diffscan2 is a wrapper for nmap intended to automate processing scan results and generate reports detailing differences (differential reporting).
It has been tested with nmap 6.
Update nmap_scanoptions in diffscan.py with any additional options that are
required to be sent to nmap.
Typical usage involves execution as follows:
$ ./diffscan.py targets.txt [email protected] GroupName
where targets.txt is a list of subnets/hosts, [email protected] is the recipient address for the report, and GroupName is a string included in the mail subject to differentiate between different instances of diffscan2.
A state file (by default ./diffscan.state) is used between executions to keep state on previous scans. Additionally, the nmap output is saved in an output directory for future review if required (by default ./diffscan_out). The -s and -o flags can be used to change these defaults.
usage: diffscan.py [options] targets_file recipient groupname
options:
-h usage information
-m num top ports to scan (2000, see nmap --top-ports)
-n no smtp, write output to stdout (recipient ignored)
-o path directory to save nmap output (./diffscan_out)
-p spec instead of top ports use port spec (see nmap -p)
-s path path to state file (./diffscan.state)
-q Don't send email if no changes
An example report is shown below.
diffscan2 results output
New Open Service List
---------------------
STATUS HOST PORT PROTO OPREV CPREV DNS
OPEN 10.0.2.100 22 tcp 0 3 unknown
OPEN 10.0.2.100 111 tcp 0 3 unknown
New Closed Service List
---------------------
STATUS HOST PORT PROTO OPREV CPREV DNS
OPREV: number of times service was open in previous scans
CPREV: number of times service was closed in previous scans
maximum previous scans stored: 7
current total services: 7
previous total services: 5
up trend: 6,5,5,4
down trend: 506,507,507,252