Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nmap inventory scanner #1

Open
da-ekchajzer opened this issue Apr 14, 2022 · 0 comments
Open

nmap inventory scanner #1

da-ekchajzer opened this issue Apr 14, 2022 · 0 comments
Labels
network-scanner

Comments

@da-ekchajzer
Copy link
Collaborator

Problem

As a network administrator, I want to use cabestan to inventories the devices on my network from a network scan

Solution

Using nmap we can scan an IP range, identify some information about devices behind the IP address.

Feature 1 : Host discovery

Doc : https://nmap.org/book/host-discovery.html
Scan a range of IPs to list the IP identifying a running device. This let us gather a list of address that can be used to call running devices connected to the network. As IP might change over time, they shouldn't be used to identify a device.

Feature 2 : MAC detection

Doc: https://nmap.org/book/firewall-subversion.html#defeating-firewalls-mac-spoofing

MAC address are unique identifier for device ethernet interfaces. They could be used in our case as :

  • a primary key to identify a device. /!\ (1) MAC address could be manually modified even if it is highly unlikely (2) Several MAC addresses can identify one device with several Ethernet interfaces
  • a way to determine network physical interface vendors

Feature 3 : Remote OS Detection

Doc : https://nmap.org/book/osdetect.html

This feature allows us to detect which OS the device is running on.
This could be very useful to characterize the device.

Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.39
OS details: Linux 2.6.39

Feature 4 : Device type

Doc : https://nmap.org/book/osdetect-device-types.html

Nmap can tag a device in the network with a type according to it's matching algorithm. The list of device types can be found in the doc.
This could be useful to characterize the device.

Device type: firewall

Feature 5 : Application and services

Doc : https://nmap.org/book/vscan.html

This feature allows us to inventories some services reachable over the network. It can be used to :

  • List the existing service in the network
  • Characterize the device being scanned
PORT     STATE    SERVICE       VERSION
22/tcp   open     ssh           OpenSSH 8.4p1 Debian 5 (protocol 2.0)
25/tcp   filtered smtp
80/tcp   open     http          OpenResty web app server

Limits

  • Most of nmap features might not always return a value. We should have a process handeling those cases.
@da-ekchajzer da-ekchajzer changed the title nmap inventory sensor nmap inventory scanner Apr 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
network-scanner
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@da-ekchajzer