Hi All,

Hoping for some guidance on setting up a custom sensor that can use the results from 'nmap'.

I'm wanting to get the results from the below nmap command

nmap -sU -p 19302 --script stun-info stun.l.google.com

The expected results should include that 'host is up' with 'state open' and 'service stun'

{{{Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-05 14:23 E. Australia Standard Time Nmap scan report for stun.l.google.com (172.253.59.127) Host is up (0.016s latency).

PORT STATE SERVICE 3478/udp open stun

stun-info:
_ External IP: x.x.x.x

Nmap done: 1 IP address (1 host up) scanned in 0.67 seconds}}}

I know I can output the nmap results to XML - but I have no idea how to transform the data into the PRTG expected schema

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE nmaprun> <?xml-stylesheet href="file:///C:/Program Files (x86)/Nmap/nmap.xsl" type="text/xsl"?> <!-- Nmap 7.92 scan initiated Mon Sep 5 14:28:08 2022 as: &quot;C:\\Program Files (x86)\\Nmap\\nmap.exe&quot; -oX - -sU -p 19302 -&#45;script stun-info stun.l.google.com --> <nmaprun scanner="nmap" args="&quot;C:\\Program Files (x86)\\Nmap\\nmap.exe&quot; -oX - -sU -p 19302 -&#45;script stun-info stun.l.google.com" start="1662352088" startstr="Mon Sep 5 14:28:08 2022" version="7.92" xmloutputversion="1.05"> <scaninfo type="udp" protocol="udp" numservices="1" services="19302"/> <verbose level="0"/> <debugging level="0"/> <hosthint><status state="up" reason="unknown-response" reason_ttl="0"/> <address addr="172.253.59.127" addrtype="ipv4"/> <hostnames> <hostname name="stun.l.google.com" type="user"/> </hostnames> </hosthint> <host starttime="1662352088" endtime="1662352089"><status state="up" reason="echo-reply" reason_ttl="233"/> <address addr="172.253.59.127" addrtype="ipv4"/> <hostnames> <hostname name="stun.l.google.com" type="user"/> </hostnames> <ports><port protocol="udp" portid="19302"><state state="open" reason="udp-response" reason_ttl="233"/><service name="stun" method="probed" conf="10"/><script id="stun-info" output="&#xa; External IP: x.x.x.x"/></port> </ports> <times srtt="16875" rttvar="13000" to="100000"/> </host> <runstats><finished time="1662352089" timestr="Mon Sep 5 14:28:09 2022" summary="Nmap done at Mon Sep 5 14:28:09 2022; 1 IP address (1 host up) scanned in 0.74 seconds" elapsed="0.74" exit="success"/><hosts up="1" down="0" total="1"/> </runstats> </nmaprun>

I tried looking at the examples of the custom sensors but have no idea where to start.

Any pointers in the right direction would be greatly appreciated.

Article Comments

Hello there,

Thanks for the KB post.

First and foremost, you may choose to use whichever script(batch/Powershell/Python) and input format suit your need. Our EXE Advance Sensor works with the mentioned scripting. Please also note that our sensor works with normal text input too, therefore you are not necessarily to have the nmap input in XML format.

The script for the EXE Sensor is usually structured with a few basic components, at least:

  1. Variables (Parameter to pass from the sensor settings if required)
  2. Preparation (How to open or get the information, execute the Nmap application for your case)
  3. Process the data (the doing part)
  4. Write the result to the sensor (here is the expected syntax by the sensor)

For the process data part, the script needs to process and search for the result, such as the status 'up'. Match it to a value such as 1, or 0 for another status and set it to a variable.

With this, you can then pass the variable to the sensor (part #4).

We can further advise if your script is complete but having issues displaying it to the sensor. However, for step #3, this should come from the user and we don't support creating/customizing scripting as it's out of our support scope I ask for your kind understanding on this.

Please have a look at our Sensor Hub for some script examples.

With kind regards,
Chan Siau Hen
Technical Support Service, Paessler AG


Sep, 2022 - Permalink