Nmap Development mailing list archives

Re: Parallelize OS Fingerprinting?

From: Bill Petersen <bill.petersen () alcatel com>
Date: Wed, 24 Aug 2005 07:51:09 -0500

How about when you are scanning over 60,000 machines in an address space 
of about 1 million IPs!

I agree, I need parallelization anywhere I can get it.

One way I have tried as well is a script similar to what you have, but 
running 150 scans at a time in parallel, with the script watching for 
one to complete before starting the next one.  One of the limiting 
factors for me is the memory footprint of nmap.  Each takes about 10MB 
last time I looked, and so you have to have a lot of RAM to do the 
massive scans I need to run.

I would love to be able to run just one nmap which handles all of the 
parallelization itself.

Bill Petersen, CISSP
Senior Information Security Analyst
Alcatel North America Information Security
Bill.Petersen () alcatel com
Voice: 972-519-4249
Fax:   972-477-5300



Thomas Loch wrote:

Currently I'm parallelizing scans by using a bash script like the one 
attached. It starts nmap in background, waits for all scans to 
complete and sends the summarized results to a specified email address.

I never scan more than 10 or 15 hosts at a time (and use a very old 
version of nmap :) so this is most likely not a convenient way to scan 
100+ hosts but I hope it is helpful to someone until parallel scanning 
is implemented.

------------------------------------------------------------------------

#!/bin/bash

# hosts to scan
hosts=( host1 host2 host3 )


# clean up old scan results
rm nmap.* 2>/dev/null

# launch scans in background
for host in ${hosts[@]}
do
      nmap -v -sS -O $host >nmap.$host &
      # with errors
      #nmap -v -sS -O $host >nmap.$host 2>nmap.$host.err &
      echo "starting scan for $host"
done

# wait for their completion
wait

# summarize results
grep 'Interesting ports on\|scanned but not shown below\| open \| closed \| filtered ' nmap.* >nmap.__results
# shorter summary:
#grep 'tcp \|udp ' nmap.* >nmap.__results
# this may be more suitable when focusing on OS detection:
#grep 'Interesting ports on\|OS details\|Running\|Device type' nmap.*  >nmap.__results

# pack 'em together
tar -cjf nmap.tar.bz2 nmap.*

# mail me my results + summary
# NOTE: biabam.nmap is a slightly modified version of the biabam
# bash attachment mailer that does not prompt for a message body!
biabam.nmap nmap.tar.bz2 -s 'NMAP run complete!!' root () servers lan
 

------------------------------------------------------------------------



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Parallelize OS Fingerprinting? Brandon Enright (Aug 23)
- Re: Parallelize OS Fingerprinting? Fyodor (Aug 23)
  - Re: Parallelize OS Fingerprinting? Thomas Loch (Aug 23)
    - Re: Parallelize OS Fingerprinting? Bill Petersen (Aug 24)
    - OS Fingerprinting Bill Petersen (Aug 24)
    - Re: OS Fingerprinting Niels Heinen (Aug 24)
    - Re: OS Fingerprinting Emmanuel Goldstein (Aug 27)
    - Re: OS Fingerprinting 赵雷 (Aug 27)
    - Re: OS Fingerprinting Emmanuel Goldstein (Aug 29)
    - Re: Parallelize OS Fingerprinting? MadHat (Aug 24)