Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rackerlabs/pyndiff

Generate human-readable ndiff output when comparing 2 Nmap XML scan files
https://github.com/rackerlabs/pyndiff

compare ndiff nmap python scans xml

Last synced: 22 days ago
JSON representation

Generate human-readable ndiff output when comparing 2 Nmap XML scan files

Awesome Lists containing this project

README

        


This project has been forked and will be maintained here:




https://github.com/opsdisk/pyndiff

# Overview

`pyndiff` (pronounced pin-diff) easily generates human-readable [ndiff](https://nmap.org/book/ndiff-man.html)
output when comparing 2 Nmap XML scan files. It is great for determining what ports have open/closed or had their
services change between Nmap scans and presenting it in a visually appealing and consumable way for humans.
Unfortunately, both the diff and XML output from `ndiff` are unreadable and unusable for a large number of targets with
many changes. `pyndiff` has been used to compare two different 40 MB Nmap XML files in 13 seconds!

This library is used in [Scantron](https://github.com/rackerlabs/scantron/), the distributed nmap / masscan scanning
framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for
automation workflows.

`pyndiff` is developed and maintained by [@opsdisk](https://twitter.com/opsdisk) as part of Rackspace's Threat and
Vulnerability Analysis team.

## What is ndiff?

```none
Ndiff is a tool to aid in the comparison of Nmap scans. It takes two Nmap XML output files and prints the differences
between them. The differences observed are:

* Host states (e.g. up to down)
* Port states (e.g. open to closed)
* Service versions (from -sV)
* OS matches (from -O)
* Script output

Ndiff, like the standard diff utility, compares two scans at a time.
```

## Installation

Using pip:

```bash
pip install pyndiff
```

From GitHub:

```bash
git clone https://github.com/rackerlabs/pyndiff.git
cd pyndiff
virtualenv -p python3.6 .venv # If using a virtual environment.
source .venv/bin/activate # If using a virtual environment.
python setup.py install
```

## Notes

See Nmap's [PR-1807]() for a Python3 compatible `ndiff`.
Until [PR-1807]() is merged into master, the individual ndiff.py found below is
used:

with one slight modification. Line 1208 is commented out to ignore script output when comparing scans. See
for more information.

```python
"state": self._start_state,
"service": self._start_service,
# "script": self._start_script,
"osmatch": self._start_osmatch,
"finished": self._start_finished,
}
```

## Helpful Options

`--uof` - Optionally ignore UDP "open|filtered" port state changes because they aren't definitive.

`-d` - Stop processing after every diff to validate results only when the `-v` switch is used.

`-v` - Print verbose data for troubleshooting. Helpful when used in with `-d`

## Run as script

### Human readable

Generate a human-readable overview of the changes.

```bash
pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml
```

![pyndiff_script.png](images/pyndiff_script.png)

### Classic text output

Classic `ndiff --text` output, not human-readable for large scans.

```bash
pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml -t txt
```

![pyndiff_script_classic.png](images/pyndiff_script_classic.png)

## pyndiff as a module

```python
import pyndiff

# XML
diff = pyndiff.generate_diff("test-scans/random-1.xml", "test-scans/random-2.xml", ignore_udp_open_filtered=False)

print(diff)

# TXT
diff = pyndiff.generate_diff(
"test-scans/random-1.xml",
"test-scans/random-2.xml",
ignore_udp_open_filtered=False,
output_type="txt"
)

print(diff)
```

![pyndiff_module.png](images/pyndiff_module.png)

## test-scans directory

The `test-scans` directory contains the same test scans found in Nmap's repo found here:

## Support

This code is supplied as-is and you should not expect to receive support for it. Use it at your own risk.

## License

License is Apache License Version 2.0.