Below is a bash script I made that will perform an nmap scan, compare the scan with the previous one using ndiff, and email the results. Naturally it will have to be run twice in order to get anything useful.
SUBJECT=”Here are your Ndiff Results”
# create OBSERVED file
date ‘+%Y-%m-%d-%H:%M’ > OBSERVED
# Run nmap
nmap -sS -sV –allports -oA `cat OBSERVED` -m `cat OBSERVED` 192.168.1.0/24
# Run ndiff between baseline and observed
ndiff `cat BASELINE`.xml `cat OBSERVED`.xml > `cat OBSERVED`.ndiff
/usr/bin/mail -s “$SUBJECT” “$EMAIL” < $EMAILMESSAGE
# Create BASELINE file
cat OBSERVED > BASELINE
That’s my first bash script so it’s probably pretty gruesome to look at, but it does the trick.
Ndiff is not currently included in the stable version of nmap, but it is included in the nmap SVN repository. Simply download using the instructions here and call ndiff from the ndiff directory in the nmap SVN directory.