This is the ninth in a series of tips on how to use Nmap in an enterprise network environment.
For a security tool to be useful you have to be able to understand what it's telling you about the setup, security, or weak points of your system or network. With Nmap you can run very comprehensive tests. To analyze the results it is often best to have the output recorded in XML format so that it can be easily imported into a database or converted into HTML for analysis and human consumption.
You can have Nmap's output saved as XML by adding the -oX option to your Nmap command, as in:
<![CDATA[nmap -A -oX scanreport.xml www.yourorg.com]]>
To organize and make the XML output more presentable, you can use the style sheet option (--stylesheet). The XML file will point to a style sheet for formatting and transformation using the eXtensible Stylesheet Language (XSL), which describes how the XML document should be displayed. Nmap includes a default XSL styles sheet called nmap.xsl, the latest version of which you can also reference by including the full URL in the command line:
<![CDATA[nmap -A -oX --stylesheet http://insecure.org/nmap/data/nmap.xsl scanreport.xml www.yourorg.com]]>
Referencing a style sheet located on the Web enables you to view correctly formatted results on a machine that doesn't have Nmap or nmap.xsl installed. You can, of course, also opt to use your own style sheet.
The main advantage of Nmap being a command-line application is that it is easier to run from a script, and precise scans can be executed without having to set lots of different options. However this can be intimidating for new and infrequent users. NmapFE is a graphical X Window front end for Nmap. Most of its options correspond directly to Nmap options, allowing you to select your targets, set your scanning options and view the results of your scan. It also shows you the actual Nmap command you're creating on the command line, which is a great way to learn how to construct complex Nmap command line instructions.
Although there is no official release date, Nmap creator Fyodor hopes to have a compatible version of NmapFE for Windows out this year. Meanwhile, you can try using NMapWin, which is a Windows front-end for Nmap with a similar look and feel to the GTK style front-end of NmapFE, and includes all of Nmap's command line switches. It can be downloaded from nmapwin.sourceforge.net/.
Various simple Web-based interfaces to Nmap also exist, allowing Nmap to be controlled using a Web browser. Nmap-web available at www.komar.org/pres/nmap-web/ is a Perl-based Web interface for machines running on Unix or Linux, and allows you to select a list of ports and a list of hosts for Nmap to scan for open ports. Localscan also requires Perl and is designed to reduce the amount of unwanted information returned by Nmap scans of a given subnet by using a list of "ignore this host/port combination" rules. More information is available at staff.washington.edu/dgreene/localscan/.
NMAP TECHNICAL MANUAL
Introduction
Nmap: A valuable open source tool for network security
How to install and configure Nmap for Windows
How to install and configure Nmap on Linux
How to scan ports and services
More port scanning techniques
Firewall configuration testing
Techniques for improving Nmap scan times
Interpreting and acting on Nmap scan results
Nmap parsers and interfaces
Nmap and the open source debate
