I am often asked “What is the easiest thing companies can do to secure their networks?” and my answer is always always “Know what is on your network.” While that is simple advice it is a lot harder to implement. One company I was working with was looking at a system to do continuous network monitoring (read: scheduled nmap scans) for $40,000 a year.
Here is how I did it:
- Created a free Sendgrid account.
- Spun up $5 a Month Digitalocean Ubuntu Droplet.
- Added a nmaper.company.com DNS record to be perfectly clear waht the box was doing.
- Updated and installed needed software:
sudo apt-get update && sudo apt-get dist-upgrade
sudo apt-get install ssmtp nmap xsltproc
- Created necessary folders:
- Edit /etc/ssmtp/ssmtp.conf with this:
- Copy this to
OPTIONS="-v -sV -T4 -F --open"
nmap $OPTIONS $TARGETS -oA scan-$date > /dev/null
/usr/sbin/ssmtp email@example.com <<EOF
Subject: nmap ndiff
*** NDIFF RESULTS ***
if [ -e scan-prev.xml ]; then
ndiff scan-prev.xml scan-$date.xml > diff-$date
[ "$?" -eq "1" ] && email
ln -sf scan-$date.xml scan-prev.xml
cat diff-$dateto bottom of the script to see output.)
- Add a cron job to crontab to run every 15 minutes (or hour for bigger networks)
- Talk your boss into buying you something awesome with the $39,970 in savings.
It was as simple as that and I put this together in an afternoon. Up next is to build a Slackbot and an to deliver the differences to their slack channel.