Should I use Nmap::Parser or Nmap::Scanner to audit a network?
-
19-09-2019 - |
Question
I'd like to audit the equipment of my large network in the fastest way possible. Should i use Nmap::Parser
or Nmap::Scanner
?
I want to create a list of IP addresses that return a ping as well as a related OS footprint and identification.
Example:
ping 192.168.*.*
Then when I get a successful ping, store the IP address in a hash along with a guess of what the OS is
Solution
Whether you use Nmap::Parser
or Nmap::Scanner
, you have to run the same scan with Nmap, so there is no speed difference between the two.
Here's an example using Nmap::Scanner
which does approximately what you want, reporting the status of the hosts and attempting to OS fingerprint them if they are up, storing the results in a hash. You should be able to extend it as needed.
#!/usr/bin/perl
use strict;
use warnings;
use Nmap::Scanner;
my %network_status;
my $scanner = new Nmap::Scanner;
$scanner->register_scan_complete_event(\&scan_completed);
$scanner->guess_os();
$scanner->scan('-O 192.168.*.*');
foreach my $host ( keys %network_status ) {
print "$host => $network_status{$host}\n";
}
sub scan_completed {
my $self = shift;
my $host = shift;
my $hostname = $host->hostname();
my $addresses = join(',', map {$_->addr()} $host->addresses());
my $status = $host->status();
print "$hostname ($addresses) is $status ";
my $os_name = 'unknown OS';
if ( $status eq 'up' ) {
if ( $host->os() && $host->os()->osmatches() ) {
my ($os_type) = $host->os()->osmatches();
$os_name = $os_type->name();
}
print "($os_name)";
}
print "\n";
$network_status{$addresses} = $os_name;
}
OTHER TIPS
Well, one of those is a parser for data you already have, and one of those is a scanner that creates data. Use the one that does the job that you need. Which part of the task is causing the problem?