Nmap is a great open-source tool to perform a network inventory, it lacks only a user-friendly scan report.
This repo contains a simple script to convert the xml report produced by nmap into the more readable format xlsx (Excel).
I developed also a custom NSE script called default-creds.nse to test specific default credentials based on operating system type for the following protocols: ssh, smb, telnet and ftp. The goal is to perform a non-invasive test (just one or two attempts in order to not trigger alarms).
- Run nmap:
$ sudo nmap -sV --script=http-title --script=banner --system-dns -vv --script=smb-os-discovery --script=rdp-ntlm-info --script=./default-creds.nse --script-args default-creds.csv=./default_creds.csv -O --osscan-limit --max-os-tries 2 --scan-delay 100ms --max-scan-delay 300ms 10.20.30.0/24 20.30.40.0/24 -oX /tmp/scan.xml- Run this tool:
$ python3 nmapreport.py /tmp/scan.xml out.xlsxyou'll get a excel file with a summary, worksheet for each subnet, any info about hosts and services, discovered credentials, domains, etc.