Automate Nmap Network Scans and Sync Results with LightMesh

Scheduling NMAP Scans

Start a trial today.

Setting Up Nmap Scan and Sync for Subnets

This guide will help you set up a Linux cron job on either Debian/Ubuntu or RedHat-based systems to perform automated Nmap scans on your subnets and sync the results with LightMesh. You can adjust the cron schedule to suit your needs.

Prerequisites

Before setting up your cron job, make sure the following prerequisites are met:

  1. Installing Nmap and Node.js/npm on your system:

    • On Ubuntu/Debian:
      sudo apt install nmap nodejs npm
      
    • On CentOS/RedHat:
      sudo yum install nmap nodejs npm
      
  2. Install the LightMesh CLI using npm:

    • If not already installed, you can install the LightMesh CLI globally with npm:
      npm install -g @lightmesh
      
  3. Ensure proper permissions to use Nmap and cron jobs on your server. Make sure that the script is added to the root account’s crontab or an account with password-less sudo privileges.

  4. Ensure your subnets are already added in LightMesh.

  5. Create a LightMesh API Key:

    • Go to the LightMesh web app and navigate to: Admin > API Keys > Add API Key
    • Set the expiration date to the maximum duration you require.
    • Store the API key securely.

Once these prerequisites are complete, you’re ready to proceed.

Step 1: Create a Bash Script for Nmap Scan and Sync

Create a bash script to perform the Nmap scan and LightMesh sync. Use the following command:

#!/bin/bash

# Define arrays for subnets and corresponding LightMesh IDs
SUBNETS=("10.0.0.0/26" "10.0.0.0/27")
FILES=("10.0.0.0_26-scan.xml" "10.0.0.0_27-scan.xml")
IDS=("38" "39")  # Replace with your actual LightMesh IDs

# Ensure the number of subnets matches the number of files and IDs
if [ ${#SUBNETS[@]} -ne ${#FILES[@]} ] || [ ${#FILES[@]} -ne ${#IDS[@]} ]; then
    echo "Mismatch between the number of subnets, files, and IDs."
    exit 1
fi

# Run Nmap scans
for i in "${!SUBNETS[@]}"; do
    echo "Running Nmap scan for subnet ${SUBNETS[$i]}..."
    sudo nmap -sn -v "${SUBNETS[$i]}" --host-timeout 10m -oX "${FILES[$i]}" > /tmp/nmap_scan_${i}.log 2>&1 &
    
    # Wait for the scan to complete
    wait $!
    if [ $? -ne 0 ]; then
        echo "Nmap scan failed for subnet ${SUBNETS[$i]}. Check /tmp/nmap_scan_${i}.log for details."
        exit 1
    fi
    echo "Completed Nmap scan for subnet ${SUBNETS[$i]}."
done

# Export LightMesh API token
export LIGHTMESH_API_TOKEN="YOUR_API_KEY"

# Sync scan results with LightMesh
for i in "${!FILES[@]}"; do
    echo "Syncing results for file ${FILES[$i]} with LightMesh ID ${IDS[$i]}..."
    lightmesh scan sync --id "${IDS[$i]}" --file "${FILES[$i]}"

    # Check if sync was successful
    if [ $? -ne 0 ]; then
        echo "Failed to sync scan results for file ${FILES[$i]}."
        exit 1
    fi
done

echo "All scans and syncs completed successfully."
Variables:
  • SUBNETS: Array of subnets to scan.
  • FILES: Array of output file names corresponding to each subnet scan.
  • IDS: Array of LightMesh IDs corresponding to each file.

subnet ID

  • YOUR_API_KEY: Replace this placeholder with your actual LightMesh API key.

Save this file as nmap_and_sync.sh and make it executable:

chmod +x /path/to/nmap_and_sync.sh

Step 2: Set Up a Cron Job

Now, create a cron job to run this bash script on a weekly schedule. To schedule it for every Monday at 12:00 AM, follow these steps:

1. Open the crontab:

crontab -e

2. Add the following line:

0 0 * * 1 /path/to/nmap_and_sync.sh

Here’s how the cron expression works:

  • 0: Minute (0 = the beginning of the hour).
  • 0: Hour (0 = midnight).
  • *: Day of the month (any day).
  • *: Month (any month).
  • 1: Day of the week (1 = Monday).

This cron job will execute the nmap_and_sync.sh script every Monday at midnight. The script performs the Nmap scan and then immediately uploads the results to LightMesh.

Security Note

For security reasons, it is recommended to inline the API key directly into the script and set the permissions on the script to only allow the owner to read, write, and execute it. This can be done using the following command:

chmod 700 /path/to/nmap_and_sync.sh

By following this guide, your system will automatically scan and sync your subnets on a weekly basis using cron and the LightMesh CLI.