Monday, 4 January 2016

NMAP Automation and reporting

If you need a tool to check your devices firewall settings, NMAP is the tool to use. It is possible to automate this check so you can get a daily report even with a report on differences.

The following script checks a subnet, reports on all active hosts and open ports. Differences will also be reported and these reports will be mailed.

The script below is a slightly edited script found here.





I have made some changes in the command line variables and added the xsltproc command to convert de NMAP XML file to HTML.

#!/bin/sh
# scans “TARGETS” with nmap
# compares with previous scan using ndiff
# emails results

#variables
TARGETS="192.168.1.0/24"
OPTIONS="-v -T3 -F -sV"
DIR="/home/marcel/nmap/scans"
date=`date +%F`

#where to put scans
cd /home/marcel/nmap/scans

#scan
nmap $OPTIONS $TARGETS -oA $DIR/scan-$date > /dev/null

#compare scans
if [ -e scan-prev.xml ]; then
ndiff scan-prev.xml scan-$date.xml > diff-$date
echo “*** NDIFF RESULTS ***”
cat diff-$date
echo
fi
echo “*** NMAP RESULTS ***”
cat scan-$date.nmap
ln -sf scan-$date.xml scan-prev.xml

# create an HTML report
xsltproc scan-$date.xml -o scan-$date.html

#email results
#/home/marcel/email/smtp-cli.pl –host smtp.gmail.com –port 587 –from mailadres@gmail.com –to mailadres@company.org –subject “External Nmap Diff” –body-plain=/home/marcel/nmap/scans/diff-$date –attach=/home/marcel/nmap/scans/scan-$date.xml  




 

No comments:

Post a Comment