Nmap Development mailing list archives
Fathom 0.96 - New release, bug fixes, new features
From: Tom Sellers <nmap () fadedcode net>
Date: Mon, 12 Jul 2010 06:42:38 -0500
All, Last night I published a new version of Fathom. It is essentially Ruby code that uses Kris Katterjohn's Nmap::Parser (1) to perform searches against Nmap XML output. The tool can search XML logs for hosts with certain port,service, OS, NSE script name or NSE script output. Results can be excluded based on port number as well as service, product or OS string. The result is returned in bare (IP only), tab delimited and CSV formats. It also includes a tool, fp-list, that will extract service and OS fingerprints from the same XML files. The exclusion and output options work for this script as well. The new version includes bug fixes and recommendations from Kris Katterjohn and David Fifield (Thanks to you both!) as well as new features. The key features are primarily output filters (ip range and date), improvements in input selection handling, improved output and increased control over exclusions. There are some other scripts that go with fathom that I have not published yet. These generate scan lists based on input files, scan single targets, scan whole scan lists, update existing information on hosts in the XML logs, clean up the data sets, etc. I am about ready to start working on making them publishable. Together they work as a cohesive whole to develop scan lists, scan the hosts and keep the data up to date. Fathom and fp-list were originally built to make the results useful when dealing with any significant number of hosts. All that being said, I have posted the information on fathom on my site at http://www.fadedcode.net/fathom/ For those of you that play around with or use fathom I would greatly appreciate any and all feedback you feel like sending regardless of the topic (functionality, code quality, installation, site, etc). Thanks much, Tom 1: Ruby Nmap::Parser by Kris Katterjohn http://rubynmap.sourceforge.net/ Fathom 0.96 Changelog * Cleanup: Code cleanup and efficiency changes - Thanks to Kris Katterjohn. * BUG: Fixed directory specification and options order issue - Thanks to David Fifield. * Metrics: Added counts for service product. * Output: Added -r / --report option to specify output file. All query results will be written to this file. * Input: Changed -l / --log to handle individual files as well as directories. Long option is now --log instead of --log-dir. Clarified error message when input XML file does not exist. * Output Filter: Added --ip-filter to permit filtering of output by host IP address, takes single host, IP/CIDR and IP/netmask notation. The metrics and all-host outputs respect this filter. * Output Filter: Added --start-date and --end-date to permit filtering of output to just scans that occurred before or after specified dates. The metrics and all-host outputs respect this filter. * Output Filter: Added --exclude-os to permit filtering of output by host OS. Usefulness depends on if Nmap was requested to perform OS identification and the accuracy of the result. * General: Improved grouping and format of -h output. * General: Improved error handling when an Interrupt is sent (Control-C). * Cleanup: Collapsed -a / --all method into special case of os_search. Usage Examples Examples * Search for all hosts with port 25 open ./fathom.rb -p 25 * Search for all http services, exclude those on port 80, output in CSV to a file named http.csv ./fathom.rb -s http -e 80 -c -r http.csv * Search for all ftp services, excluding printers, scanned on or after 2010-02-10 in the IP range 192.168.12.1/24 ./fathom.rb -s ftp --exclude-os Printer --start-date 2010-02-10 --ip-filter 192.168.12.1/24 * Open every .xml file in the directory './xmlfiles/', search the services for identified as Microsoft SQL Servers, output IP addresses only ./fathom.rb -l ./xmlfiles -s "Microsoft SQL" -b * Display all service fingerprints, exclude those on port 80 ./fp-list.rb -s -e 80 * Show the top 10 OSes, services and ports in the logs ./fathom.rb --metrics 10 * Show the count of OS fingerprints and a port breakdown of service fingerprints in the logs, limit to 10 ./fp-list.rb --metrics 10 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fathom 0.96 - New release, bug fixes, new features Tom Sellers (Jul 12)
- Re: Fathom 0.96 - New release, bug fixes, new features Fyodor (Jul 12)