Nmap Development mailing list archives
Re: Version Detection based on past TCP/UDP scan results
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Thu, 31 May 2007 15:56:05 -0500
On 5/30/07, Hyper 4S wrote:
All, assuming we have the results (eg in greppable format) of a normal TCP/UDP portscan, is it possible to version scan (-sV) the found open ports, without repeating this TCP/UDP scan? E.g. we have "output", the result of the scan "nmap -sS -sU -p0-65535 -oG output [host]" After having run this scan, we decide we would like to do version detection on all found ports listed in "output", as "nmap -sS -sU -sV -p0-65535 [host]" would give us by rescanning the host. Is there a way to speed this up by skipping this redundant pre-version detection scan, and relying on the portscan results found during an earlier run? Thanks! H.
If you have the XML output logs, it can be done with Perl using the Nmap::Parser module. The documentation for the module even has a section with this intro before the code: "Using multiple instances of Nmap::Parser is extremely useful in helping audit/monitor the network Policy (ohh noo! its that 'P' word!). In this example, we have a set of hosts that had been scanned previously for tcp services where the image was saved in base_image.xml. We now will scan the same hosts, and compare if any new tcp have been open since then (good way to look for suspicious new services). Easy security Compliance detection. (ooh noo! The 'C' word too!)." The module available via CPAN and from links somewhere in this forum's archives. I suppose if you are a master with sed or awk you could come up with a one linter that could use the oG file instead of the oX file. That's beyond me, though. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Version Detection based on past TCP/UDP scan results Hyper 4S (May 31)
- Re: Version Detection based on past TCP/UDP scan results Fyodor (May 31)
- Re: Version Detection based on past TCP/UDP scan results DePriest, Jason R. (May 31)
- Re: Version Detection based on past TCP/UDP scan results Brandon Enright (May 31)