Penetration Testing mailing list archives

Re: Port Scanner Reports

From: Joachim Schipper <j.schipper () math uu nl>
Date: Sat, 8 Oct 2005 10:34:11 +0200

On Thu, Oct 06, 2005 at 02:51:00PM -0500, Jeff Brossette wrote:

All,

I am looking for a port scanning tool (software or hardware, open
source or commercial) that I can configure to run on a regularly
scheduled basis, say
once a week or once a month, for around 500 internal servers and
workstations (Unix/Linux, Windows and Novell).

The goal is to produce a "diff" report that will identify any new
ports that have been opened on any of the servers or workstations from
the previous scan.

This would need to be a completely automatic process that would email
out the results after each scan cycle.

Are there any products that can perform this task?

Thanks,
Jeff B.


Pretty much anything that outputs plain text can be trivially scripted
to do this.

Try something like the following (untested):

#!/bin/sh

OLD_FILE=/var/nmap.scanned
MY_NET=192.168.0.0/16
TMPFILE=`mktemp /tmp/nmap.XXXXXXXX` || exit 1

nmap -T1 -sT $MYNET > $TMPFILE 2>&1
diff $TMPFILE $OLD_FILE
mv $OLD_FILE $OLD_FILE.old
mv $TMPFILE $OLD_FILE

And run it from cron. You may even wish to use nmap -T1 -sT $MYNET
2>&1 | tee $TMPFILE, as this will also show you the full report.

I really don't see why this is so hard, unless you want to do really
strange things.

                Joachim

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Port Scanner Reports Jeff Brossette (Oct 07)
- RE: Port Scanner Reports Brian Loe (Oct 08)
- Re: Port Scanner Reports Joachim Schipper (Oct 08)
- Re: Port Scanner Reports Syv Ritch (Oct 12)
  - Re: Port Scanner Reports Serg Belokamen (Oct 13)
    - xp_cmdshell with low permission Frederic Charpentier (Oct 15)
    - Re: xp_cmdshell with low permission Hanserl (Oct 16)
- <Possible follow-ups>
- Port Scanner Reports jeff . brossette (Oct 07)
  - Re: Port Scanner Reports Gary E. Miller (Oct 08)
  - Re: Port Scanner Reports Fco. Jose Garrido Matamoros (Oct 08)
  - Re: Port Scanner Reports Satanic.Brain (Oct 08)
  - RE: Port Scanner Reports Cory Michal (Oct 08)
  - Re: Port Scanner Reports Richard Farina (Oct 11)

(Thread continues...)