Open-AudIT
https://www.open-audit.org/phpBB3/

Nmap Results
https://www.open-audit.org/phpBB3/viewtopic.php?f=10&t=5893
Page 1 of 1

Author:  fastidius [ Thu Jun 21, 2012 9:20 am ]
Post subject:  Nmap Results

Hi Everyone,

I am having some issues with the nmap_linux.sh script.

I have multiple subnets in use for differing WANs connected via Cisco Routers. I can ping workstations and portscan them and get results via windows tools no worries so i think all the networking side of the equation is fine. I can also run the windows audit.vbs scripts and get input into the OA system so it isn't a webpage permission thing

I run this script which I don't think i have changed from the initial installed version beyond changing IP address ranges.

#!/bin/bash

for ((a=1; a <=254 ; a++))
do
echo "192.168.024.$a"
nmap_file="nmap_file.txt"
nmap_input=`nmap -v -O -oN $nmap_file 192.168.024.$a`
nmap_output=`cat $nmap_file`
wget -q --post-data="submit=submit&add=$nmap_output" http://192.168.1.251/OA/admin_nmap_input.php
rm "$nmap_file"
rm "admin_nmap_input.php"
done


The script works flawlessly for 192.168.1.XXX range and i get results in the OA system however if i put in any of the other subnets the results do not show. Is there anything in particular that needs to be changed to allow non local nmap results or perhaps if i comment the removal is there anything i should look for in the admin_nmap_input.php.1 -254 files that might give me some insight as to if the file isn't working correctly?

Author:  jpa [ Thu Jun 21, 2012 12:49 pm ]
Post subject:  Re: Nmap Results

The current nmap input code doesn't handle missing MAC address info. When you nmap scan across subnets you don't get MAC address info. You'll need to run the scan from within the target subnet.

Or fix the code to handle missing MAC address.

Author:  fastidius [ Thu Jun 21, 2012 2:31 pm ]
Post subject:  Re: Nmap Results

physically or logically?

i see 3 ways of getting around it without fixing code.....

1 set up more IPs on the eth interface

2 VPN into each sub-net

3 remotely run the nmap stuff on a sub-net based PC...

i prefer option 1 and 2 but only 3 transcends the physicality issue

Author:  jpa [ Fri Jun 22, 2012 1:25 am ]
Post subject:  Re: Nmap Results

Physically: it's just the way IP works; MAC address isn't routed. I would go with Option 3. I do use Option 3.

Author:  fastidius [ Fri Jun 22, 2012 10:52 am ]
Post subject:  Re: Nmap Results

Thanks JPA,

Solution in place on 2 of the sites. Makes sense to see the php knowing no MAC is provided.

modding the script to do some sort of a dummy MAC thing where the IP dummies in as the MAC might work but i'll worry about it when OAv2 Lands as it may be addressed in there also now mark is aware of it....(i found your older post re NMAP and see your a contributor in the file)

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/