scandiff − find differences between two nmap scan logs

scandiff [options] from-scan to-scan

scandiff will compare two nmap scan logs and display the differences from one scan (baseline) to the other (observed). Output is sent to stdout. Nmap grepable and XML output formats are supported.

The valid options accepted by scandiff are listed below. As an alternative, all arguments that accept flags will also accept the keywords all or none.

-format format

Set output format. Valid options are ascii, html, and htmle. Default output format is ascii.

-hosts flags

Indicate which hosts to display in output. Valid flags are any combination of: n (new hosts), m (missing hosts), c (changed hosts), and u (unchanged hosts). By default unchanged hosts are not displayed (i.e., -hosts cmn).

-hostTests flags

Indicate which changes to test for in scan files. Valid flags are any combination of fhopt. See HOST TESTS section for more detail on specific tests. By default all tests are run.

-i

Ignore file extensions when reading input file.

-msgLevel

Indicates the verbosity level of messages displayed.

-ports flags

Indicate which ports to display in output. Valid flags are any combination of: c (changed ports), u (unchanged ports). By default only changed ports are displayed.

-scanTests flags

Indicate which scan level changes to test for in scan files. Valid flags are any combination of csv. See SCAN TESTS section for more detail on specific tests. By default all tests are run.

-threshold seconds

Indicate the threshold at which you wish to be notified of significant changes in the time it took nmap to complete the scan. Default value is 60 seconds.

-v

Output the version number of scandiff.

Please note some of these tests are dependent upon the options you passed to nmap, for example, I can’t check for changes in OS if you didn’t run nmap -O.

f - Fully Qualified Domain Name

h - Host Status

o - Operating System

p - Port Status

t - TCP Sequence Prediction Difficulty Index

c - Command Line

s - Scan Time

v - Nmap Version

An exit status of 0 means no differences were found, 1 means some differences were found, and 2 means trouble.

Please send bug reports to the author.

Adam Kaufman <akaufman@users.sourceforge.net>

nmap(1) diff(1)

Copyright (c) 2001-2005, Adam Kaufman All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the Author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ‘‘AS IS’’ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.