Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Fathom 0.96 - New release, bug fixes, new features

From: Tom Sellers <nmap () fadedcode net>
Date: Mon, 12 Jul 2010 06:42:38 -0500
All,

    Last night I published a new version of Fathom. It is essentially Ruby code
that uses Kris Katterjohn's Nmap::Parser (1) to perform searches against Nmap XML
output.  The tool can search XML logs for hosts with certain port,service, OS,
NSE script name or NSE script output. Results can be excluded based on port
number as well as service, product or OS string.  The result is returned in
bare (IP only), tab delimited and CSV formats.

It also includes a tool, fp-list, that will extract service and OS fingerprints
from the same XML files.  The exclusion and output options work for this
script as well.


The new version includes bug fixes and recommendations from Kris Katterjohn and
David Fifield (Thanks to you both!) as well as new features.  The key features
are primarily output filters (ip range and date), improvements in input selection
handling, improved output and increased control over exclusions.


There are some other scripts that go with fathom that I have not published yet.
These generate scan lists based on input files, scan single targets, scan whole
scan lists, update existing information on hosts in the XML logs, clean up the
data sets, etc.  I am about ready to start working on making them publishable.
Together they work as a cohesive whole to develop scan lists, scan the hosts
and keep the data up to date.  Fathom and fp-list were originally built to make
the results useful when dealing with any significant number of hosts.


All that being said, I have posted the information on fathom on my site at
http://www.fadedcode.net/fathom/


For those of you that play around with or use fathom I would greatly appreciate
any and all feedback you feel like sending regardless of the topic (functionality,
code quality, installation, site, etc).

Thanks much,

Tom

1:  Ruby Nmap::Parser by Kris Katterjohn
    http://rubynmap.sourceforge.net/

Fathom 0.96 Changelog

    * Cleanup: Code cleanup and efficiency changes - Thanks to Kris Katterjohn.
    * BUG: Fixed directory specification and options order issue - Thanks to David Fifield.
    * Metrics: Added counts for service product.

    * Output: Added -r / --report option to specify output file. All query results
      will be written to this file.

    * Input: Changed -l / --log to handle individual files as well as directories. Long
      option is now --log instead of --log-dir. Clarified error message when input XML
      file does not exist.

    * Output Filter: Added --ip-filter to permit filtering of output by host IP address,
      takes single host, IP/CIDR and IP/netmask notation. The metrics and all-host outputs
      respect this filter.

    * Output Filter: Added --start-date and --end-date to permit filtering of output to
      just scans that occurred before or after specified dates. The metrics and all-host
      outputs respect this filter.

    * Output Filter: Added --exclude-os to permit filtering of output by host OS. Usefulness
      depends on if Nmap was requested to perform OS identification and the accuracy of
      the result.

    * General: Improved grouping and format of -h output.
    * General: Improved error handling when an Interrupt is sent (Control-C).
    * Cleanup: Collapsed -a / --all method into special case of os_search.


Usage Examples

Examples

    * Search for all hosts with port 25 open

                                ./fathom.rb -p 25
                                

    * Search for all http services, exclude those on port 80, output in CSV to a file named http.csv

                                ./fathom.rb -s http -e 80 -c -r http.csv
                                

    * Search for all ftp services, excluding printers, scanned on or after 2010-02-10 in the IP range 192.168.12.1/24

                                ./fathom.rb -s ftp --exclude-os Printer --start-date 2010-02-10 --ip-filter 
192.168.12.1/24
                                

    * Open every .xml file in the directory './xmlfiles/', search the services for identified as Microsoft SQL Servers, 
output IP addresses only

                                ./fathom.rb -l ./xmlfiles -s "Microsoft SQL" -b
                                

    * Display all service fingerprints, exclude those on port 80

                                ./fp-list.rb -s -e 80
                                

    * Show the top 10 OSes, services and ports in the logs

                                ./fathom.rb --metrics 10
                                

    * Show the count of OS fingerprints and a port breakdown of service fingerprints in the logs, limit to 10

                                ./fp-list.rb --metrics 10
                                


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: