Monitoring the Environment: Nmap Diffing
Last updated
Last updated
During the Red Team Operations, It is sometimes benifitial to monitor the dynamic nature of the client's Infrastructure. As a intial scan we can use nmap to monitor Network State in a short period of time gap and check if any specific port changes accordingly. We can simply use a small bash script for that You can also modify this script as per your requirement.
We can also set up a cron job and redirect logs to a file for our reference by adding cron job as below
This is a very basic script that runs nmap every day using default ports and then uses ndiff to compare the results. We can then take the output of this script and use it to notify our team of new ports discovered daily.