Nmap Development: Re: Parallelize OS Fingerprinting?

[Bill Petersen <bill.petersen () alcatel com>]

How about when you are scanning over 60,000 machines in an address space 
of about 1 million IPs!

I agree, I need parallelization anywhere I can get it.

One way I have tried as well is a script similar to what you have, but 
running 150 scans at a time in parallel, with the script watching for 
one to complete before starting the next one.  One of the limiting 
factors for me is the memory footprint of nmap.  Each takes about 10MB 
last time I looked, and so you have to have a lot of RAM to do the 
massive scans I need to run.

I would love to be able to run just one nmap which handles all of the 
parallelization itself.

Bill Petersen, CISSP
Senior Information Security Analyst
Alcatel North America Information Security
Bill.Petersen () alcatel com
Voice: 972-519-4249
Fax:   972-477-5300



Thomas Loch wrote:

> Currently I'm parallelizing scans by using a bash script like the one 
> attached. It starts nmap in background, waits for all scans to 
> complete and sends the summarized results to a specified email address.
>
> I never scan more than 10 or 15 hosts at a time (and use a very old 
> version of nmap :) so this is most likely not a convenient way to scan 
> 100+ hosts but I hope it is helpful to someone until parallel scanning 
> is implemented.
>
> ------------------------------------------------------------------------
>
> #!/bin/bash
>
> # hosts to scan
> hosts=( host1 host2 host3 )
>
>
> # clean up old scan results
> rm nmap.* 2>/dev/null
>
> # launch scans in background
> for host in ${hosts[ () ]}
> do
>       nmap -v -sS -O $host >nmap.$host &
>       # with errors
>       #nmap -v -sS -O $host >nmap.$host 2>nmap.$host.err &
>       echo "starting scan for $host"
> done
>
> # wait for their completion
> wait
>
> # summarize results
> grep 'Interesting ports on\|scanned but not shown below\| open \| closed \| filtered ' nmap.* >nmap.__results
> # shorter summary:
> #grep 'tcp \|udp ' nmap.* >nmap.__results
> # this may be more suitable when focusing on OS detection:
> #grep 'Interesting ports on\|OS details\|Running\|Device type' nmap.*  >nmap.__results
>
> # pack 'em together
> tar -cjf nmap.tar.bz2 nmap.*
>
> # mail me my results + summary
> # NOTE: biabam.nmap is a slightly modified version of the biabam
> # bash attachment mailer that does not prompt for a message body!
> biabam.nmap nmap.tar.bz2 -s 'NMAP run complete!!' root () servers lan
>  
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
>  

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev