nmap for asset inventory

Stuxnet · 26-06-2012 12:58pm #1

anyway I can build an inventory of what equipment I have on a certain subnet.
Im a student intern, and my boss has asked me to do an asset inventory, i have root access to a vm and ive installed nmap, as he mentioned it

i can ping all the machines and do a few basic commands, but specifically Im looking for

computer model & architecture
os name and version
serial numbers etc

ideally output it to a csv file and pop it into excel

have been googling like crazy, but nada :cool:

puffishoes · 27-06-2012 9:22am

I use nessus for this but you can use nmap

maybe something like this?

http://blog.rootshell.be/2008/10/15/asset-management-using-nmap/

Stuxnet · 27-06-2012 9:31am

puffishoes wrote: »

I use nessus for this but you can use nmap

maybe something like this?

http://blog.rootshell.be/2008/10/15/asset-management-using-nmap/

cheers, ya I came across that, Im using SLES11 and ndiff isnt in the repositories,
know how I can add the repo needed to get it ? Im not at all familiar with suse/sles !!

thanks

puffishoes · 27-06-2012 10:05am

ndiff is part of nmap

puffishoes · 28-06-2012 4:25pm

OSI wrote: »

While that will tell you what IP addresses are on the network, and what ports it's listening on, it's not going to give you any of the other inventory stuff you are looking for.

Yes sorry I should have read all the post I didn't see the full requirement.

ressem · 28-06-2012 10:44pm

nmap -T4 -O -v 192.168.0.0/24
Add -oG for CSV or -oX for XML

zenmap for a Gui view.
That will give OS and ip.

Then use arp -an to get IP to mac addresses. The first half of the Mac address gives the Network card manufacturer so you can tell Dell from HP.

If you want serial numbers etc, you'll need powershell / net and remote admin permissions. Unless your company has a management tool for the antivirus/ backup etc.
Eset / Kaspersky management console will allow you to get a report on all managed machines.

Stuxnet · 29-06-2012 8:25am

ya lads sound, kinda figured there's no service running on the lab machines to get me serial numbers etc ! had managed to do it on production machines, using nodes, different setup in the labs tho

no problem, thanks

puffishoes · 29-06-2012 10:05am

It's been a while I don't use nmap, but the last time it could only make a guess at what the OS was it didn't give exact details.

must have changed.

ressem · 29-06-2012 1:00pm

If you're an intern and you have a test lab available you might be able to start a project with your organisation to roll out either a free inventory and management tool like
http://www.ocsinventory-ng.org/en/about/
or learn about WMI for the windows side of the business.

pseudofax · 01-07-2012 3:04pm

Real Men use Raw sockets to establish connections between each audit node, and then exploit a bug in each system through the use of a local buffer overflow:)

nmap for asset inventory

Comments