1. problem statement
I have to create function in which read IP addresses one by one from one file (iplist.txt) and scan these IP using nmap. This scan IP's output is saved in output.txt file and parse output.txt to save only open ports with particular IP in parse.txt file.
format of parse.txt file:
Code:
Code:
ip port
x.x.x.x x
2. My goal:
1. Find all ports open on a whole range.
2. Save only open ports with IP address in another file. Don't save filtered or closed ports in this file.
eg. Format of file:
IP_address Open_port
Code:
192.168.0.1 21
192.168.0.1 80
....
so I have write the script which scan IP range. I just want script of second option.
I have attached the script. Please help me if possible to implement second option. In second option, my script take open port/tcp and all other details but i want only ip address with open port.
Mumbai University, Mumbai, India and Information Technology
Moderator's Comments:
Seriously: Please use CODE tags as required by forum rules!
And, use homework form correctly and entirely.
Last edited by RudiC; 03-14-2017 at 10:07 AM..
Reason: Added CODE tags.
I am pretty new at running nmap ,and i have some doubt about some o/ps the nmap shows
I tried to scan my own system for UDP open ports
I see that if i use one UDP port say 13
It shows that its in open state , etc
But if i scan for the whole UDP ports in the nmap-services . I gives te... (2 Replies)
Hi,
Whenever I tried to run nmap on my linux (red hat 6.2) boxes i got these outputs:
4444/tcp filtered krb524
6666/tcp filtered irc-serv
6699/tcp filtered napster
8888/tcp filtered sun-answerbook
Can anybody please... (10 Replies)
Hi everyone!
I've temporarily come out of hibernation (and will be gone for about two weeks after this post too) to ask for input on a small PHP script I have just completed.
The script aims to be a remote front-end for Nmap - now for the safety of this post, I ask that any replies refrain from... (6 Replies)
I'm trying to compile nmap 4.11 on an aix 5.2 machine and get the following error when attempting the 'make' command;
make
"Makefile", line 1: make: 1254-055 Dependency line needs colon or double colon operator.
"Makefile", line 14: make: 1254-055 Dependency line needs colon or double colon... (2 Replies)
I want to print between the range two patterns if a particular pattern is present in between the two patterns. I am new to Unix. Any help would be greatly appreciated.
e.g.
Pattern1
Bombay
Calcutta
Delhi
Pattern2
Pattern1
Patna
Madras
Gwalior
Delhi
Pattern2
Pattern1... (2 Replies)
I 'm getting following error when i run nmap for an ip .. what could be the reason for it ?
#nmap 10.22.67.18
Starting Nmap 4.68 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-07-06 19:07 UTC
Warning: Unable to open interface e1000g3301000 -- skipping it.... (2 Replies)
Hello guys, i'm having a problem with nmap, what i'd like to do is a scan to find around 100 or so IP address that are up, and that correspond to sites.
The command i need should basically find sites through ip address randomly generated, let's say i generate 2000 ip, i'd like to know how many of... (0 Replies)
I'm seeing a persistent address showing up on my firewall router logs. The address is 10.98.115.9:67, and is broadcasting to 255.255.255.255. I know that this would typically signal a BOOTP service, such as a bootp server announcing itself on the network. But I can't isolate which machine it... (3 Replies)
Scripting language : Bash Shell Script
I have to create function in which read IP addresses one by one from one file (ip.txt) and scan these IP using nmap. (4 Replies)
Discussion started by: sk151993
4 Replies
LEARN ABOUT CENTOS
ndiff
NDIFF(1) User Commands NDIFF(1)NAME
ndiff - Utility to compare the results of Nmap scans
SYNOPSIS
ndiff [options] {a.xml} {b.xml}
DESCRIPTION
Ndiff is a tool to aid in the comparison of Nmap scans. It takes two Nmap XML output files and prints the differences between them. The
differences observed are:
o Host states (e.g. up to down)
o Port states (e.g. open to closed)
o Service versions (from -sV)
o OS matches (from -O)
o Script output
Ndiff, like the standard diff utility, compares two scans at a time.
OPTIONS SUMMARY -h, --help
Show a help message and exit.
-v, --verbose
Include all hosts and ports in the output, not only those that have changed.
--text
Write output in human-readable text format.
--xml
Write output in machine-readable XML format. The document structure is defined in the file ndiff.dtd included in the distribution.
Any other arguments are taken to be the names of Nmap XML output files. There must be exactly two.
EXAMPLE
Let's use Ndiff to compare the output of two Nmap scans that use different options. In the first, we'll do a fast scan (-F), which scans
fewer ports for speed. In the second, we'll scan the larger default set of ports, and run an NSE script.
# nmap -F scanme.nmap.org -oX scanme-1.xml
# nmap --script=html-title scanme.nmap.org -oX scanme-2.xml
$ ndiff -v scanme-1.xml scanme-2.xml
-Nmap 5.35DC1 at 2010-07-16 12:09
+Nmap 5.35DC1 at 2010-07-16 12:13
scanme.nmap.org (64.13.134.52):
Host is up.
-Not shown: 95 filtered ports
+Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh
25/tcp closed smtp
53/tcp open domain
+70/tcp closed gopher
80/tcp open http
+|_ html-title: Go ahead and ScanMe!
113/tcp closed auth
+31337/tcp closed Elite
Changes are marked by a - or + at the beginning of a line. We can see from the output that the scan without the -F fast scan option found
two additional ports: 70 and 31337. The html-title script produced some additional output for port 80. From the port counts, we may infer
that the fast scan scanned 100 ports (95 filtered, 3 open, and 2 closed), while the normal scan scanned 1000 (993 filtered, 3 open, and 4
closed).
The -v (or --verbose) option to Ndiff made it show even the ports that didn't change, like 22 and 25. Without -v, they would not have been
shown.
OUTPUT
There are two output modes: text and XML. Text output is the default, and can also be selected with the --text option. Text output
resembles a unified diff of Nmap's normal terminal output. Each line is preceded by a character indicating whether and how it changed. -
means that the line was in the first scan but not in the second; + means it was in the second but not the first. A line that changed is
represented by a - line followed by a + line. Lines that did not change are preceded by a blank space.
Example 1 is an example of text output. Here, port 80 on the host photos-cache-snc1.facebook.com gained a service version (lighttpd 1.5.0).
The host at 69.63.179.25 changed its reverse DNS name. The host at 69.63.184.145 was completely absent in the first scan but came up in the
second.
Example 1. Ndiff text output
-Nmap 4.85BETA3 at 2009-03-15 11:00
+Nmap 4.85BETA4 at 2009-03-18 11:00
photos-cache-snc1.facebook.com (69.63.178.41):
Host is up.
Not shown: 99 filtered ports
PORT STATE SERVICE VERSION
-80/tcp open http
+80/tcp open http lighttpd 1.5.0
-cm.out.snc1.tfbnw.net (69.63.179.25):
+mailout-snc1.facebook.com (69.63.179.25):
Host is up.
Not shown: 100 filtered ports
+69.63.184.145:
+Host is up.
+Not shown: 98 filtered ports
+PORT STATE SERVICE VERSION
+80/tcp open http Apache httpd 1.3.41.fb1
+443/tcp open ssl/http Apache httpd 1.3.41.fb1
XML output, intended to be processed by other programs, is selected with the --xml option. It is based on Nmap's XML output, with a few
additional elements to indicate differences. The XML document is enclosed in nmapdiff and scandiff elements. Host differences are enclosed
in hostdiff tags and port differences are enclosed in portdiff tags. Inside a hostdiff or portdiff, a and b tags show the state of the host
or port in the first scan (a) or the second scan (b).
Example 2 shows the XML diff of the same scans shown above in Example 1. Notice how port 80 of photos-cache-snc1.facebook.com is enclosed
in portdiff tags. For 69.63.179.25, the old hostname is in a tags and the new is in b. For the new host 69.63.184.145, there is a b in the
hostdiff without a corresponding a, indicating that there was no information for the host in the first scan.
Example 2. Ndiff XML output
<?xml version="1.0" encoding="UTF-8"?>
<nmapdiff version="1">
<scandiff>
<hostdiff>
<host>
<status state="up"/>
<address addr="69.63.178.41" addrtype="ipv4"/>
<hostnames>
<hostname name="photos-cache-snc1.facebook.com"/>
</hostnames>
<ports>
<extraports count="99" state="filtered"/>
<portdiff>
<port portid="80" protocol="tcp">
<state state="open"/>
<a>
<service name="http"/>
</a>
<b>
<service name="http" product="lighttpd" version="1.5.0"/>
</b>
</port>
</portdiff>
</ports>
</host>
</hostdiff>
<hostdiff>
<host>
<status state="up"/>
<address addr="69.63.179.25" addrtype="ipv4"/>
<hostnames>
<a>
<hostname name="cm.out.snc1.tfbnw.net"/>
</a>
<b>
<hostname name="mailout-snc1.facebook.com"/>
</b>
</hostnames>
<ports>
<extraports count="100" state="filtered"/>
</ports>
</host>
</hostdiff>
<hostdiff>
<b>
<host>
<status state="up"/>
<address addr="69.63.184.145" addrtype="ipv4"/>
<ports>
<extraports count="98" state="filtered"/>
<port portid="80" protocol="tcp">
<state state="open"/>
<service name="http" product="Apache httpd"
version="1.3.41.fb1"/>
</port>
<port portid="443" protocol="tcp">
<state state="open"/>
<service name="http" product="Apache httpd" tunnel="ssl"
version="1.3.41.fb1"/>
</port>
</ports>
</host>
</b>
</hostdiff>
</scandiff>
</nmapdiff>
PERIODIC DIFFS
Using Nmap, Ndiff, cron, and a shell script, it's possible to scan a network daily and get email reports of the state of the network and
changes since the previous scan. Example 3 shows the script that ties it together.
Example 3. Scanning a network periodically with Ndiff and cron
#!/bin/sh
TARGETS="targets"
OPTIONS="-v -T4 -F -sV"
date=`date +%F`
cd /root/scans
nmap $OPTIONS $TARGETS -oA scan-$date > /dev/null
if [ -e scan-prev.xml ]; then
ndiff scan-prev.xml scan-$date.xml > diff-$date
echo "*** NDIFF RESULTS ***"
cat diff-$date
echo
fi
echo "*** NMAP RESULTS ***"
cat scan-$date.nmap
ln -sf scan-$date.xml scan-prev.xml
If the script is saved as /root/scan-ndiff.sh, add the following line to root's crontab:
0 12 * * * /root/scan-ndiff.sh
EXIT CODE
The exit code indicates whether the scans are equal.
o 0 means that the scans are the same in all the aspects Ndiff knows about.
o 1 means that the scans differ.
o 2 indicates a runtime error, such as the failure to open a file.
BUGS
Report bugs to the nmap-dev mailing list at <dev@nmap.org>.
HISTORY
Ndiff started as a project by Michael Pattrick during the 2008 Google Summer of Code. Michael designed the program and led the discussion
of its output formats. He wrote versions of the program in Perl and C++, but the summer ended shortly after it was decided to rewrite the
program in Python for the sake of Windows (and Zenmap) compatibility. This Python version was written by David Fifield. James Levine
released[1] a Perl script named Ndiff with similar functionality in 2000.
AUTHORS
David Fifield <david@bamsoftware.com>
Michael Pattrick <mpattrick@rhinovirus.org>
WEB SITE
http://nmap.org/ndiff/
NOTES
1. released
http://seclists.org/nmap-hackers/2000/315
Ndiff 07/28/2013 NDIFF(1)
03-14-2017
