.0.1 sweep-recon.sh: line 18: ./scan-recon.sh: Permission denied 11/22/2010 08:49:49 PM Scanning 192.168.0.10 sweep-recon.sh: line 18: ./scan-recon.sh: Permission denied David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fathom 0.97 - Full Toolkit release, bug fixes, new features Tom Sellers (Nov 07)
- Re: Fathom 0.97 - Full Toolkit release, bug fixes, new features David Fifield (Nov 22)
- Re: Fathom 0.97 - Full Toolkit release, bug fixes, new features Tom Sellers (Nov 23)
- Re: Fathom 0.97 - Full Toolkit release, bug fixes, new features David Fifield (Nov 26)
- Re: Fathom 0.97 - Full Toolkit release, bug fixes, new features Tom Sellers (Nov 23)
- Re: Fathom 0.97 - Full Toolkit release, bug fixes, new features David Fifield (Nov 22)