Scanning Many Hosts in Parallel With Nmap Using PPSS

February 18, 2010 Category: Uncategorized

Scanning a large number of hosts using Nmap often takes a lot of time. During this time, no output is written to a file or disk. Only when Nmap is finished, is all output written to the output file. Often, I want to start processing results of hosts that have already been scanned. Often, the trick is to split the input file with all the hosts and start multiple Nmap instances by hand using the different input files. This is rather cumbersome. Now what I really want is that I get the results of a scan of a particular host immediately available as soon as it's finished. Here is where PPSS comes in. PPSS can start Nmap scans and proces a list of hosts as contained in an input file. PPSS will only start a predefined max number of simultaneous scans in parallel, as not to overwhelm the scanner, network or target hosts. This is an example on how PPSS can be used to obtain results immediately:

./ppss -f hosts.txt -c 'nmap -n -v -sS -A -p- -oN "$ITEM" "$ITEM"' -p 4

Where hosts.txt contains IP-addresses, networks or domain names like:

192.168.0.1

192.168.0.2

192.168.0.3

192.168.1.1-254

www.google.nl

The 'ITEM' part is the fun bit. In this example, multiple instances of Nmap will scan a single hosts. The output is written to a file called "$ITEM", which is of course substituted for the IP-address or domain name as read from hosts.txt. The second "$ITEM" is the argument to Nmap which tells which host to scan. The -p 4 option tells PPSS to run 4 nmap scans simultaneously at all times.

You will end up with a large number of output files, one per host. As soon as a scan is finished on one host, you can start processing the results, instead of waiting for that big scan to finish.

Comments