Quoting Lodin, Steven {GZ-Q~Mannheim} ([EMAIL PROTECTED]):
> Someone else mentioned Perl and gave a small code example. If this is interesting
>to you, check out ndiff (Nmap diff). I don't have the URL, but if I remember
>correctly, I found it from one of the nmap mailing list archives on www.insecure.org.
>
I mailed this to the original poster... It does what I think he wanted....
#########################################################################
#!/usr/bin/perl -w
$NmapLog = './bla';
$look4 = qr/ftp|http|echo/;
# ^^^^^^^^^
# add more sevices you want to create summary for
open (IN, $NmapLog) or die "open $NmapLog err: $!\n";
while (<IN>) {
chomp;
$ip = $1 if /^Interesting\sports\s.*\((.*)\):/;
push @{$phash{$&}}, $ip if /$look4/;
}
close IN;
foreach ( keys %phash ) {
$num = scalar @{$phash{$_}};
print "\'$_\' open on $num server", (($num == 1)? undef : 's'),
" : ", (join ', ' , @{$phash{$_}}), "\n";
}
#########################################################################
> I think I would use a combination of grep/cut/sort/uniq/wc for the how many part.
>One question you didn't ask is "what are the web servers". For this, I use Whisker
>to classify the web servers. Any better options?
>
Sure. Well, I REALY feel like writing perl code today....
#########################################################################
#!/usr/bin/perl -w
use IO::Socket;
$|++;
$net = '192.168.121';
# modify here if you scaning class B
$SIG{ALRM} = sub { die 'TimeouT'; };
foreach $ip (1..254) {
$host = $net . '.' . $ip;
# modify here as well if you scaning class B
$sock = IO::Socket::INET->new ( PeerAddr => $host,
PeerPort => 80,
Timeout => 2,
Proto => 'tcp' ) or next;
$sock->autoflush(1);
alarm 5; # set alarm for braindead IIS servers
eval {
print $sock 'GET / HTTP/1.1' . "\015\012" x 2;
while ( <$sock> ) {
if ( /Server: /i ) {
s/\s+$//g;
printf "%-15s %-50s\n", $host, $_;
}
}
alarm 0;
};
if ( $@ ) { # check for status of eval
($@ =~ /TimeouT/)? warn "Timedout while talking to $host, braindead IIS?\n"
: warn "eval failed (host $host):$!\n";
}
else {
alarm 0;
}
close $sock;
}
#########################################################################
> Another thought came to me... Perhaps the scanssh program has some summarization
>code in it as well that could be reused...
Nah. Just roll your own :)
--
print chr hex for qw +
2D 2D 0A 76 6C 61 64 69 6D 69 72 40 61 72 6F 62 61 73 2E 6E 65 74 0A 44 38
37 44 20 44 32 46 42 20 46 31 36 33 20 46 31 43 31 20 34 32 30 41 20 20 31
44 31 46 20 36 43 42 39 20 31 46 38 39 20 38 35 30 42 20 30 38 44 44 0A +;
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
