Re: Zenmap and remote Nmap agents

[Niel Skousen <nskousen () ecsecurityinc com>]

Thanks Dan,

Here is the link to the page which walks through a process similar to your #3 on a linux localhost.

   http://blog.rootshell.be/2010/04/28/remote-nmap-scanning-with-zenmap/  

I recognize that I can do this manually and scp the .xml output files back for aggregation and comparison, but was 
hoping there was a way to setup a 'profile' source to make it a little easier.    I already have the nmap in place at 
each of 6 sites, and on my Win7 local LT.

Seems at this point like though a fun thing to tackle, realistically even though mechanically more tedious, its cleaner 
and straight forward to just open a putty session to each, and WinScp the results back to analyze...

Thanks for taking the time to respond !

Niel


On Nov 28, 2014, at 12:25 PM, Daniel Miller <bonsaiviking () gmail com> wrote:

> On Fri, Nov 28, 2014 at 11:27 AM, Niel Skousen <nskousen () ecsecurityinc com> wrote:
> Maybe missing something, but would be very handy to manage a remote nmap scanner via Zenmap local client.   found one 
> web guide from 2010.
>
> Am I missing a capability ?
>
> Background:  My corporate environment is distributed across multiple sites, and is Windows based by decree.  At each 
> site I have a CentOS cyber system with NMap and other tools.   My VPN access must be from a corporate windows laptop.
>
> I'd like to manage and aggregate scans from multiple remote nmap agents via the Zenmap on my local Windows LT.
>
> Any suggests or solutions ?
>
> Niel,
>
> Understanding how Zenmap works with the nmap executable will help you understand your options for using Zenmap and 
> nmap on separate machines.
>
> Zenmap can help you manage your Nmap command lines with saved profiles and interactive NSE script argument 
> documentation. The command line gets built in the Command box, and can be edited, copied, and saved. When you hit the 
> Scan button, Zenmap spawns an nmap process with a couple extra arguments to generate XML output, then shows a 
> syntax-highlighted scrolling view of the output.
>
> The only interaction with the nmap process is the execution and the reading of output. All of Zenmap's fancy views 
> and topology maps are built from the XML output, which can be imported directly. The scrolling output window has 
> given some users memory problems in the past; I'm pretty sure we've worked around that (by dropping the output window 
> when it gets too big), but I still recommend that people run their Nmap scans from a console and import the results 
> into Zenmap for viewing.
>
> So here are some options:
>
> 1. Install the Windows version of Nmap and Zenmap and just scan from your Windows machine. Nmap on Windows is well 
> supported and works for just about everything except SYN scan of localhost.
>
> 2. Run your scans via SSH or VPN or something from your CentOS machine, using the -oA or -oX options to save XML 
> output. Then move the output files to your Windows machine for viewing with Zenmap. (You'll still have to have Nmap 
> installed to get Zenmap, or you could use the zipfile instead of the installer and just copy out the Zenmap part).
>
> 3. Rename the nmap.exe on your Windows system to nmap-bin.exe and replace it with nmap.bat that calls some 
> command-line SSH utility with public-key authentication to your CentOS machine and runs Nmap there. With a little 
> work, it could be transparent to Zenmap, though you'd have to do some file path mangling to get your remote nmap to 
> output XML to a file share while tricking Zenmap into picking it up from the same file share.
>
> Hope that helps! I'd be interested to see the guide you referred to, and I'm sure the rest of the list subscribers 
> would like to hear your solution when you get there.
>
> Dan

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/