[8816] in bugtraq

home help back first fref pref prev next nref lref last post

Nlog v1.0 Released - Nmap 2.x log management / analyzing tool

daemon@ATHENA.MIT.EDU (HD Moore)
Thu Dec 24 19:18:10 1998

Date: 	Wed, 23 Dec 1998 21:58:09 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: HD Moore <hdmoore@USA.NET>
To: BUGTRAQ@NETSPACE.ORG

n l o g    -  nmap 2.x log management and analyzer toolkit
----------------------------------------------------------------------------
--

Download and Live Demo at:   http://owned.commotion.org/~spinux


From the README:
----------------------------

NLog is a set of PERL scripts for managing and analyzing your nmap 2.0+ log
files.  It allows you to keep all of your scan logs in a single searchable
database.  The CGI interface for viewing your scan logs is completly
customizable and easy to modify and improve.  The core CGI script allows you
to add your own extension  scripts for different services, so all hosts with
a certain service running will have a hyperlink to the extension script.

An Overview:
------------------

Basically this is a multi-purpose web-based nmap log browser.  The extension
scripts allow you to get detailed information about specific services like
netbios, the RPC services, the finger service, and BIND version of a DNS
server.  It is extremely easy to create your own extensions for things like
a snmpwalk wrapper, a popper vulnerablility check, etc.

Nlog provides a standard database format to build your own scripts for any
purpose.  Whether to provide a graphical representation of a network or as a
web based service gateway to an internal network.  Included are the example
CGI scripts, the nmap log to database conversion tool, a sample template for
building your own PERL scripts, and couple extra scripts for dumping IP's
from a domain and the like.

A possible use of nlog is for a network administrator who scans his local
network regularly, to make sure none of the machines are listening on wierd
ports and that they all are running the services they should be.  A cron
script could scan his internal network, convert the log files to the
database format and store them on a web server by time or date.  The
adminstrator could then load the nlog search form page preferably protected
by the normal http authentication methods and run comparisons between
databases collected on different dates or at different times from anywhere.
If the web server is on a gateway machine, he could run RPC or finger
requests on the internal hosts through the CGI interface thus removing his
need to be on the possibly firewalled or masqued network to check a hosts
status.


This code is being released under no type of copyright.  I only ask that if
you are to use this in a commercial product, give me credit for the work
I've done.


--HD

home help back first fref pref prev next nref lref last post