OpenNetAdmin

Search:  
 
Trace: » start » plugins » download » installation » contrib » basic_concepts » getting_started » display_config_text » nmap_ona_audit.php
Table of Contents

nmap_ona_audit.php

This script has now been replaced by a built in plugin called ona_nmap_scans. Please refer to that page for a more complete tool. This will remain for those that still find it useful

Device auditing and initial device discovery would be a nice benefit to have. To that end I am providing an nmap based tool to scan a subnet range and provide a report. It has a lot of work to go but for now it is usable. I'm sure it has kinks to work out and more functionality to work in. Give it a try and give us some feedback!

Some future plans for it:

  • update a “last response” field for IPs scanned
  • store the “report” in some way. Admins can look at the report as time goes on and clean up any issues.
  • users should put this in a cron to run regularly
  • scan all subnets based on what is in the database instead of needing to be passed a subnet range.
  • probably more………..

Usage

Usage:
  nmap_ona_audit.php -s <IPRANGE> | -f <FILENAME>

Required:
    -s <ip range>        Perform a scan on the specified network
    or
    -f <FILENAME>        Process an existing nmap XML output file

Optional:
    -c                   Output commands to load into database

Read the nmap man page for variations of [ip range]. Here are some examples:
  198.116.0-255.1-127
  10.1.3.0/24

NOTE: The build output assumes you already have a valid subnet in
      the database for new hosts to associate with.

Example

hornet@server:~$ php nmap_ona_audit.php -s 172.22.22.0-10

Processing an NMAP scan of 11 hosts done on Sat Jul 26 16:15:00 2008. Direct scan using '172.22.22.0-10'

IP ENTRIES IN NETWORK BUT NOT IN DATABASE

172.22.22.1 (NOT-IN-DNS)
172.22.22.6 (filesrv)

DNS ENTRIES IN PRODUCTION DNS BUT NOT DATABASE (Based on PTR)

printer <= 172.22.22.5
filesrv <= 172.22.22.6

Here we can see that:

  • IP 172.22.22.1 was on the network and had no PTR record in DNS
  • IP 172.22.22.6 was on the network and did have a DNS name of filesrv
  • IP 172.22.22.5 was NOT on the network but did have a PTR record of printer
hornet@server:~$ php nmap_ona_audit.php -s 172.22.22.0-10 -c

ECHOING ADD COMMANDS. CAUTION: This assumes all are unique hosts, its not aware of
IPs that are combined on a single host or shared with other hosts!

dcm.pl -r host_add type="Unknown Unknown (Bulk loaded)"  ip=172.22.22.1    host=bulkloaded-172.22.22.1.example.com
dcm.pl -r host_add type="Unknown Unknown (Bulk loaded)"  ip=172.22.22.6    host=filesrv

Here we have the commands to load the database using the same data as above. Notice that the entry for 172.22.22.5 is not in the list. This is because it was not responding to pings so we cant assume that it really should be in the database, it could just be an old entry in a DNS server not managed by ONA.

 
utils/nmap_ona_audit.php.txt · Last modified: 2010/05/27 17:00 by matt
[[utils:nmap_ona_audit.php]]