Re: feature request/discussion (--expected-ports)

["Arturo 'Buanzo' Busleiman" <buanzo () buanzo com ar>]

Well, I could keep using grep,xargs and a python helper 10-liner I
wrote, and just nmap as well.

Going ndiff+starlet is less cleaner for implementation purposes, but
it is still something interesting I'll dig on in.

Thx David!


On 8/7/12, David Fifield <david () bamsoftware com> wrote:
> On Mon, Aug 06, 2012 at 09:46:16AM -0300, Arturo 'Buanzo' Busleiman wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > Hi team,
> >
> > I've been using nmap to monitor port differences in hosts for years.
> > Always parsing the output and
> > diffing.
> >
> > But I was thinking, maybe a --expected-ports argument could be added, then
> > nmap would warn? Maybe
> > this could be a post-scan nse script?
> >
> > example:
> >
> > nmap -sT --top-ports 1000 --expected-ports 80,443 $sometarget
> > nmap --script portdiff --script-args portdiff.expected=80,443 -sT
> > --top-ports 1000 $sometarget
> >
> > I haven't given this much thought, just wondering.
> >
> > What do you think?
>
> Maybe better to handle this with Ndiff. I can diff against a baseline
> scan containing all the expected ports. You can probably cook up an
> xmlstarlet starlet command to look for a port element with
> state@state=="open" that is a child of a b element.
>
> David Fifield
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

-- 
Sent from my mobile device
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/