Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rackerlabs/pyndiff
Generate human-readable ndiff output when comparing 2 Nmap XML scan files
https://github.com/rackerlabs/pyndiff
compare ndiff nmap python scans xml
Last synced: 22 days ago
JSON representation
Generate human-readable ndiff output when comparing 2 Nmap XML scan files
- Host: GitHub
- URL: https://github.com/rackerlabs/pyndiff
- Owner: rackerlabs
- License: apache-2.0
- Created: 2021-02-05T17:23:17.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2021-08-10T15:06:11.000Z (over 3 years ago)
- Last Synced: 2024-07-07T14:08:01.799Z (5 months ago)
- Topics: compare, ndiff, nmap, python, scans, xml
- Language: Python
- Homepage:
- Size: 441 KB
- Stars: 27
- Watchers: 7
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - rackerlabs/pyndiff - Generate human-readable ndiff output when comparing 2 Nmap XML scan files (Python)
README
This project has been forked and will be maintained here:
https://github.com/opsdisk/pyndiff# Overview
`pyndiff` (pronounced pin-diff) easily generates human-readable [ndiff](https://nmap.org/book/ndiff-man.html)
output when comparing 2 Nmap XML scan files. It is great for determining what ports have open/closed or had their
services change between Nmap scans and presenting it in a visually appealing and consumable way for humans.
Unfortunately, both the diff and XML output from `ndiff` are unreadable and unusable for a large number of targets with
many changes. `pyndiff` has been used to compare two different 40 MB Nmap XML files in 13 seconds!This library is used in [Scantron](https://github.com/rackerlabs/scantron/), the distributed nmap / masscan scanning
framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for
automation workflows.`pyndiff` is developed and maintained by [@opsdisk](https://twitter.com/opsdisk) as part of Rackspace's Threat and
Vulnerability Analysis team.## What is ndiff?
```none
Ndiff is a tool to aid in the comparison of Nmap scans. It takes two Nmap XML output files and prints the differences
between them. The differences observed are:* Host states (e.g. up to down)
* Port states (e.g. open to closed)
* Service versions (from -sV)
* OS matches (from -O)
* Script outputNdiff, like the standard diff utility, compares two scans at a time.
```## Installation
Using pip:
```bash
pip install pyndiff
```From GitHub:
```bash
git clone https://github.com/rackerlabs/pyndiff.git
cd pyndiff
virtualenv -p python3.6 .venv # If using a virtual environment.
source .venv/bin/activate # If using a virtual environment.
python setup.py install
```## Notes
See Nmap's [PR-1807]() for a Python3 compatible `ndiff`.
Until [PR-1807]() is merged into master, the individual ndiff.py found below is
used:with one slight modification. Line 1208 is commented out to ignore script output when comparing scans. See
for more information.```python
"state": self._start_state,
"service": self._start_service,
# "script": self._start_script,
"osmatch": self._start_osmatch,
"finished": self._start_finished,
}
```## Helpful Options
`--uof` - Optionally ignore UDP "open|filtered" port state changes because they aren't definitive.
`-d` - Stop processing after every diff to validate results only when the `-v` switch is used.
`-v` - Print verbose data for troubleshooting. Helpful when used in with `-d`
## Run as script
### Human readable
Generate a human-readable overview of the changes.
```bash
pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml
```![pyndiff_script.png](images/pyndiff_script.png)
### Classic text output
Classic `ndiff --text` output, not human-readable for large scans.
```bash
pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml -t txt
```![pyndiff_script_classic.png](images/pyndiff_script_classic.png)
## pyndiff as a module
```python
import pyndiff# XML
diff = pyndiff.generate_diff("test-scans/random-1.xml", "test-scans/random-2.xml", ignore_udp_open_filtered=False)print(diff)
# TXT
diff = pyndiff.generate_diff(
"test-scans/random-1.xml",
"test-scans/random-2.xml",
ignore_udp_open_filtered=False,
output_type="txt"
)print(diff)
```![pyndiff_module.png](images/pyndiff_module.png)
## test-scans directory
The `test-scans` directory contains the same test scans found in Nmap's repo found here:
## Support
This code is supplied as-is and you should not expect to receive support for it. Use it at your own risk.
## License
License is Apache License Version 2.0.