This is the ninth in a series of tips on how to use Nmap in an enterprise network environment.
For a security tool to be useful, you have to be able to understand what it's telling you about the setup, security or weak points of your system or network. The Nmap parser allows users to run very comprehensive tests. To analyze the results it is often best to have the output recorded in XML format so that it can be easily imported into a database or converted into HTML for analysis and human consumption.
You can have Nmap's output saved as XML by adding the -oX option to your Nmap command, as in:
nmap -A -oX scanreport.xml www.yourorg.com
To organize and make the XML output more presentable, you can use the style sheet option (--stylesheet). The XML file will point to a style sheet for formatting and transformation using the eXtensible Stylesheet Language (XSL), which describes how the XML document should be displayed. The Nmap parser includes a default XSL styles sheet called nmap.xsl, the latest version of which you can also reference by including the full URL in the command line:
nmap -A -oX --stylesheet http://insecure.org/nmap/data/nmap.xsl scanreport.xml www.yourorg.com
Referencing a style sheet located on the Web enables you to view correctly formatted results on a machine that doesn't have Nmap or nmap.xsl installed. You can, of course, also opt to use your own style sheet.
The main advantage of Nmap being a command-line application is that it is easier to run from a script, and precise scans can be executed without having to set lots of different options. However, this can be intimidating for new and infrequent users. NmapFE is a graphical X Window front end for Nmap. Most of its options correspond directly to Nmap options, allowing you to select your targets, set your scanning options and view the results of your scan. It also shows you the actual Nmap command you're creating on the command line, which is a great way to learn how to construct complex Nmap command line instructions.
Although there is no official release date, Nmap creator Fyodor hopes to have a compatible version of NmapFE for Windows out this year. Meanwhile, you can try using NMapWin, which is a Windows front-end for Nmap with a similar look and feel to the GTK style front-end of NmapFE, and includes all of Nmap's command line switches. It can be downloaded from nmapwin.sourceforge.net/
Various simple Web-based interfaces to Nmap also exist, allowing Nmap to be controlled using a Web browser. Nmap-web available at www.komar.org/pres/nmap-web/ is a Perl-based Web interface for machines running on Unix or Linux, and allows you to select a list of ports and a list of hosts for Nmap to scan for open ports. Localscan also requires Perl and is designed to reduce the amount of unwanted information returned by Nmap scans of a given subnet by using a list of "ignore this host/port combination" rules.
Nmap technical manual
- An introduction to Nmap
- Nmap: A valuable open source tool for network security
- How to install and configure Nmap for Windows
- How to install and configure Nmap on Linux
- How to scan ports and services with Nmap
- More port scanning techniques
- Firewall configuration testing
- Techniques for improving Nmap port scan times
- How to interpret and act on Nmap scan results
- Nmap parsers and interfaces
- Nmap and the open source debate
About the author:
Michael Cobb, CISSP-ISSAP, is a renowned security author with over 20 years of experience in the IT industry. He has a passion for making IT security best practices easier to understand and achievable. His website http://www.hairyitdog.com offers free security posters to raise employee awareness of the importance of safeguarding company and client data and of following good practices. He co-authored the book IIS Security and has written many technical articles for leading IT publications. Mike has also been a Microsoft Certified Database Manager and registered consultant with the CESG Listed Advisor Scheme (CLAS).
View a demonstration of using Nmap to scan a network
Read an interview with Nmap inventor Fyodor
Get some tips and tricks to using Nmap to scan a network