Solved

Running Nmap on a schedule

Posted on 2016-08-17
3
392 Views
Last Modified: 2016-09-05
What is the best way to run Nmap on a schedule in windows.

We want to be able to run Nmap scans on a daily basis that are run on a schedule.
0
Comment
Question by:VH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 100 total points (awarded by participants)
ID: 41759161
Here is a summary of nmap commands:

http://bencane.com/2013/02/25/10-nmap-commands-every-sysadmin-should-know/

Work out the commands you want and then, you can also output to a file using a command: nmap -oG test.txt

Once you have worked out this, you can make a scheduled task with Task Scheduler.
0
 
LVL 64

Accepted Solution

by:
btan earned 400 total points (awarded by participants)
ID: 41759187
By default there isn't a NMAP scheduled scan. But there can be a script with other tools to work off something similar. But the example is for non-windows for e.g. Using Nmap, Ndiff, cron, and a shell script, it's possible to scan a network daily and get email reports of the state of the network and changes since the previous scan
https://nmap.org/book/ndiff-man-periodic.html
But I am thinking ZenMap for Windows and tap on windows scheduler for the schedule approach as well as have ndiff to compare btw differen XML result from the scan. But it is not readily automated. There is a Scandiff tools that is based on Powershell that does this
Scandiff is a PowerShell script to automate host discovery and scanning with nmap. This script was written to perform nmap host discovery and port scanning from a remote network and send the results to a recipient through email. After discovering and scanning hosts, scandiff performs an nmap ndiff on the output against previous results, 7zips all generated output, and optionally emails all output to a specified email address.
Using scandiff:
 .\scandiff-0.9.ps1 -frequency [daily|weekly] -basename foo -outdir X:\path\to\output\directory -targets (nmap-style target specification or path to file containing targets) -email [0|1] -discover [0|1]

Example:
 ./scandiff.ps1 -frequency daily -basename nmap-output -targets 192.168.1.10-25,scanme.nmap.org
 ./scandiff.ps1 -frequency daily -basename nmap-output -targets c:\targets.txt

Scandiff takes a number of arguments. The usage of each argument is described below:

PARAMETER frequency
 Frequency is either daily or weekly.

Daily performs discovery using a limited set of ports and performs an nmap scan using the default nmap TCP port list.

Weekly performs a discovery using a limited set of ports and performs an nmap scan using the full TCP port range and a limited set of UDP ports defined in the script.
https://github.com/hardwaterhacker/scandiff
https://hardwatersec.blogspot.sg/2014/10/automating-host-discovery-nmap-and.html

But primarily, you should consider your target topology and aggressiveness when in scheduling of NMAP scan as it affect the finding accuracy and resource required for a timely picture update of your system. For example, you will not want to have too big of a window span in between scans nor have a very short window span such that the scan is almost back to back that these scanning does not give any timely or significant results respectively. You can check out consideration for the scan times (below) and it stated techniques for improving scan times include omitting non-critical tests, and upgrading to the latest version of Nmap (performance enhancements are made frequently). For e.g. Optimizing timing parameters can also make a substantial difference. Those options are listed below.

--min-hostgroup <numhosts>; --max-hostgroup <numhosts> (Adjust parallel scan group sizes)
--min-parallelism <numprobes>; --max-parallelism <numprobes> (Adjust probe parallelization)
--min-rtt-timeout <time>, --max-rtt-timeout <time>, --initial-rtt-timeout <time> (Adjust probe timeouts)
--max-retries <numtries> (Specify the maximum number of port scan probe retransmissions)
--host-timeout <time> (Give up on slow target hosts)
--scan-delay <time>; --max-scan-delay <time> (Adjust delay between probes)
--min-rate <number>; --max-rate <number> (Directly control the scanning rate)

Furthermore, you (which you may already know) can specify them with the -T option and their number (0–5) or their name.  

-T paranoid|sneaky|polite|normal|aggressive|insane (Set a timing template)  

The template names are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5) as below:

T0 - The main effects of T0 are serializing the scan so only one port is scanned at a time, and waiting five minutes between sending each probe.
T1 and T2 are similar but they only wait 15 seconds and 0.4 seconds, respectively, between probes.
T3 is Nmap's default behavior, which includes parallelization.
T4 does the equivalent of --max-rtt-timeout 1250ms --min-rtt-timeout 100ms --initial-rtt-timeout 500ms --max-retries 6 and sets the maximum TCP scan delay to 10 milliseconds.
T5 does the equivalent of --max-rtt-timeout 300ms --min-rtt-timeout 50ms --initial-rtt-timeout 250ms --max-retries 2 --host-timeout 15m as well as setting the maximum TCP scan delay to 5 ms.
0
 
LVL 64

Expert Comment

by:btan
ID: 41784462
Scheduled means to run and leverage on scripts shared
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Part One of the two-part Q&A series with MalwareTech.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question