Announcement

Collapse
No announcement yet.

NMap

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    NMap

    Noid suggested "Auditor Security Tools Live CD" in an earlier thread

    I really like this cd.
    However I am working on setting up an automated audit for our network at work utilizing NMap on the cd.
    Our authorized pc names are in this format :
    W###@#
    W= workstation
    ###= department number
    @# = First AS400 Session
    A vaild pc name would look like this ( W599X2 )

    Here is my scan option now
    nmap -sS -sR -sV -O -PI - PT -R -oN /mnt/hda1/log --append_output 10.10.*.*

    I was wondering if I could somehow use the exclude option to filter out valid pc names. I would like to log the "unauthorized pc's" that are on our network.
    Any help is greatly appreciated
    In a world without walls and fences, who needs Windows and Gates?
    Tags: None
  • #2
    not examining the command args... use a pipe w/ grep -v
    ie nmap -O 127.0.0.1 | grep -v ssh

    [edit]
    er.. or not .. after thinking about it for a min, i think you will need sed fu beyond this point (or another text powerhouse)

    [edit v2]
    i think it can be done either with grep and regex or some form of sed fu

    man grep
    man sed
    Last edited by EvilMoFo; June 17, 2005, 05:08.

    Comment

    • #3
      Yea, I would like to log "after" the filter has taken place.
      I have been using grep for the data once it is logged.
      There are over 7000 authorized nodes. It just seems like it would be much more efficient to use an exclude with wildcards. I could be really reaching though

      I can exclude a list of authorized pc names by referrencing a text file during the scan, but the list is growing every week and I would prefer the wildcard method as opposed to maintaining a list. I wonder if it would be possible to manipulate the text file with a wildcard pc name? ie.. W*****
      In a world without walls and fences, who needs Windows and Gates?

      Comment

      • #4
        It would probably be best (and faster) if you let nmap run everything into a file, then query the file, and here's why...

        Let's say to do see a rouge node on the network, what about all that other data that was filtered by the log cmd line filter string. If your going to get this granular, run the data into a file, then query the file with grep and awk/sed. I think there is even some nmap querying tools avalible as well.
        "Never Underestimate the Power of Stupid People in Large Groups"

        Comment

        • #5
          Thanks for the tip.
          I found a couple tools, NLOG and NDiff that I will try out. It looks very promising.
          Thanks again

          Originally posted by hackajar
          It would probably be best (and faster) if you let nmap run everything into a file, then query the file, and here's why...

          Let's say to do see a rouge node on the network, what about all that other data that was filtered by the log cmd line filter string. If your going to get this granular, run the data into a file, then query the file with grep and awk/sed. I think there is even some nmap querying tools avalible as well.
          In a world without walls and fences, who needs Windows and Gates?

          Comment

          • #6
            Originally posted by stringslayer
            Thanks for the tip.
            I found a couple tools, NLOG and NDiff that I will try out. It looks very promising.
            Thanks again
            We're here to help you! (when appropreate)
            "Never Underestimate the Power of Stupid People in Large Groups"

            Comment

            Previous template Next
            Working...
            X