Nmap Development mailing list archives
Fathom 0.95 - Release for public testing
From: Tom Sellers <nmap () fadedcode net>
Date: Sat, 26 Jun 2010 15:54:28 -0500
All, I just finished polishing up some code that I have been working on and using for some time and thought I would share it. It is essentially Ruby code that uses Kris Katterjohn's Nmap::Parser (1) to perform searches against Nmap XML output. The tool, fathom, can search XML logs for hosts with certain port, service, operating system, NSE script name or NSE script output. Results can be excluded based on port number as well as service, product or OS string. The result is returned in bare (IP only), tab delimited and CSV formats. It also includes a tool, fp-list, that will extract service and OS fingerprints from the same XML files. The exclusion and output options work for this script as well. I've been using them, in various forms and levels of functionality, for about 2 years now. Up until recently I have only had enough time to just add the features that I needed for whatever task was at hand. I *finally* had enough time to add some missing functionality and clean it up so that it is not totally embarrassing for someone else to see it. There are some other scripts that go with fathom that I have not published yet. These generate scan lists based on input files, scan single targets, scan whole scan lists, update existing information on hosts in the XML logs, clean up the data sets, etc. All that being said, I have posted the information on fathom on my site at http://www.fadedcode.net/fathom/ For those of you that play around with or use fathom I would greatly appreciate any and all feedback you feel like sending regardless of the topic (functionality, code quality, installation, site, etc). Thanks much, Tom 1: Ruby Nmap::Parser by Kris Katterjohn http://rubynmap.sourceforge.net/ PS: Some usage examples: Search for all services http services, regardless of port ./fathom.rb -s http Search for all services http services, exclude those on port 80, output in CSV ./fathom.rb -s http -e -c Display all service fingerprints, exclude those on port 80 ./fp-list.rb -s -e 80 Show the top 10 OSes, services and ports in the logs ./fathom.rb --metrics 10 Show the count of OS fingerprints and a port breakdown of service fingerprints in the logs, limit to 15 ./fp-list.rb --metrics 15 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fathom 0.95 - Release for public testing Tom Sellers (Jun 26)
- Re: Fathom 0.95 - Release for public testing Kris Katterjohn (Jun 26)
- Re: Fathom 0.95 - Release for public testing David Fifield (Jun 28)
- Re: Fathom 0.95 - Release for public testing Tom Sellers (Jun 30)