Open-AudIT

What's on your network?
It is currently Wed Jan 17, 2018 5:21 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: Nmap Results
PostPosted: Thu Jun 21, 2012 9:20 am 
Offline
Newbie

Joined: Tue Jun 19, 2012 1:42 pm
Posts: 3
Hi Everyone,

I am having some issues with the nmap_linux.sh script.

I have multiple subnets in use for differing WANs connected via Cisco Routers. I can ping workstations and portscan them and get results via windows tools no worries so i think all the networking side of the equation is fine. I can also run the windows audit.vbs scripts and get input into the OA system so it isn't a webpage permission thing

I run this script which I don't think i have changed from the initial installed version beyond changing IP address ranges.

#!/bin/bash

for ((a=1; a <=254 ; a++))
do
echo "192.168.024.$a"
nmap_file="nmap_file.txt"
nmap_input=`nmap -v -O -oN $nmap_file 192.168.024.$a`
nmap_output=`cat $nmap_file`
wget -q --post-data="submit=submit&add=$nmap_output" http://192.168.1.251/OA/admin_nmap_input.php
rm "$nmap_file"
rm "admin_nmap_input.php"
done


The script works flawlessly for 192.168.1.XXX range and i get results in the OA system however if i put in any of the other subnets the results do not show. Is there anything in particular that needs to be changed to allow non local nmap results or perhaps if i comment the removal is there anything i should look for in the admin_nmap_input.php.1 -254 files that might give me some insight as to if the file isn't working correctly?


Top
 Profile  
Reply with quote  
 Post subject: Re: Nmap Results
PostPosted: Thu Jun 21, 2012 12:49 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
The current nmap input code doesn't handle missing MAC address info. When you nmap scan across subnets you don't get MAC address info. You'll need to run the scan from within the target subnet.

Or fix the code to handle missing MAC address.


Top
 Profile  
Reply with quote  
 Post subject: Re: Nmap Results
PostPosted: Thu Jun 21, 2012 2:31 pm 
Offline
Newbie

Joined: Tue Jun 19, 2012 1:42 pm
Posts: 3
physically or logically?

i see 3 ways of getting around it without fixing code.....

1 set up more IPs on the eth interface

2 VPN into each sub-net

3 remotely run the nmap stuff on a sub-net based PC...

i prefer option 1 and 2 but only 3 transcends the physicality issue


Top
 Profile  
Reply with quote  
 Post subject: Re: Nmap Results
PostPosted: Fri Jun 22, 2012 1:25 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
Physically: it's just the way IP works; MAC address isn't routed. I would go with Option 3. I do use Option 3.


Top
 Profile  
Reply with quote  
 Post subject: Re: Nmap Results
PostPosted: Fri Jun 22, 2012 10:52 am 
Offline
Newbie

Joined: Tue Jun 19, 2012 1:42 pm
Posts: 3
Thanks JPA,

Solution in place on 2 of the sites. Makes sense to see the php knowing no MAC is provided.

modding the script to do some sort of a dummy MAC thing where the IP dummies in as the MAC might work but i'll worry about it when OAv2 Lands as it may be addressed in there also now mark is aware of it....(i found your older post re NMAP and see your a contributor in the file)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group