Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

scan
a scanning script to gather port and OS information from hosts

scan - a scanning script to gather port and OS information from hosts


NAME

scan - a scanning script to gather port and OS information from hosts


SYNOPSIS


 scan.pl [--nmap <NMAP_EXE>] <IP_ADDR> [<IP.ADDR> ...]

 scan.pl --xml <SCAN.XML>


DESCRIPTION

This script uses the nmap security scanner with the Nmap::Parser module in order to run quick scans against specific hosts, and gather all the information that is required to know about that specific host which nmap can figure out. This script can be used for quick audits against machines on the network and an educational use for learning how to write scripts using the Nmap::Parser module. This script uses the -sV output to get version information of the services running on a machine. This requires nmap version 3.49+


OPTIONS

These options are passed as command line parameters.

--nmap
The path to the nmap executable. This should be used if nmap is not on your path.

-h,--help,-?
Shows this help information.

--xml
Processes the given nmap xml scan file. This file is usually generated by using the '-oX filename.xml' command line parameter with nmap.


TARGET SPECIFICATION

This documentation was taken from the nmap man page. The IP address inputs to this scripts should be in the nmap target specification format.

The simplest case is listing single hostnames or IP addresses onthe command line. If you want to scan a subnet of IP addresses, you can append '/mask' to the hostname or IP address. mask must be between 0 (scan the whole internet) and 32 (scan the single host specified). Use /24 to scan a class 'C' address and /16 for a class 'B'.

You can use a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class 'B' network 128.210.*.* by specifying '128.210.*.*' or '128.210.0-255.0-255' or even use the mask notation: '128.210.0.0/16'. These are all equivalent. If you use asterisks ('*'), remember that most shells require you to escape them with back slashes or protect them with quotes.

Another interesting thing to do is slice the Internet the other way.

Examples:


 scan.pl 127.0.0.1

 scan.pl target.example.com

 scan.pl target.example.com/24

 scan.pl 10.210.*.1-127

 scan.pl *.*.2.3-5

 scan.pl 10.[10-15].10.[2-254]


OUTPUT EXAMPLE

These are ONLY examples of how the output would look like. Not the specs to my machine


 Scan Host

 --------------------------------------------------

 [>] 127.0.0.1

        [+] Status: (UP)

        [+] Hostname(s) :

                host1

                host1_2

        [+] Uptime :

                1973 seconds

        [+] Last Rebooted :

                Tue Jul  1 14:15:27 2003

        [+] OS Names :

                Linux Kernel 2.4.0 - 2.5.20

                Solaris 9

        [+] OS Classes :

                TYPE                 VENDOR (OSFAMILY) [VERSION] {ACCURACY}

                ------------------------------------------------------------

                router              Redback (     AOS) [       ]   97%

                broadband router    Thomson (embedded) [       ]   97%

                switch                 Fore (embedded) [       ]   92%

                printer               Xerox (embedded) [       ]   91%

                broadband router    Redback (embedded) [       ]   90%

                firewall          SonicWall (embedded) [       ]   90%

                switch            Enterasys (embedded) [       ]   90%

                WAP                   Cisco (embedded) [       ]   90%

                broadband router    Alcatel (embedded) [       ]   90%

                general purpose         Sun (   SunOS) [       ]   90%

                general purpose       Linux (   Linux) [  2.4.x]   50%

        [+] TCP Ports :

                PORT   SERVICE    (PRODUCT       ) [VERSION ] EXTRA

                ------------------------------------------------------------

                21     ftp        (ProFTPD       ) [1.2.5rc1]

                22     ssh        (OpenSSH       ) [3.4p1   ] protocol 1.99

                25     smtp       (Exim smtpd    ) [3.35    ]

                26     ssh        (OpenSSH       ) [3.6.1p1 ] protocol 1.99

                112    rpcbind    (              ) [2       ]

                113    ident      (OpenBSD identd) [        ]

                953    rndc       (              ) [        ]

        [+] UDP Ports :

                PORT   SERVICE    (PRODUCT       ) [VERSION ] EXTRA

                ------------------------------------------------------------

                80     http       (Apache httpd  ) [1.3.26  ] (Unix) Debian GNU/Linux


SUPPORT

Discussion Forum

If you have questions about how to use the module, or any of its features, you can post messages to the Nmap::Parser module forum on CPAN::Forum. http://www.cpanforum.com/dist/Nmap-Parser

Bug Reports

Please submit any bugs to: http://sourceforge.net/tracker/

Please make sure that you submit the xml-output file of the scan which you are having trouble. This can be done by running your scan with the -oX filename.xml nmap switch. Please remove any important IP addresses for security reasons.

Feature Requests

Please submit any requests to: http://sourceforge.net/tracker/


SEE ALSO

the Nmap::Parser manpage

The Nmap::Parser page can be found at: http://nmapparser.wordpress.com or http://npx.sourceforge.net. It contains the latest developments on the module. The nmap security scanner homepage can be found at: http://www.insecure.org/nmap/.


AUTHOR

Anthony G Persaud http://www.anthonypersaud.com


COPYRIGHT

MIT License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the ``Software''), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy