Skip to content

nmap inventory scanner #1

New issue
New issue
Open
Open
nmap inventory scanner#1
Labels
network-scanner
@da-ekchajzer

Description

@da-ekchajzer
da-ekchajzer
opened on Apr 14, 2022

Problem

As a network administrator, I want to use cabestan to inventories the devices on my network from a network scan

Solution

Using nmap we can scan an IP range, identify some information about devices behind the IP address.

Feature 1 : Host discovery

Doc : https://nmap.org/book/host-discovery.html
Scan a range of IPs to list the IP identifying a running device. This let us gather a list of address that can be used to call running devices connected to the network. As IP might change over time, they shouldn't be used to identify a device.

Feature 2 : MAC detection

Doc: https://nmap.org/book/firewall-subversion.html#defeating-firewalls-mac-spoofing

MAC address are unique identifier for device ethernet interfaces. They could be used in our case as :

  • a primary key to identify a device. /!\ (1) MAC address could be manually modified even if it is highly unlikely (2) Several MAC addresses can identify one device with several Ethernet interfaces
  • a way to determine network physical interface vendors

Feature 3 : Remote OS Detection

Doc : https://nmap.org/book/osdetect.html

This feature allows us to detect which OS the device is running on.
This could be very useful to characterize the device.

Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.39
OS details: Linux 2.6.39

Feature 4 : Device type

Doc : https://nmap.org/book/osdetect-device-types.html

Nmap can tag a device in the network with a type according to it's matching algorithm. The list of device types can be found in the doc.
This could be useful to characterize the device.

Device type: firewall

Feature 5 : Application and services

Doc : https://nmap.org/book/vscan.html

This feature allows us to inventories some services reachable over the network. It can be used to :

  • List the existing service in the network
  • Characterize the device being scanned
PORT     STATE    SERVICE       VERSION
22/tcp   open     ssh           OpenSSH 8.4p1 Debian 5 (protocol 2.0)
25/tcp   filtered smtp
80/tcp   open     http          OpenResty web app server

Limits

  • Most of nmap features might not always return a value. We should have a process handeling those cases.

Metadata

Metadata

Assignees

No one assigned

    Labels

    network-scanner

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions