As I have talked about before “You can’t defend what you dont know exists” so today while sitting around and trying to recover from walking pneumonia I wrote slackmap to continually nmap a network and post the differences to slack:
Configuration is amazingly easy. I run a copy of this on a $5 a month Digitalocean Droplet for an external view and a Raspberry Pi for internal scanning.
- Create a SlackBot and copy API Key.
- Update and install needed software on server:
sudo apt-get update && sudo apt-get dist-upgrade
sudo apt-get install ssmtp nmap xsltproc
- Create necessary folders:
sudo mkdir /nmap/
sudo mkdir /nmap/diffs
- Copy this to /nmap/slackmap.sh and add SlackBot API key to Line 8:
https://gist.github.com/jgamblin/7d64a284e5291a444e12c16daebc81e0
- Copy this line to your crontab to run this scan every 15 minutes (make longer for bigger networks):
*/15 * * * * /nmap/slackmap.sh
- Enjoy a new level of network visibility. : )