Date: Wed, 23 Dec 1998 21:58:09 -0600 From: HD Moore <hdmoore@USA.NET> Subject: Nlog v1.0 Released - Nmap 2.x log management / analyzing tool To: BUGTRAQ@NETSPACE.ORG n l o g - nmap 2.x log management and analyzer toolkit ---------------------------------------------------------------------------- -- Download and Live Demo at: http://owned.commotion.org/~spinux From the README: ---------------------------- NLog is a set of PERL scripts for managing and analyzing your nmap 2.0+ log files. It allows you to keep all of your scan logs in a single searchable database. The CGI interface for viewing your scan logs is completly customizable and easy to modify and improve. The core CGI script allows you to add your own extension scripts for different services, so all hosts with a certain service running will have a hyperlink to the extension script. An Overview: ------------------ Basically this is a multi-purpose web-based nmap log browser. The extension scripts allow you to get detailed information about specific services like netbios, the RPC services, the finger service, and BIND version of a DNS server. It is extremely easy to create your own extensions for things like a snmpwalk wrapper, a popper vulnerablility check, etc. Nlog provides a standard database format to build your own scripts for any purpose. Whether to provide a graphical representation of a network or as a web based service gateway to an internal network. Included are the example CGI scripts, the nmap log to database conversion tool, a sample template for building your own PERL scripts, and couple extra scripts for dumping IP's from a domain and the like. A possible use of nlog is for a network administrator who scans his local network regularly, to make sure none of the machines are listening on wierd ports and that they all are running the services they should be. A cron script could scan his internal network, convert the log files to the database format and store them on a web server by time or date. The adminstrator could then load the nlog search form page preferably protected by the normal http authentication methods and run comparisons between databases collected on different dates or at different times from anywhere. If the web server is on a gateway machine, he could run RPC or finger requests on the internal hosts through the CGI interface thus removing his need to be on the possibly firewalled or masqued network to check a hosts status. This code is being released under no type of copyright. I only ask that if you are to use this in a commercial product, give me credit for the work I've done. --HD