This is probably the easiest way to write a script with using Nmap::Parser, if you don’t need the general scan session information. During the parsing process, the parser will obtain information of every host. The callback function (in this case ‘booyah()’) is called after the parsing of every host (sequentially). When the callback returns, the parser will delete all information of the host it had sent to the callback. This callback function is called for every host that the parser encounters. The callback function must be setup before parsing
use Nmap::Parser;
my $np = new Nmap::Parser;
$np->callback( \&booyah );
$np->parsefile('nmap_results.xml');
# or use parsescan()
sub booyah {
my $host = shift; #Nmap::Parser::Host object, just parsed
print 'IP: ',$host->addr,"\n";
# ... do more stuff with $host ...
#when it returns, host object will be deleted from memory
#(good for processing VERY LARGE files or scans)
}
After learning PHP and MySQL and a whole bunch of javascript – I can finally get out of using blogger (not that there is anything wrong with that), but now I wrote my own self-maintaining website! I can now write articles, post updates and manage the website right from sourceforge.
If you ever want to contribute articles (tutorials or anything) to the webiste, go to the articles section and use the link provided to send me your content. I will post it for you so everyone else enjoy (it should be Nmap-Parser or Nmap related).
Thanks,
Anthony G Persaud
Called in rc.local or custom wireless networking scripts, dhcphosts.pl generates an /etc/hosts file for a host on a DHCP network, allowing the use of hostnames regardless of given IP addresses. The code can also be found at http://dual.home.comcast.net/perl/dhcphosts.txt
#!/usr/bin/perl
# dhcphosts.pl - by dual
#
# Generates an /etc/hosts file for a
# box on a DHCP network
#
# - Simply call it in /etc/rc.local.
# - Depends on Nmap::Parser.
####################################
# Include Nmap::Parser
######################
use strict;
use Nmap::Parser;
# Declare and set variables
###########################
my $ip;
my $fqn;
my $dmain;
my $tld;
my $host;
my $path = '/usr/bin/nmap';
my $args = '-sP';
my @ips = qw/192.168.1.101-109/;
my $ip_addr;
my $mac_addr;
# Obtain local info
###################
my @ifconfig = `/sbin/ifconfig eth1`;
foreach my $line (@ifconfig) {
$ip = $1 if ($line =~ /inet addr:(d{1,3}.d{1,3}.d{1,3}.d{1,3})/);
}
open NETWK, ") {
$fqn = $1 if ($_ =~ /^HOSTNAME=(.+)$/);
}
close NETWK;
my @names = split (/./, "$fqn");
$host = $names[0];
$dmain = $names[1];
$tld = $names[2];
# Clobber /etc/hosts
####################
open HOSTS, ">/etc/hosts" or die "Can't open hosts: $!";
# Print local info
##################
print HOSTS "# Generated by dhcphosts.plnn";
print HOSTS "# Gotta have loopbackn";
print HOSTS "127.0.0.1tlocalhost.localdomaintlocalhostnn";
print HOSTS "# This box...n";
print HOSTS "$ipt$fqnt$hostnn";
print HOSTS "# Remaining network hostsn";
# Scan, parse and print the remaining network
#############################################
my $nmap = new Nmap::Parser;
$nmap->parsescan ($path, $args, @ips);
for my $host ($nmap->all_hosts()) {
$ip_addr = $host->addr;
$mac_addr = $host->mac_addr;
if ($mac_addr =~ /.{2}:.{2}:.{2}:.{2}:.{2}:.{2}/) {
# Fill in your MACs and hostnames here
if ($mac_addr =~ /XX:XX:XX:XX:XX:XX/) {
print HOSTS "$ip_addrthostname1.$dmain.$tldthostname1n";
}
elsif ($mac_addr =~ /XX:XX:XX:XX:XX:XX/) {
print HOSTS "$ip_addrthostname2.$dmain.$tldthostname2n";
}
elsif ($mac_addr =~ /XX:XX:XX:XX:XX:XX/) {
print HOSTS "$ip_addrthostname3.$dmain.$tldthostname3n";
}
elsif ($mac_addr =~ /XX:XX:XX:XX:XX:XX/) {
print HOSTS "$ip_addrthostname4.$dmain.$tldthostname4n";
}
}
}
# Clean up
##########
close HOSTS;
__END__
=pod
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
=cut
((no less 'of'; my $self) Using multiple instances of Nmap::Parser is extremely useful in helping audit/monitor the network Policy (ohh noo! its that ‘P’ word!). In this example, we have a set of hosts that had been scanned previously for tcp services where the image was saved in base_image.xml. We now will scan the same hosts, and compare if any new tcp have been open since then (good way to look for suspicious new services). Easy security Compliance detection. (ooh noo! The ‘C’ word too!).
use Nmap::Parser;
use vars qw($nmap_exe $nmap_args @ips);
my $base = new Nmap::Parser;
my $curr = new Nmap::Parser;
$base->parsefile('base_image.xml'); #load previous state
$curr->parsescan($nmap_exe, $nmap_args, @ips); #scan current hosts
for my $ip ($curr->get_ips )
{
#assume that IPs in base == IPs in curr scan
my $ip_base = $base->get_host($ip);
my $ip_curr = $curr->get_host($ip);
my %port = ();
#find ports that are open that were not open before
#by finding the difference in port lists
my @diff = grep { $port{$_} < 2}
(map {$port{$_}++; $_}
( $ip_curr->tcp_open_ports ,
$ip_base->tcp_open_ports ));
print "$ip has these new ports open: ".join(',',@diff)
if(scalar @diff);
for (@diff){
print "$_ seems to be ",
$ip_curr->tcp_service($_)->name,
"\n";
}
}