Monitoring the Environment: Nmap Diffing

td;lr

RAW Bash Script

nmap-diffing.sh
#!/bin/bash
mkdir /Nmap-Diffing/
d=$(date +%Y-%m-%d)
y=$(date -d yesterday +%Y-%m-%d)
/usr/bin/nmap -Pn -A -sV --max-retries 1 --max-scan-delay 20 --defeat-rst-ratelimit -T4 -p1-65535 -oX /Nmap-Diffing/scan_$d.xml 192.168.0.1/24 > /dev/null 2>&1
if [ -e /opt/nmap_diff/scan_$y.xml ]; then
	/usr/bin/ndiff /Nmap-Diffing/scan_$y.xml /Nmap-Diffing/scan_$d.xml > /Nmap-Diffing/diff
.txt 
fi

Setting up Cron

We can also set up a cron job and redirect logs to a file for our reference by adding cron job as below

crontab -e
0 9 * * * /THP/Recon/nmap-diffing.sh >> /var/log/demowebsite.log 2>&1

This is a very basic script that runs nmap every day using default ports and then uses ndiff to compare the results. We can then take the output of this script and use it to notify our team of new ports discovered daily.

Last updated