Regular Nmap diffing - Printable Version

Regular Nmap diffing - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: Regular Nmap diffing (/Thread-Regular-Nmap-diffing)

Regular Nmap diffing - Vultra - 07-14-2018

hello all,

I'll be sharing a helpful Nmap that scans your network everyday.
This will work on a VPS/VM server that is linux or, your personal computer that is linux.

Replace IP (10.100.100.0/24) with yours...

Code:
#!/bin/bash

mkdir opt/nmap_diff

d=$(date +%Y-%m-%d)

y=$(date -d yesterday +%Y-%m-%d)

/usr/bin/nmap -T4 -oX /opt/nmap_diff/scan_$d.xml 10.100.100.0/24 > /dev/null 2>&1

if [ -e /opt/nmap_diff/scan_$y.xml ]; then

/usr/bin/ndiff /opt/nmap_diff/scan_%y.xml /opt/nmap_diff/scan_%d.xml > /opt/nmap_diff/diff.txt

fi

Any questions, leave them down below.

RE: Regular Nmap diffing - skrtja - 07-26-2018

How would this be useful? I've used zenmap in class to find open ports and such but how is this different from just scanning?

RE: Regular Nmap diffing - Skullmeat - 07-27-2018

If I read this correctly, it logs changes in devices on you lan? Unfortunately, I use a cascading router setup. I don't think it will work on devices outside my lan.

RE: Regular Nmap diffing - Vultra - 07-27-2018

Totally forgot this thread.

(07-26-2018, 11:40 PM)skrtja Wrote: How would this be useful? I've used zenmap in class to find open ports and such but how is this different from just scanning?

Regular scans to see or find any open ports that an attack has done or, has gotten access to your network.

RE: Regular Nmap diffing - skrtja - 07-27-2018

(07-27-2018, 02:55 AM)Mimiakira Wrote: Totally forgot this thread.

(07-26-2018, 11:40 PM)skrtja Wrote: How would this be useful? I've used zenmap in class to find open ports and such but how is this different from just scanning?

Regular scans to see or find any open ports that an attack has done or, has gotten access to your network.

Ok thanks. This might be helpful in the future.

RE: Regular Nmap diffing - mothered - 07-27-2018

(07-27-2018, 02:55 AM)Mimiakira Wrote: Totally forgot this thread.

(07-26-2018, 11:40 PM)skrtja Wrote: How would this be useful? I've used zenmap in class to find open ports and such but how is this different from just scanning?

Regular scans to see or find any open ports that an attack has done or, has gotten access to your network.

Isn't that what Zenmap/Nmap does- Identifies open/vulnerable ports as well as hosts & services running on the network (IPs, hostnames etc), hence allows you to establish If and when an Intrusion has taken place?

RE: Regular Nmap diffing - skrtja - 07-27-2018

(07-27-2018, 07:02 AM)mothered Wrote:
(07-27-2018, 02:55 AM)Mimiakira Wrote: Totally forgot this thread.

(07-26-2018, 11:40 PM)skrtja Wrote: How would this be useful? I've used zenmap in class to find open ports and such but how is this different from just scanning?

Regular scans to see or find any open ports that an attack has done or, has gotten access to your network.

Isn't that what Zenmap/Nmap does- Identifies open/vulnerable ports as well as hosts & services running on the network (IPs, hostnames etc), hence allows you to establish If and when an Intrusion has taken place?

That's what I thought too as well.

RE: Regular Nmap diffing - Vultra - 07-27-2018

(07-27-2018, 07:02 AM)mothered Wrote:
(07-27-2018, 02:55 AM)Mimiakira Wrote: Totally forgot this thread.

(07-26-2018, 11:40 PM)skrtja Wrote: How would this be useful? I've used zenmap in class to find open ports and such but how is this different from just scanning?

Regular scans to see or find any open ports that an attack has done or, has gotten access to your network.

Isn't that what Zenmap/Nmap does- Identifies open/vulnerable ports as well as hosts & services running on the network (IPs, hostnames etc), hence allows you to establish If and when an Intrusion has taken place?

Yep, pretty much but, this is automated scanning that stores logs of valuable information of what's happening.

RE: Regular Nmap diffing - mothered - 07-27-2018

(07-27-2018, 07:59 AM)Mimiakira Wrote:
(07-27-2018, 07:02 AM)mothered Wrote:
(07-27-2018, 02:55 AM)Mimiakira Wrote: Totally forgot this thread.

Regular scans to see or find any open ports that an attack has done or, has gotten access to your network.

Isn't that what Zenmap/Nmap does- Identifies open/vulnerable ports as well as hosts & services running on the network (IPs, hostnames etc), hence allows you to establish If and when an Intrusion has taken place?

Yep, pretty much but, this is automated scanning that stores logs of valuable information of what's happening.

Okay, thanks for confirming.