Nmap Development mailing list archives

Re: feature request/discussion (--expected-ports)


From: David Fifield <david () bamsoftware com>
Date: Tue, 7 Aug 2012 10:02:36 -0700

On Mon, Aug 06, 2012 at 09:46:16AM -0300, Arturo 'Buanzo' Busleiman wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi team,

I've been using nmap to monitor port differences in hosts for years. Always parsing the output and
diffing.

But I was thinking, maybe a --expected-ports argument could be added, then nmap would warn? Maybe
this could be a post-scan nse script?

example:

nmap -sT --top-ports 1000 --expected-ports 80,443 $sometarget
nmap --script portdiff --script-args portdiff.expected=80,443 -sT --top-ports 1000 $sometarget

I haven't given this much thought, just wondering.

What do you think?

Maybe better to handle this with Ndiff. I can diff against a baseline
scan containing all the expected ports. You can probably cook up an
xmlstarlet starlet command to look for a port element with
state@state=="open" that is a child of a b element.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: