https://github.com/rackerlabs/pyndiff

Generate human-readable ndiff output when comparing 2 Nmap XML scan files
https://github.com/rackerlabs/pyndiff

compare ndiff nmap python scans xml

Last synced: 3 months ago
JSON representation

Generate human-readable ndiff output when comparing 2 Nmap XML scan files

• Host: GitHub
• URL: https://github.com/rackerlabs/pyndiff
• Owner: rackerlabs
• License: apache-2.0
• Created: 2021-02-05T17:23:17.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2021-08-10T15:06:11.000Z (about 3 years ago)
• Last Synced: 2024-07-07T14:08:01.799Z (4 months ago)
• Topics: compare, ndiff, nmap, python, scans, xml
• Language: Python
• Homepage:
• Size: 441 KB
• Stars: 27
• Watchers: 7
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - rackerlabs/pyndiff - Generate human-readable ndiff output when comparing 2 Nmap XML scan files (Python)

README

        


    This project has been forked and will be maintained here:

    


    


    https://github.com/opsdisk/pyndiff



# Overview

`pyndiff` (pronounced pin-diff) easily generates human-readable [ndiff](https://nmap.org/book/ndiff-man.html)

output when comparing 2 Nmap XML scan files.  It is great for determining what ports have open/closed or had their

services change between Nmap scans and presenting it in a visually appealing and consumable way for humans.

Unfortunately, both the diff and XML output from `ndiff` are unreadable and unusable for a large number of targets with

many changes.  `pyndiff` has been used to compare two different 40 MB Nmap XML files in 13 seconds!

This library is used in [Scantron](https://github.com/rackerlabs/scantron/), the distributed nmap / masscan scanning

framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for

automation workflows.

`pyndiff` is developed and maintained by [@opsdisk](https://twitter.com/opsdisk) as part of Rackspace's Threat and

Vulnerability Analysis team.

## What is ndiff?

```none

Ndiff is a tool to aid in the comparison of Nmap scans. It takes two Nmap XML output files and prints the differences

between them. The differences observed are:

* Host states (e.g. up to down)

* Port states (e.g. open to closed)

* Service versions (from -sV)

* OS matches (from -O)

* Script output

Ndiff, like the standard diff utility, compares two scans at a time.

```

## Installation

Using pip:

```bash

pip install pyndiff

```

From GitHub:

```bash

git clone https://github.com/rackerlabs/pyndiff.git

cd pyndiff

virtualenv -p python3.6 .venv  # If using a virtual environment.

source .venv/bin/activate  # If using a virtual environment.

python setup.py install

```

## Notes

See Nmap's [PR-1807]() for a Python3 compatible `ndiff`.

Until [PR-1807]() is merged into master, the individual ndiff.py found below is

used:

with one slight modification.  Line 1208 is commented out to ignore script output when comparing scans.  See

 for more information.

```python

    "state": self._start_state,

    "service": self._start_service,

    # "script": self._start_script,

    "osmatch": self._start_osmatch,

    "finished": self._start_finished,

}

```

## Helpful Options

`--uof` - Optionally ignore UDP "open|filtered" port state changes because they aren't definitive.

`-d` - Stop processing after every diff to validate results only when the `-v` switch is used.

`-v` - Print verbose data for troubleshooting. Helpful when used in with `-d`

## Run as script

### Human readable

Generate a human-readable overview of the changes.

```bash

pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml

```

![pyndiff_script.png](images/pyndiff_script.png)

### Classic text output

Classic `ndiff --text` output, not human-readable for large scans.

```bash

pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml -t txt

```

![pyndiff_script_classic.png](images/pyndiff_script_classic.png)

## pyndiff as a module

```python

import pyndiff

# XML

diff = pyndiff.generate_diff("test-scans/random-1.xml", "test-scans/random-2.xml", ignore_udp_open_filtered=False)

print(diff)

# TXT

diff = pyndiff.generate_diff(

    "test-scans/random-1.xml",

    "test-scans/random-2.xml",

    ignore_udp_open_filtered=False,

    output_type="txt"

)

print(diff)

```

![pyndiff_module.png](images/pyndiff_module.png)

## test-scans directory

The `test-scans` directory contains the same test scans found in Nmap's repo found here:

## Support

This code is supplied as-is and you should not expect to receive support for it.  Use it at your own risk.

## License

License is Apache License Version 2.0.