Fathom 0.97 - Full Toolkit release, bug fixes, new features

[Tom Sellers <nmap () fadedcode net>]

All,

    Version 0.97 of the Fathom Toolkit has been released. The Fathom Toolkit is
a suite of tools written with the goal of helping utilize Nmap to better understand
your environment. The core tools are written in Ruby and leverage Kris Katterjohn's
Nmap::Parser[1] Ruby library for searching and manipulating Nmap's XML output.
Basic capabilities include querying large datasets for ports, services, OSes as
well as providing metrics on the same.


This version includes new scripts that round out the functionality of the suite.
While previous releases primarily focused on querying existing XML formatted Nmap
scan data, the new code handles the scan data's lifecycle including target management,
recon, scanning, updating and purging.

Release:        http://www.fadedcode.net/fathom/index.htm#Fathom0.97
Changelog:      http://www.fadedcode.net/fathom/downloads.htm#Changelog

New functionality:

    * Addition of scan-full.sh, scan-recon.sh and scan-noping-full.sh shell scripts.
      Each of these scripts performs a particular type of single target scan. They
      can be executed manually for a specific target, or called by the sweep scripts.

      The scan output are files in *each* of Nmap's output formats placed in the ./logs
      directory. There is ONE set of files PER HOST. While this increases the number
      of files, it makes single host updating and cleanup much simpler          

    * Addition of sweep-full.sh and sweep-recon.sh shell scripts. These scripts iterate
      over a list of hosts (./lists/scanlist-random.txt) and execute either scan-full.sh
      or scan-recon.sh. The scan output are files in *each* of Nmap's output formats
      placed in the ./logs directory.

    * Addition of update-data.sh shell script. This script rescans the hosts in the
      ./logs directory with scan-full.sh starting with the oldest first.

    * Addition of fill-gaps.sh shell script. This script takes input from ./lists/gaps.txt
      and scans the hosts with scan-recon.sh ONLY if no files exist for the host in ./logs.

    * Addition of util-genlist.sh shell script. This script takes a list of target subnets
      from ./lists/subnets.txt and generates two lists of targets: scanlist.txt and
      scanlist-random.txt. scanlist-random.txt is the file that sweep-full.sh and sweep-recon.sh
      use as their source of input.

    * Addition of report.sh shell script. This script accepts an IP address as input and
      simply echoes the contents of that IP's .nmap file to the console if it exists.
      This simplifies quick lookups of data for single hosts.

Changes to prior functionality:

    * fathom.rb - Added -m / --mac-address to search by MAC address or MAC vendor string.
      This will use results from nbstat.nse if the MAC data isn't present but nbstat
      data is. Thanks to Ron Bowes (www.skullsecurity.org) for this idea.

    * util-cleanup.rb - Added IP address based selection of files to move to the backup
      directory

    * util-cleanup.rb - Added --purge command to delete backup directory contents.

    * Tabular (default) console output is much easier to read now.

    * Fixed a issue in Fathom where --script-data was not searching host script output.

    * Misc fixes and enhancements can be found in the 0.97 changelog.


All that being said, I have posted the information on Fathom on my site at
http://www.fadedcode.net/fathom/

For those of you that play around with or use Fathom I would greatly appreciate
any and all feedback you feel like sending regardless of the topic (functionality,
code quality, installation, site, etc).

Thanks much,

Tom

1:  Ruby Nmap::Parser by Kris Katterjohn
    http://rubynmap.sourceforge.net/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/