Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
NMAP scan script for repeatable scans of the same target. Can target hosts or range of hosts
#!/bin/bash
# This script allows you to perform an nmap scan against targets listed in a TXT file.
# Target can be a single IP, a hostname, or a network range (i.e. 192.168.2.0/24; 10.1.2.10-25)
# Nmap will output in XML file, which then will be converted to HTML for web viewing.
# The file will be copied to the web server folder when it can be viewed in a browser.
# It may be publically viewable, so choose wisely!
# Scan can be run on a schedule, it will save old scan copies
# Optionally, use mailx or sendmail or whatever you want to email yourself when the scan is done
# Exit script on error
set -ex
# Substitute for client acronym, i.e.: NWO, or anything you want. Will be used later as folder name
CLIENT="xxxxx"
# Don't forget to create the $CLIENT.txt file with the scan target host, IP, or network range
# Capture output to a log file
exec &> /var/www/$CLIENT.log
# Create an archive folder to old reports if the folder doesn't exist
mkdir -p -v /var/www/$CLIENT/$CLIENT/old
# Run the actual nmap scan
nmap --script vuln --open -sV -O --osscan-limit -R -sS -T4 -Pn -oX /var/www/$CLIENT/$CLIENT_scan.xml -iL $CLIENT.txt
# Move old reports into archive folder
mv -v /var/www/$CLIENT/*_report.html /var/www/$CLIENT/old/
# Convert the result XML file into HTML file
xsltproc /var/www/$CLIENT/$CLIENT_scan.xml -o "/var/www/$CLIENT/$CLIENT_`date +%m%d%y`_report.html"
cd /var/www/$CLIENT
# Create a symlink to the report file for easier web browsing
ln -s -f $CLIENT_*_report.html index.html
# Give proper permissions to be web-viewable
chmod 775 /var/www/$CLIENT/*
# Change ownership to your web server user
chown -v -R www:www /var/www/$CLIENT/* /var/www/$CLIENT.*
# Send email alert that scan is done and include the report and the URL in the email
echo "Access the report here: http://your.website.com/$CLIENT/ " | mailx -r "root@localhost" -s "Nmap scan completed!" -q "/var/www/$CLIENT.log" -S smtp="smtp.gmail.com:587" -S smtp-use-starttls -S smtp-auth=login -S smtp-auth-user="user@email.com" -S smtp-auth-password="xxxxXXxxxXXx" -S ssl-verify=ignore user@email.com
echo "Access the report here: http://your.website.com/$CLIENT/ "
# Profit!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment