Penetration Testing mailing list archives

Re: Port Scanner Reports

From: Serg Belokamen <serg.belokamen () gmail com>
Date: Thu, 13 Oct 2005 15:26:59 +1000

Nmap is the solution.

Nmap can output veriety of formats from human readable to XML to 1337

So wrapping that in a script would be a trivial matter, you could even
do a discovery scan so to speak so you dont need to keep a massive IP
(to scan) database.

   Cheers,
      Serg

On 12/10/05, Syv Ritch <syv () 911networks com> wrote:

Jeff Brossette wrote:

All,

I am looking for a port scanning tool (software or hardware, open
source or commercial) that I can configure to run on a regularly
scheduled basis, say
once a week or once a month, for around 500 internal servers and
workstations (Unix/Linux, Windows and Novell).

The goal is to produce a "diff" report that will identify any new
ports that have been opened on any of the servers or workstations from
the previous scan.

This would need to be a completely automatic process that would email
out the results after each scan cycle.

Are there any products that can perform this task?


The best [IMHO] is nmap, you can save the output, use cron to
schedule it at different times, then use diff to view the
changes. That way, you can create a history.

If nmap is too complicated, use nmapfe [nmap front end] to
generate the command line and plug in cron.

Products like GFI scanner, create beautiful web pages to show the
customer, "but nmap is still the king."


--
Thanks
http://www.911networks.com
When the network has to work Cisco/Microsoft

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Port Scanner Reports Jeff Brossette (Oct 07)
- RE: Port Scanner Reports Brian Loe (Oct 08)
- Re: Port Scanner Reports Joachim Schipper (Oct 08)
- Re: Port Scanner Reports Syv Ritch (Oct 12)
  - Re: Port Scanner Reports Serg Belokamen (Oct 13)
    - xp_cmdshell with low permission Frederic Charpentier (Oct 15)
    - Re: xp_cmdshell with low permission Hanserl (Oct 16)
- <Possible follow-ups>
- Port Scanner Reports jeff . brossette (Oct 07)
  - Re: Port Scanner Reports Gary E. Miller (Oct 08)
  - Re: Port Scanner Reports Fco. Jose Garrido Matamoros (Oct 08)
  - Re: Port Scanner Reports Satanic.Brain (Oct 08)
  - RE: Port Scanner Reports Cory Michal (Oct 08)
  - Re: Port Scanner Reports Richard Farina (Oct 11)
    - Re: Port Scanner Reports Packet Man (Oct 13)
  - Re: Port Scanner Reports Daniel Miessler (Oct 31)

(Thread continues...)