RE: How to aggregate output of NMAP

From: Lodin, Steven {GZ-Q~Mannheim} (STEVEN.LODIN@Roche.COM)
Date: 02/05/02


Date: Tue, 05 Feb 2002 21:38:45 +0100
From: "Lodin, Steven {GZ-Q~Mannheim}" <STEVEN.LODIN@Roche.COM>
To: 'Carmelo Floridia' <cfloridia@lex.unict.it>, PEN-TEST@securityfocus.com

Someone else mentioned Perl and gave a small code example. If this is interesting to you, check out ndiff (Nmap diff). I don't have the URL, but if I remember correctly, I found it from one of the nmap mailing list archives on www.insecure.org.

I think I would use a combination of grep/cut/sort/uniq/wc for the how many part. One question you didn't ask is "what are the web servers". For this, I use Whisker to classify the web servers. Any better options?

Another thought came to me... Perhaps the scanssh program has some summarization code in it as well that could be reused...

Steve Lodin
Head of Global IT Security
Roche Diagnostics
(W) +49-621-759-5276
(M) +49-173-348-4974
 
> I used nmap -sS -p80,25,110,21 172.31.*.* -oN output
> do you know if exist any tool to summarize the result in
> order to know (for
> example):
>
> how may WEB answered
> who are the web server
>
> hom many FTP
> who are ftp
>
> I used nlog....any other tool?
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: CFM SQL injection
    ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)