"Thanks to Jordan Wright for creating the logo and letting us use it!"
Welcome to the dnmap wiki!
dnmap is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it.
The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed in the server. Nmap output is stored on both server and client.
Usually you would want this if you have to scan a large group of hosts and you have several different internet connections (or friends that want to help you)
|--------------------|
| nmap commands file |
|--------------------|
|
|
\|/
|--------------|
| dnmap_server |
|--------------|
|
| |--------------|
|- | dnmap_client |-> Packets to the net...
| |--------------|
|
| |--------------|
|- | dnmap_client |-> Packets to the net...
| |--------------|
|
| |--------------|
|- | dnmap_client |-> Packets to the net...
| |--------------|
.
.
.
1- Put some nmap commands on a file like commands.txt
2- Start the dnmap_server
./dnmap_server -f commands.txt
3- Start any number of clients
./dnmap_client -s <server-ip> -a <alias></alias></server-ip>
The server will start to give nmap commands to the clients and results will be stored on both sides.
=| MET:5:43:32.837276 | Amount of Online clients: 2 |=
Clients connected
-----------------
Alias #Commands Last Time Seen (time ago) UpTime Version Euid RunCmdXMin AvrCmdXMin Status
test1 765 Mar 11 21:35:02 ( 0'12") 4h 6m 0.3 0 5.2 4.6 Executing
test2 698 Mar 11 21:34:59 ( 0'14") 5h43m 0.3 0 2.0 3.2 Executing
Here MET means Mission Elapsed Time (http://en.wikipedia.org/wiki/Mission_Elapsed_Time).
This framework is NOT intended to be secure or to be used by people you do not trust. As the client will execute any nmap command you send, the client is trusting you. This was created so your friends can help you in the scan, or to use all your computers at the same time.
The client does not need to be run as root, but be aware that most nmap scan types need the client to be run as root. If some of your clients are not root, you can still send them TCP connect type of scans for example. But this should be done by you in the nmap commands file.
Nmap is a great tool and it can manage large scans quite well. It is not wise to send only one port and one host to each of your clients. You would want to send at least one host with a lot of ports to each client. Or one different network to each client. If you divide the commands too much the distributed scan will be slower that one unique computer.
Example commands in the file that are OK:
nmap -sS -p22 192.168.1.0/24 -v -n -oA 192.168.1.0
nmap -sS -p22 192.168.2.0/24 -v -n -oA 192.168.3.0
nmap -sS -p22 192.168.3.0/24 -v -n -oA 192.168.4.0
nmap -sP -p22 192.168.3.0/24 -v -n -oA 192.168.4.0
nmap -sS --top-ports 100 192.168.3.3 -v -n -oA 192.168.3.3.top100
nmap -sS --top-ports 100 192.168.3.4 -v -n -oA 192.168.3.4.top100
nmap -sS --top-ports 100 192.168.3.5 -v -n -oA 192.168.3.5.top100
Example commands in the file you should avoid:
nmap -sS -p22 192.168.1.1 -v -n -oA 192.168.1.1
nmap -sS -p22 192.168.1.2 -v -n -oA 192.168.1.2
nmap -sS -p22 192.168.1.3 -v -n -oA 192.168.1.3
We needed to scan a very large group of networks searching for a group of ports. In these scenario it was advisable to distribute the scanning as much as possible.
So we have to create this distributed nmap.
The wiki uses Markdown syntax.