Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Perl script to perform daily comparision scans

From: "Joseph \"Dan\" Waggoner" <dan () waggoner com>
Date: Tue, 14 Aug 2001 15:18:41 -0500
The two links in this message are perl script which I will be describing below. This way if you don't want to look at the script you don't have to go to my website. 

archmaker (couldn't think of a better name :-))

The both require the use of the PERL module MailTools-1.5.

The format of the files produced are as follows:

10.1.1.1_RAW # Raw output of the nmap scan
10.1.1.1_Base # Cleaned up version of the nmap scan
10.1.1.1_Aug_14 # Daily cleaned up version of the nmap scan
This script is designed to be ran on a remote host, on an automated basis, using the cron utility on a frequency determined by the user. 

USE
Run the "base" code first to develop the base file. If you approve of the ports reported open on the base scan then continue on. If not fix the open ports and THEN re-run the base function to create an updated "base" file.
Run the "code" using cron underneath a NON-ROOT user for security purposes. Have the address from system set to the user executing the crontab file. Took a little work in sendmail to get formatted the way I wanted, but is not that difficult. 

RESULT
This program is currently being used once a day against a system to check the status of the ports on the system. The base is the one which the daily scans are compared against, with any difference being reported by email to whomever you want to include in your contact list. This report is basically in the format below: 
------------------------------------------------------------------------------------------------------
From: test-scanner () com org
To: systemadmin () scan com
Subject: Difference in 10.1.1.1


  DIFFERENCES IN SCAN RESULTS

     BASE SCAN RECENT SCAN
Port Status Service | Port Status Service
-------------------------------------------------------------------------------
No Open Ports        | 23    Open   telnet

------------------------------------------------------------------------------------------------------
Now for the code. Any comments to make it better will be appreciated. I am an accountant, not a programmer. And all the programming I have done has been self taught. Started teaching myself PERL about two years ago, in my spare time. Believe the best way to learn is to do, not just read the book. Hence my code does have some faults.
Will be working on my web site soon to place the code out in the public and better document what it does, and hopefully contain information on how to use and etc. I currently have two more scripts designed to be used against sequential IP addresses (up to 255), both the "base" and "code", but want to beta them a little more to ensure I have all the bugs worked out and want to see the recommendations made concerning these two scripts. 

Base code:      www.archmaker.com/archmaker_base.htm

Daily Scan code:        www.archmaker.com/archmaker_code.htm



Joseph "Dan" Waggoner, CISA
Your born at Point A you die at Point B, you better live life to the fullest in between. 


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: