Continuous Network Monitoring With Slack Alerting

As I have talked about before “You can’t defend what you dont know exists”  so today while sitting around and trying to recover from walking pneumonia  I wrote slackmap to continually nmap a network and post the differences to slack:

Configuration is amazingly easy.   I run a copy of this on a $5 a month Digitalocean Droplet for an external view and a Raspberry Pi for internal scanning.

  • Create a SlackBot and copy API Key.
  • Update and install needed software on server:
    sudo apt-get update && sudo apt-get dist-upgrade
    sudo apt-get install ssmtp nmap xsltproc
  • Create necessary folders:
    sudo mkdir /nmap/
    sudo mkdir /nmap/diffs
  • Copy this to /nmap/slackmap.sh and add SlackBot API key to Line 8:

https://gist.github.com/jgamblin/7d64a284e5291a444e12c16daebc81e0

  • Copy this line to your crontab to run this scan every 15 minutes (make longer for bigger networks):
    */15 * * * * /nmap/slackmap.sh
  • Enjoy a new level of network visibility. : )

Site Footer