Re: Parallelize OS Fingerprinting?

[Thomas Loch <thomas8142 () freenet de>]

Currently I'm parallelizing scans by using a bash script like the one 
attached. It starts nmap in background, waits for all scans to complete 
and sends the summarized results to a specified email address.

I never scan more than 10 or 15 hosts at a time (and use a very old 
version of nmap :) so this is most likely not a convenient way to scan 
100+ hosts but I hope it is helpful to someone until parallel scanning 
is implemented.

#!/bin/bash

# hosts to scan
hosts=( host1 host2 host3 )


# clean up old scan results
rm nmap.* 2>/dev/null

# launch scans in background
for host in ${hosts[@]}
do
        nmap -v -sS -O $host >nmap.$host &
        # with errors
        #nmap -v -sS -O $host >nmap.$host 2>nmap.$host.err &
        echo "starting scan for $host"
done

# wait for their completion
wait

# summarize results
grep 'Interesting ports on\|scanned but not shown below\| open \| closed \| filtered ' nmap.* >nmap.__results
# shorter summary:
#grep 'tcp \|udp ' nmap.* >nmap.__results
# this may be more suitable when focusing on OS detection:
#grep 'Interesting ports on\|OS details\|Running\|Device type' nmap.*  >nmap.__results

# pack 'em together
tar -cjf nmap.tar.bz2 nmap.*

# mail me my results + summary
# NOTE: biabam.nmap is a slightly modified version of the biabam
# bash attachment mailer that does not prompt for a message body!
biabam.nmap nmap.tar.bz2 -s 'NMAP run complete!!' root () servers lan



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev