I currently run scans against 16 different /24s on a daily basis using the following script:
#!/bin/sh
TODAY=`date +"%d-%m-%y"`
OPTIONS="--open --reason -oX /var/log/nmap/XXX/scan-$TODAY.xml -F x.x.x.0/24"
nmap $OPTIONS
rm /var/log/nmap/XXX/yesterday.xml
mv /var/log/nmap/XXX/today.xml /var/log/nmap/XXX/yesterday.xml
ln -s /var/log/nmap/XXX/scan-$TODAY.xml /var/log/nmap/XXX/today.xml
If I run the nmap command outside of the script and let it output to the console, it doesn't show any hosts that are down, but when I use the -oX flag to output to an xml file so that I can ndiff it later, the hosts that are down are listed.
How do I get nmap to ignore these hosts, not log them, etc? Thanks!
Edit: Just to make sure we're all on the same page, the company I work for owns all of the /24s that I am scanning. =)
Looks like the down host listing is by design, or at least, I haven't been able to turn this feature off either.
Would it be acceptable to filter nmap's output to remove unwanted entries?
OPTIONS="--open --reason -oX - -F x.x.x.0/24"
nmap $OPTIONS \
| sed -e '/<host><status state="down" reason="no-response"\/>/,/<\/host>/d' \
> /var/log/nmap/XXX/scan-$TODAY.xml
The matching seems to be ungreedy, as it should, but be wary and check it out.