PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-29 10:59:02 +00:00
Code Issues Projects Releases Wiki Activity
Files
ca933f1cbb1c1ec70c2a9ddcfda170656aaa58c9
nmap/ndiff/README
david 68e326252e Remove "other" from doubly consolidated port state change lines. When all the 
ports had the same state change, "other" doesn't make sense.
2008-09-19 00:33:35 +00:00

79 lines
2.8 KiB
Plaintext
Raw Blame History

Ndiff
Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it
takes two Nmap XML output files and prints the differences between them:
hosts coming up and down, ports becoming open or closed, and things like
that.
To install, run (as root)
python setup.py install
It's also possible to run the program from within the distribution
without installing it.
Use "ndiff --help" for usage instructions. Output can be in
human-readable text format ("ndiff --text") or machine-readable XML
format ("ndiff --xml").
Here is a sample of the text output:
$ ./ndiff test-scans/random-1.xml test-scans/random-2.xml
Thu Sep 11 11:39:32 2008 -> Tue Sep 16 13:59:22 2008
cuvtdnray-504.example.com (10.214.143.33):
Host is up, was unknown.
Add ipv4 address 10.214.143.33.
Add hostname cuvtdnray-504.example.com.
3389/tcp is open.
999 tcp ports are filtered.
scnqxez-842.example.com (10.189.71.117):
Remove hostname scnqxez-842.example.com.
10.226.19.80:
21/tcp is open, was filtered.
23/tcp is open, was filtered.
80/tcp is open, was filtered.
8701/tcp is filtered, was open.
ywnleu-108.example.com (10.242.160.155):
Host is up, was unknown.
Add ipv4 address 10.242.160.155.
Add hostname ywnleu-108.example.com.
1000 tcp ports are filtered.
Here is an abbreviated sample of the XML output:
$ ./ndiff --xml test-scans/random-1.xml test-scans/random-2.xml
<?xml version="1.0" encoding="UTF-8"?>
<nmapdiff>
<scandiff a-start="1221154772" b-start="1221595162">
<host>
<address addr="10.214.143.33" addrtype="ipv4"/>
<hostname name="cuvtdnray-504.example.com"/>
<host-state-change a-state="unknown" b-state="up"/>
<host-address-add>
<address addr="10.214.143.33" addrtype="ipv4"/>
</host-address-add>
<host-hostname-add>
<hostname name="cuvtdnray-504.example.com"/>
</host-hostname-add>
<port-state-change a-state="unknown" b-state="filtered" portid="1" protocol="tcp"/>
<port-state-change a-state="unknown" b-state="filtered" portid="3" protocol="tcp"/>
<port-state-change a-state="unknown" b-state="filtered" portid="4" protocol="tcp"/>
</host>
<host>
<address addr="10.189.71.117" addrtype="ipv4"/>
<hostname name="scnqxez-842.example.com"/>
<host-hostname-remove>
<hostname name="scnqxez-842.example.com"/>
</host-hostname-remove>
</host>
</scandiff>
</nmapdiff>
Ndiff started as a project by Michael Pattrick <mpattrick@rhinovirus.org>
during the 2008 Google Summer of Code. Michael designed the program and
led the discussion of its output formats. He wrote versions of the
program in Perl and C++, but the summer ended shortly after it was
decided to rewrite the program in Python for the sake of Windows
compatibility. This Python version is written by David Fifield
<david@bamsoftware.com>.
Ndiff web site: http://nmap.org/ndiff/
Reference in New Issue View Git Blame Copy Permalink