Should I use Nmap::Parser or Nmap::Scanner to audit a network?

Question

I'd like to audit the equipment of my large network in the fastest way possible. Should i use Nmap::Parser or Nmap::Scanner?

I want to create a list of IP addresses that return a ping as well as a related OS footprint and identification.

Example:

ping 192.168.*.*

Then when I get a successful ping, store the IP address in a hash along with a guess of what the OS is

Answer 1

Whether you use Nmap::Parser or Nmap::Scanner, you have to run the same scan with Nmap, so there is no speed difference between the two.

Here's an example using Nmap::Scanner which does approximately what you want, reporting the status of the hosts and attempting to OS fingerprint them if they are up, storing the results in a hash. You should be able to extend it as needed.

#!/usr/bin/perl

use strict;
use warnings;

use Nmap::Scanner;

my %network_status;

my $scanner = new Nmap::Scanner;
$scanner->register_scan_complete_event(\&scan_completed);
$scanner->guess_os();

$scanner->scan('-O 192.168.*.*');

foreach my $host ( keys %network_status ) {
    print "$host => $network_status{$host}\n";
}


sub scan_completed {
    my $self     = shift;
    my $host     = shift;

    my $hostname = $host->hostname();
    my $addresses = join(',', map {$_->addr()} $host->addresses());
    my $status = $host->status();

    print "$hostname ($addresses) is $status ";

    my $os_name = 'unknown OS';
    if ( $status eq 'up' ) {
        if ( $host->os() && $host->os()->osmatches() ) {
            my ($os_type) = $host->os()->osmatches();
            $os_name = $os_type->name();
        }
        print "($os_name)";
    }
    print "\n";

    $network_status{$addresses} = $os_name;
}

Answer 2

Well, one of those is a parser for data you already have, and one of those is a scanner that creates data. Use the one that does the job that you need. Which part of the task is causing the problem?