Re: New Feature for Nmap

[Daniel Miller <bonsaiviking () gmail com>]

Thanks for the suggestion! We already have a "map" feature in Zenmap, the
official GUI for Nmap [1]. But text-mode outputs can sometimes be useful,
too. Since Nmap already emits all of its findings in machine-parseable XML,
we are not likely to add another output format to Nmap itself, but there
are a couple of potentially interesting options:

You could write a post-processing script to convert the XML into a tabular
or text tree format. I have done this myself in the past to "graph" open
services vs systems for quick visualization. You could even do this with
the Grepable output format [2] if you are only interested in addresses,
names, and port numbers.

You could also write a NSE script [2] to produce some alternative output.
We have existing scripts that plot GeoIP coordinates [3] or print a reverse
index of IPs by open service [4]. This would allow you to skip the XML
parsing and just work directly with host and port objects.

I look forward to hearing what you come up with!

Dan

[1] https://nmap.org/book/zenmap-topology.html
[2] https://nmap.org/book/output-formats-grepable-output.html
[3] One example:
https://nmap.org/nsedoc/scripts/ip-geolocation-map-google.html
[4] https://nmap.org/nsedoc/scripts/reverse-index.html

On Mon, Sep 25, 2017 at 8:51 PM, Who Am I? <wh0am1terminal () gmail com> wrote:

> Hello there.
>
> I was looking to add a new feature to Nmap that I thought would be useful.
> However, I would like to get the opinion of other individuals as well so I
> can decide whether to move forward with the idea.
>
> So, here is what I'm thinking of:
>
> Sometimes with Nmap, I like to run a ping scan on my network. The output
> is usually something like this after running "*nmap -sn 67.207.82.167/20
> <http://67.207.82.167/20>*":
>
>
> *(hundreds of more addresses)*
>
> *...*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Nmap scan report for mgmt.smartwalk.tech (67.207.95.186)Host is up
> (0.0020s latency).Nmap scan report for 67.207.95.206Host is up (0.0022s
> latency).Nmap scan report for dokument.space (67.207.95.207)Host is up
> (0.0014s latency).Nmap scan report for tothinnerbodies.com
> <http://tothinnerbodies.com> (67.207.95.221)Host is up (0.00094s
> latency).Nmap scan report for 67.207.95.223Host is up (0.0018s
> latency).Nmap scan report for 67.207.95.224Host is up (0.0023s
> latency).Nmap scan report for 67.207.95.226Host is up (0.0043s
> latency).Nmap scan report for anotherorganicdiet.com
> <http://anotherorganicdiet.com> (67.207.95.227)Host is up (0.0021s
> latency).Nmap scan report for 67.207.95.228Host is up (0.0015s
> latency).Nmap scan report for emailsseguros1.com.br
> <http://emailsseguros1.com.br> (67.207.95.229)Host is up (0.0014s
> latency).Nmap scan report for 67.207.95.231Host is up (0.0019s
> latency).Nmap scan report for 67.207.95.236Host is up (0.0017s
> latency).Nmap scan report for 1000caloriestoburn.com
> <http://1000caloriestoburn.com> (67.207.95.237)Host is up (0.0025s
> latency).Nmap scan report for 67.207.95.242Host is up (0.0016s
> latency).Nmap scan report for globatel.faith (67.207.95.243)Host is up
> (0.0017s latency).Nmap scan report for 67.207.95.247Host is up (0.0017s
> latency).Nmap scan report for 67.207.95.248Host is up (0.0015s
> latency).Nmap scan report for 67.207.95.249Host is up (0.0024s
> latency).Nmap done: 4096 IP addresses (2230 hosts up) scanned in 77.77
> seconds*
>
>
> These are a surplus of IP addresses and domains. Not to mention, this is
> only a portion of the IP addresses and domains that were scanned. What if I
> wanted to present this in an easy-to-understand format? What if I wanted to
> look at the data returned back more visually?
>
> For example, what if Nmap generated a "network map" like below?
>
>
> 67.207.82.167 (your IP) ======= 67.207.80.1 (gateway)
>                                                                    |
>                                                                    |
>                                                                    |
> domain.example.com======= 67.207.80.3= +
>                                                                    |
>                                                                    |
>                                                                    |
>                                  67.207.80.4-10======+
>
>
> This is just an example, of course. Regardless of how it ends up looking,
> some sort of visual network graph would generally be helpful. In this
> graph, your IP address and your gateway's IP address is displayed. Other
> people within the same sub-net or network will also have their domain or IP
> displayed. In the above example, the data route of domain.example.com is
> shown (the data is routed to 67.207.80.3 and then is passed on to the
> gateway). IP addresses or domains that aren't passing their data through
> any IP address or aren't taking an interesting route to send their data
> will be abbreviated, e.g, 67.207.80.4-10.
>
> I'm not sure right now how this could be achieved yet, but I would love to
> hear your opinion on the idea. Also, please feel free to email me back.
>
> Cheers.
>
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/