Re: Version scan using nmap log

[chintan dave <davechintan () gmail com>]

Thanks for the explanation David,

Yeah, I'll parse the log files and feed only the open ports to nmap for
version detection.

Appreciate your prompt reply.

On Thu, Feb 11, 2010 at 2:19 AM, David Fifield <david () bamsoftware com>wrote:

> On Wed, Feb 10, 2010 at 12:17:06PM +0530, chintan dave wrote:
> > I have performed a Syn Scan against some few thousand IP addresses,
> however
> > didn't include the version detection switch when I performed the scan.
> >
> > I have *.nmap & *.xml log formats for these scans (for some IP Addresses,
> > even grepable format is saved).
> >
> > Is there a way I can feed these logs to nmap to perform the version scan
> of
> > services running on open port.
>
> Nmap doesn't have a way to do that built in. What I recommend is to
> write a program to parse the XML files and build new Nmap commands. The
> new scans would do nothing but version detection, like
>
> nmap -n -PN -sV -p <ports> <target>
>
> <ports> would be limited to the open ports for each target. That way
> you're not doing a full port scan again.
>
> One problem is that you're going to end up with a directory of separate
> XML output files. One way to deal with that is to open the directory
> with Zenmap's "Open Directory" feature, which will combine all the scan
> results into one view.
>
> David Fifield



-- 
Regards,
Chintan Dave,

LinkedIn Profile: http://www.linkedin.com/in/chintandave
Blog:http://www.chintandave.com
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/