Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Fathom 0.95 - Release for public testing

From: Tom Sellers <nmap () fadedcode net>
Date: Sat, 26 Jun 2010 15:54:28 -0500
All,

        I just finished polishing up some code that I have been working on and
using for some time and thought I would share it.  It is essentially Ruby code
that uses Kris Katterjohn's Nmap::Parser (1) to perform searches against Nmap XML
output.  The tool, fathom, can search XML logs for hosts with certain port,
service, operating system, NSE script name or NSE script output. Results can
be excluded based on port number as well as service, product or OS string.
The result is returned in bare (IP only), tab delimited and CSV formats.

It also includes a tool, fp-list, that will extract service and OS fingerprints
from the same XML files.  The exclusion and output options work for this
script as well.

I've been using them, in various forms and levels of functionality, for about 2
years now.  Up until recently I have only had enough time to just add the
features that I needed for whatever task was at hand.  I *finally* had enough
time to add some missing functionality and clean it up so that it is not
totally embarrassing for someone else to see it.

There are some other scripts that go with fathom that I have not published yet.
These generate scan lists based on input files, scan single targets, scan whole
scan lists, update existing information on hosts in the XML logs, clean up the
data sets, etc.

All that being said, I have posted the information on fathom on my site at
http://www.fadedcode.net/fathom/

For those of you that play around with or use fathom I would greatly appreciate
any and all feedback you feel like sending regardless of the topic (functionality,
code quality, installation, site, etc).


Thanks much,

Tom

1:  Ruby Nmap::Parser by Kris Katterjohn
    http://rubynmap.sourceforge.net/


PS:

Some usage examples:


Search for all services http services, regardless of port

        ./fathom.rb -s http
                                
Search for all services http services, exclude those on port 80, output in CSV

        ./fathom.rb -s http -e -c
                                
Display all service fingerprints, exclude those on port 80

        ./fp-list.rb -s -e 80                                   

Show the top 10 OSes, services and ports in the logs
        
        ./fathom.rb --metrics 10
                                
Show the count of OS fingerprints and a port breakdown of service fingerprints in the logs, limit to 15
        
        ./fp-list.rb --metrics 15
                                


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: