Unspecific.com

nmap-diff.pl

Description

Wirten by: MadHat at Unspecific.com

cronned to run daily, the nmap-wrapper will generate files logs of ports open. This script will generate reports on changes from day to day.

Features

Uses the nmap-wrapper's logs to generate reports on port changes
By default shows new open ports
Can show any port that has changes status
open->closed, open->filtered, closed->open, etc...
By default will report yseterday and day before, but "yesterday" can be compaired against any day there are logs (-b)
Can limit to specific subnets (-s)
using class A, B or C's at this time (-s 172.21.128)
multiple subnets can be used by combining with a PIPE
-s 172.21.128|192.168.100
Can limit to specific IP (-i)
Output can be sent directly to an email address for croning a report

BUGS

really simple, so not a lot of options

Requirements

perl (>5.6 prefered)
nmap-wrapper (not needed for the program to run, but is needed to produce the searchable files)

Download

nmap-diff.pl - v 1.3

Output

An example of the output...


172.21.128.9 (jaberwocky.unspecific.com)
    21/tcp    open  ftp
    80/tcp    open  http
   443/tcp    open  https
 + 587/tcp    open  submission
 + 593/tcp    open  http-rpc-epmap

172.21.128.32 (tweedledee.unspecific.com)
 +  22/tcp    open  ssh

172.21.128.37 (tweedledum.unspecific.com)
    22/tcp    open  ssh
 -  25/tcp    open  smtp
    80/tcp    open  http
 - 110/tcp    open  pop3

Usage

$ ./nmap-diff.pl  -h
nmap-diff - 1.0 - madahat@unspecific.com

    nmap-diff is designed to be used with the log files
      generated from the nmap-wrapper

./nmap-diff.pl [-hv] [-s ] [-i ] [-b ]
          [-m ] [-l ]

  -h help (this stuff)
  -v is for verbose.  This will add all changed ports.
     Default is to only who new open ports
  -s  shows only thaing in that subnet.
     At this time the subnet accepted is a class C only.
  -i  only reports on that specific IP.
  -b  sets the base to  days back and compares
     to yesterday's scan.  so -b 7 will compare the current
     scan to the scan from 1 week ago
  -l  to specify where the log directory
     This can be hard coded by editing the script
  -m  to email the output to  when the report
     is generated

Licensing

This product is released under the following License.

# Copyright (c) 2001-2002, MadHat (madhat@unspecific.com)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
#   * Redistributions of source code must retain the above copyright
#     notice, this list of conditions and the following disclaimer.
#   * Redistributions in binary form must reproduce the above copyright
#     notice, this list of conditions and the following disclaimer in
#     the documentation and/or other materials provided with the distribution.
#   * Neither the name of MadHat Productions nor the names of its
#     contributors may be used to endorse or promote products derived
#     from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.