mirror of
https://github.com/nmap/nmap.git
synced 2026-01-03 05:09:14 +00:00
fd41fcd0f7
from 21/tcp is open, was filtered. 23/tcp is open, was filtered. 80/tcp is open, was filtered. 8701/tcp is filtered, was open. to -21/tcp filtered +21/tcp open ftp Netgear broadband router ftpd 1.0 -23/tcp filtered +23/tcp open telnet Netgear broadband router admin telnetd -80/tcp filtered +80/tcp open http Embedded Allegro RomPager webserver 4.07 UPnP/1.0 (ZyXEL ZyWALL 2) -8701/tcp open unknown +8701/tcp filtered
89 lines
3.3 KiB
Plaintext
89 lines
3.3 KiB
Plaintext
Ndiff
|
|
|
|
Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it
|
|
takes two Nmap XML output files and prints the differences between them:
|
|
hosts coming up and down, ports becoming open or closed, and things like
|
|
that.
|
|
|
|
To install, run (as root)
|
|
python setup.py install
|
|
It's also possible to run the program from within the distribution
|
|
without installing it.
|
|
|
|
Use "ndiff --help" for usage instructions. Output can be in
|
|
human-readable text format ("ndiff --text") or machine-readable XML
|
|
format ("ndiff --xml").
|
|
|
|
Here is a sample of the text output:
|
|
|
|
$ ./ndiff test-scans/random-1.xml test-scans/random-2.xml
|
|
Thu Sep 11 11:39:32 2008 -> Tue Sep 16 13:59:22 2008
|
|
cuvtdnray-504.example.com (10.214.143.33):
|
|
Host is up, was unknown.
|
|
Add ipv4 address 10.214.143.33.
|
|
Add hostname cuvtdnray-504.example.com.
|
|
+3389/tcp open microsoft-rdp Microsoft Terminal Service
|
|
999 tcp ports are filtered.
|
|
scnqxez-842.example.com (10.189.71.117):
|
|
Remove hostname scnqxez-842.example.com.
|
|
10.226.19.80:
|
|
-21/tcp filtered
|
|
+21/tcp open ftp Netgear broadband router ftpd 1.0
|
|
-23/tcp filtered
|
|
+23/tcp open telnet Netgear broadband router admin telnetd
|
|
-80/tcp filtered
|
|
+80/tcp open http Embedded Allegro RomPager webserver 4.07 UPnP/1.0 (ZyXEL ZyWALL 2)
|
|
-8701/tcp open unknown
|
|
+8701/tcp filtered
|
|
ywnleu-108.example.com (10.242.160.155):
|
|
Host is up, was unknown.
|
|
Add ipv4 address 10.242.160.155.
|
|
Add hostname ywnleu-108.example.com.
|
|
1000 tcp ports are filtered.
|
|
fiyrownc-307.example.com (10.65.53.252):
|
|
Host is unknown, was up.
|
|
Remove ipv4 address 10.65.53.252.
|
|
Remove hostname fiyrownc-307.example.com.
|
|
-8089/tcp open upnp Microsoft Windows UPnP
|
|
999 tcp ports changed state from filtered to unknown.
|
|
|
|
Here is an abbreviated sample of the XML output:
|
|
|
|
$ ./ndiff --xml test-scans/random-1.xml test-scans/random-2.xml
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<nmapdiff>
|
|
<scandiff a-start="1221154772" b-start="1221595162">
|
|
<host>
|
|
<address addr="10.214.143.33" addrtype="ipv4"/>
|
|
<hostname name="cuvtdnray-504.example.com"/>
|
|
<host-state-change a-state="unknown" b-state="up"/>
|
|
<host-address-add>
|
|
<address addr="10.214.143.33" addrtype="ipv4"/>
|
|
</host-address-add>
|
|
<host-hostname-add>
|
|
<hostname name="cuvtdnray-504.example.com"/>
|
|
</host-hostname-add>
|
|
<port-state-change a-state="unknown" b-state="filtered" portid="1" protocol="tcp"/>
|
|
<port-state-change a-state="unknown" b-state="filtered" portid="3" protocol="tcp"/>
|
|
<port-state-change a-state="unknown" b-state="filtered" portid="4" protocol="tcp"/>
|
|
</host>
|
|
<host>
|
|
<address addr="10.189.71.117" addrtype="ipv4"/>
|
|
<hostname name="scnqxez-842.example.com"/>
|
|
<host-hostname-remove>
|
|
<hostname name="scnqxez-842.example.com"/>
|
|
</host-hostname-remove>
|
|
</host>
|
|
</scandiff>
|
|
</nmapdiff>
|
|
|
|
Ndiff started as a project by Michael Pattrick <mpattrick@rhinovirus.org>
|
|
during the 2008 Google Summer of Code. Michael designed the program and
|
|
led the discussion of its output formats. He wrote versions of the
|
|
program in Perl and C++, but the summer ended shortly after it was
|
|
decided to rewrite the program in Python for the sake of Windows
|
|
compatibility. This Python version is written by David Fifield
|
|
<david@bamsoftware.com>.
|
|
|
|
Ndiff web site: http://nmap.org/ndiff/
|