WEBVTT

0
00:00.740 --> 00:06.930
It is  common to run the same scan twice at different times, or to run two slightly different scans at 

1
00:06.930 --> 00:08.010
the same time

2
00:08.120 --> 00:09.730
and see how they differ. 

3
00:09.760 --> 00:18.410
Let's see how  it works!
I’ll start a scan using the fast profile, Quick scan plus, on this host 

4
00:25.950 --> 00:29.340
The scan is running and I'm waiting for the scan to finish!

5
00:32.660 --> 00:35.090
The scan is over and I'll save the 


6
00:35.090 --> 00:39.710
scan result to a file simply called a.xml!

7
00:46.820 --> 00:47.690
On the desktop!

8
00:54.080 --> 01:04.810
Now on the target I'm stopping the ssh server and then scanning the target again: systemctl stop

9
01:05.630 --> 01:06.470
ssh

10
01:10.690 --> 01:11.940
I'm scanning it again!

11
01:23.490 --> 01:27.990
The scan is over and I'm gonna save the scan into a new file

12
01:31.070 --> 01:36.890
On my desktop directory the new name of the file will be b.xml.

13
01:41.590 --> 01:42.060
Perfect.

14
01:43.720 --> 01:55.040
To compare the result we have to install a utility called ndiff: apt install ndiff


15
01:55.060 --> 01:58.960
This is a utility to compare the results of Nmap scans. 


16
02:01.970 --> 02:07.660
You can run it manually or automatically by zenmap.

17
02:07.670 --> 02:09.530
Let us see its man page!

18
02:15.580 --> 02:24.850
First let's compare the results of the two scans manually ndiff the path to the fist file and

19
02:24.850 --> 02:25.510
the second file.

20
02:29.580 --> 02:37.460
And this is the difference between the two scans! We notice that that port22 is not open

21
02:37.520 --> 02:38.660
anymore.

22
02:38.870 --> 02:47.570
Lines that differ are preceded by - or + indicating that some piece of information was removed

23
02:47.780 --> 02:53.540
or edited respectively. Let's compare the results in a zenmap!

24
02:55.190 --> 03:07.240
Tools and compare results! I'm selecting the first scan a.xml and the second scan b.xml

25
03:08.800 --> 03:18.410
and we see here the comparing result! Color coding also indicates differences: red for deletion and

26
03:18.430 --> 03:19.650
green or white,

27
03:19.720 --> 03:23.680
it depends on the color a theme you are using, for addition.

28
03:26.400 --> 03:33.000
When you save the scan take care to select the correct scan from this drop box here.