Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

Ndiff - Utility for Comparing Nmap Scan Results

Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it compares two nmap scans and outputs the differences. It allows monitoring of your network(s) for interesting changes in port states and visible hosts.

Many people like to scan their networks regularly (daily, weekly, etc.) and then use ndiff to easily detect any changes. The first step is to obtain a baseline of accessible systems and services. The follow-on scans will then identify discrepancies from the baseline, alerting your organisation to these changes.

Ndiff can produce output in human-readable text or machine-readable XML formats. The scans, ndiff run, and emailed report are often automated using tools such as cron on UNIX or the Scheduled Tasks tool on Windows. It should be useful to network administrators, security analysts, and other interested parties who need to monitor large networks in an organised fashion.

You can run Ndiff from Zenmap (GUI based) under the Tools tab


or using the the good old way command line:
ndiff scan1.xml scan2.xml


The highlighted output shows the difference in the scan results. 1st scan shows ssh and telnet ports were opened on host (192.168.1.203) but the 2nd scan shows both ports are closed.

1 comments:

Rainbow said...

1 of hacking software

 
Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!