Fingerprint [updated] #1
Description
Ended up using the "Script{}" tag some notes !!!!
convert to splunk for HEC !!!
python3 xnp.py -d ./ -M -R --open -C all
sed -re 's/\{\"Hostname\"/\{ \"event\" : \{\"Hostname\"/g' -re 's/$/}/g' merged_nmap_scan_data.json -ibak
curl -k https://XXXXXXXXXXXXXXX.splunkcloud.com/services/collector/event -H 'Authorization: Splunk 6aXXXXXXXXXXXXccd1fb' -d @merged_nmap_scan_data.json
Splunk
index=http_hec earliest=-120d@d "Scripts{}"="*http-title*"
```|rex field=MsgId "(.*\.(?<MsgId>(.*\..*)))"```
|rex field="Scripts{}" "(.*http-title, output=(?<string1>(.*)))"
|stats count by string1
|sort -count
[update] just saw the -C all but adding a fingerprint should be easy! I plan to update this to support Splunk HEC so you can push it to splunk !
I saw this project and it would be nice to include ALL the output so I can search for it in Splunk.. as of now I create a fingerprint for each host so I can easily tell how many 'different' devices we have within the org. It would be simple for you to add the hash stuff but prob hard to get all the output from all the NSE plugins? I tried quickly to do it with python XML to JSON but it didn't look right.
This is what my fingerprint data looks like in Splunk today we have over 2K 'different' devices :P
REFERENCE:
Fast smart scan of ALL internal IP space :P
https://github.com/freeload101/SCRIPTS/blob/50d68482704df8dc526b4798ed31640e0da0f03e/Bash/NMAP_FRUIT.sh#L36
Fingerprint :
https://github.com/freeload101/SCRIPTS/blob/50d68482704df8dc526b4798ed31640e0da0f03e/Bash/NMAP_FRUIT.sh#L67C122-L67C129