Multiple Instances
This is another way of using Nmap::Parser using multiple instances, for example, to check for host states. In this example, we have a set of hosts that have been scanned for tcp services and saved in base_image.xml. We now will scan the same hosts, and compare if any new tcp have been open since then (good way to look for suspicious new services). Easy security compliance detection.
use Nmap::Parser;
my $base = new Nmap::Parser;
my $curr = new Nmap::Parser;
$base->parsefile('base_image.xml'); #load previous state
$curr->parsescan($nmap_exe,$args,@ips); #scan current hosts
for my $ip ($curr->get_host_list()) #all ips scanned
{
#assume that IPs in base == IPs in curr scan
my $ip_base = $base->get_host($ip);
my $ip_curr = $curr->get_host($ip);
my %port = ();
#find ports that are open that were not open before
#by finding the difference in port lists
my @diff = grep { $port{$_} < 2}
(map {$port{$_}++; $_}
($ip_curr->tcp_ports('open'),$ip_base->tcp_ports('open')));
print "$ip has these new ports open: ".join(',',@diff) if(scalar @diff);
}
|
(1)
]
