Below is a bash script I made that will perform an nmap scan, compare the scan with the previous one using ndiff, and email the results. Naturally it will have to be run twice in order to get anything useful.

#!/bin/bash

SUBJECT=”Here are your Ndiff Results”
EMAIL=”xxx@blahblahblah.com”

cd /path_to_script_and_results_files/

# create OBSERVED file
date ‘+%Y-%m-%d-%H:%M’ > OBSERVED

# Run nmap
nmap -sS -sV –allports -oA `cat OBSERVED` -m `cat OBSERVED` 192.168.1.0/24

# Run ndiff between baseline and observed
ndiff `cat BASELINE`.xml `cat OBSERVED`.xml > `cat OBSERVED`.ndiff

EMAILMESSAGE=`cat OBSERVED`.ndiff

/usr/bin/mail -s “$SUBJECT” “$EMAIL” < $EMAILMESSAGE

# Create BASELINE file
cat OBSERVED > BASELINE

That’s my first bash script so it’s probably pretty gruesome to look at, but it does the trick.

Ndiff is not currently included in the stable version of nmap, but it is included in the nmap SVN repository. Simply download using the instructions here and call ndiff from the ndiff directory in the nmap SVN directory.

This entry was posted on Friday, February 20th, 2009 at 10:33 am and is filed under computer-y things. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.