Skip to main content

Generate human-readable ndiff output when comparing 2 Nmap XML scan files.

Project description

Overview

pyndiff (pronounced pin-diff) easily generates human-readable ndiff output when comparing 2 Nmap XML scan files. It is great for determining what ports have open/closed or had their services change between Nmap scans and presenting it in a visually appealing and consumable way for humans. Unfortunately, both the diff and XML output from ndiff are unreadable and unusable for a large number of targets with many changes. pyndiff has been used to compare two different 40 MB Nmap XML files in 13 seconds!

This library is used in Scantron, the distributed Nmap / masscan scanning framework, to email out Nmap scan diffs (coming soon!).

pyndiff is developed and maintained by @opsdisk as part of Rackspace's Threat and Vulnerability Analysis team.

What is ndiff?

https://nmap.org/book/ndiff-man.html

Ndiff is a tool to aid in the comparison of Nmap scans. It takes two Nmap XML output files and prints the differences
between them. The differences observed are:

* Host states (e.g. up to down)
* Port states (e.g. open to closed)
* Service versions (from -sV)
* OS matches (from -O)
* Script output

Ndiff, like the standard diff utility, compares two scans at a time.

Installation

Using pip:

pip install pyndiff

From GitHub:

git clone https://github.com/rackerlabs/pyndiff.git
cd pyndiff
virtualenv -p python3.6 .venv  # If using a virtual environment.
source .venv/bin/activate  # If using a virtual environment.
python setup.py install

Notes

See Nmap's PR-1807 for a Python3 compatible ndiff. Until PR-1807 is merged into master, the individual ndiff.py found below is used:

https://github.com/nmap/nmap/pull/1807/files#diff-876b1aeeb590be439b50702351985b633655e89e78f6b520f321ce84076c6b32

with one slight modification. Line 1208 is commented out to ignore script output when comparing scans. See https://github.com/rackerlabs/pyndiff/issues/3 for more information.

    "state": self._start_state,
    "service": self._start_service,
    # "script": self._start_script,
    "osmatch": self._start_osmatch,
    "finished": self._start_finished,
}

Helpful Options

--uof - Optionally ignore UDP "open|filtered" port state changes because they aren't definitive.

-d - Stop processing after every diff to validate results only when the -v switch is used.

-v - Print verbose data for troubleshooting. Helpful when used in with -d

Run as script

Human readable

Generate a human-readable overview of the changes.

pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml

pyndiff_script.png

Classic text output

Classic ndiff --text output, not human-readable for large scans.

pyndiff -f1 test-scans/random-1.xml -f2 test-scans/random-2.xml -t txt

pyndiff_script_classic.png

pyndiff as a module

import pyndiff

# XML
diff = pyndiff.generate_diff("test-scans/random-1.xml", "test-scans/random-2.xml", ignore_udp_open_filtered=False)

print(diff)

# TXT
diff = pyndiff.generate_diff(
    "test-scans/random-1.xml",
    "test-scans/random-2.xml",
    ignore_udp_open_filtered=False,
    output_type="txt"
)

print(diff)

pyndiff_module.png

test-scans directory

The test-scans directory contains the same test scans found in Nmap's repo found here:

https://github.com/nmap/nmap/tree/master/ndiff/test-scans

Support

This code is supplied as-is and you should not expect to receive support for it. Use it at your own risk.

License

License is Apache License Version 2.0.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyndiff-1.0.2.tar.gz (22.5 kB view details)

Uploaded Source

Built Distribution

pyndiff-1.0.2-py3-none-any.whl (23.6 kB view details)

Uploaded Python 3

File details

Details for the file pyndiff-1.0.2.tar.gz.

File metadata

  • Download URL: pyndiff-1.0.2.tar.gz
  • Upload date:
  • Size: 22.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/3.10.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.6.9

File hashes

Hashes for pyndiff-1.0.2.tar.gz
Algorithm Hash digest
SHA256 8a519b18a7bbb315c043d4543719ce9fb6db8098bfcdd04cb8054b276cc91368
MD5 32a9f994509cb883bbfeb563171f2668
BLAKE2b-256 833bfb13918710c4fba40367140f22e3449998f4f66869a7564d0e547ad99ef8

See more details on using hashes here.

File details

Details for the file pyndiff-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: pyndiff-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 23.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/3.10.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.6.9

File hashes

Hashes for pyndiff-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 92b0a635d0c1aa327ce69f5ad8c84eb570a1ef0a040fb3a9717bac84d134b474
MD5 331754f4c93ae5c10c4de3d93c98e967
BLAKE2b-256 9076ab2ef535cac2f1fb74a9b8dd0c174d0e13134427d6e5c4d66471d1d06b20

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page