Can you provide us some tips to use this nmap hack to achieve the best possible results?
You achieve the best results, by choosing the appropriate scanning options for Nmap. This is no trivial task, as numerous books, YouTube videos and articles show. If you ask Nmap the wrong question, it will answer it, but the result is not satisfying. For tiny scans, lets say one host and two ports, it might be a lot of overhead, because you can easily do this in the console. But if you want to document it well, then you should also save the scan as xml file. No need to add the Bootstrap XSL stylesheet while scanning. You can always add it later.
The Bootstrap XSL is best for scanning multiple hosts with multiple services. Some people already scanned a /16 DMZ (64K hosts) and got Megabytes of results. Some people do not like to read all this in a flat black and white terminal. With the Bootstrap XSL you can search, filter and sort your scan results. So for example if you are focusing on web applications, you can filter for http and sort by hostname. This makes later enumeration and documentation a lot easier and less prone to mistakes. And if you have to explain some scan results to people, who are not so familiar with a terminal, they will have a better experience, too.
What came as a motivation for the development of this minimal and great hack?
Thank you very much. I appreciate it!
Oh, this is a fun story. As always, somebody had a bad day (me) and goofed up the proper enumeration for a host and spent hours trying to find an initial attack vector for a lab machine, without success. Usually I work with a terminal and a browser side-by-side. The next day I read my scan result again, but in a maximized browser window, as I hadn't opened my terminal, yet.
The scan results looked a bit different. Suddenly it had more text. Some text was cut off the view-port as I halved the browser window. After a few minutes I was finished with spotting all differences and there was my initial foothold. The missing piece of information I needed for a successful compromise was hidden, all day long. I sat back, sighed and thought 20 minutes about this lesson learned.
After a few minutes it was clear, that I had made a mistake. I ran a script scan with long output lines and tried to view it in a small browser window and I knew that sometimes the lines would be cut off. Not very smart. As I did not want to begin resizing the browser window during enumeration all the time, I looked for a solution to that problem. I knew that I could fix this with some simple CSS, but after a while I felt an itch: I wanted to redo the XSL in a framework, so that I had not to deal with CSS hacks in the future.
I took the original XSL file as a reference and tried to understand how it worked. Because Benjamin Erb (author of the first XSL file) did an awesome job by writing a well structured XSL, I could learn how all parts of it worked. After two evenings the prototype was finished. I polished it and uploaded it to GitHub. Wrote a tweet about it, which somehow exploded. I did not expect this. But I really want to thank all people out there for their great feedback. This is what fuels my motivation.
Can you tell us a bit more about yourself
Sure, my name is Andreas Hontzia. I am 35 years old and I live in Munich, Germany. I work as an IT Security Engineer in an industrial company. My first contact with hacking was over 20 years ago. So I made my hobby my job. I love to run Linux (mostly Kali and Arch, started with SuSE Linux in the late 90s). I hack for fun and profit. Occasionally I write a bit on Medium. Sometimes I give talks on information security events.
If you have any questions or just want to drop me a line, feel free to contact me.
Twitter: https://twitter.com/honze_net
Medium: https://medium.com/@honze_net