
Nmap Development mailing list archives
Re: feature request/discussion (--expected-ports)
From: David Fifield <david () bamsoftware com>
Date: Tue, 7 Aug 2012 10:02:36 -0700
On Mon, Aug 06, 2012 at 09:46:16AM -0300, Arturo 'Buanzo' Busleiman wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi team, I've been using nmap to monitor port differences in hosts for years. Always parsing the output and diffing. But I was thinking, maybe a --expected-ports argument could be added, then nmap would warn? Maybe this could be a post-scan nse script? example: nmap -sT --top-ports 1000 --expected-ports 80,443 $sometarget nmap --script portdiff --script-args portdiff.expected=80,443 -sT --top-ports 1000 $sometarget I haven't given this much thought, just wondering. What do you think?
Maybe better to handle this with Ndiff. I can diff against a baseline scan containing all the expected ports. You can probably cook up an xmlstarlet starlet command to look for a port element with state@state=="open" that is a child of a b element. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- feature request/discussion (--expected-ports) Arturo 'Buanzo' Busleiman (Aug 06)
- Re: feature request/discussion (--expected-ports) David Fifield (Aug 07)
- Re: feature request/discussion (--expected-ports) Arturo 'Buanzo' Busleiman (Aug 07)
- Re: feature request/discussion (--expected-ports) David Fifield (Aug 07)