Automated Nmap Scan & Reporting Tool

📚 Table of Contents

1. 🔎 Overview
2. 👨‍💻 Role
3. ❓ Problem
4. 🎯 Goal
5. ✨ Solution
   • 🏗️ Architecture
   • 🧩 Core Features
   • 🔁 Workflow
6. 🧪 User Testing
7. ⚙️ Challenges and Learnings
8. ✅ Final Thoughts

🔎 Overview

Automated Nmap Scan & Reporting Tool is a Bash-based automation framework that runs scheduled Nmap scans against internal networks and generates reports to support Blue Team investigations.

The idea is to have a small, repeatable tool that:

• 🕒 Uses predefined scan profiles on a regular basis.
• 📂 Organizes results in a consistent folder structure.
• 📑 Produce reports that analysts can review quickly during incidents or periodic checks.

👨‍💻 Role

I was responsible for:

• 🧠 Designing the scan profiles and folder structure.
• 💻 Writing the Bash scripts that orchestrate Nmap and post-processing.
• 🔎 Preparing the output so it is easy to interpret by SOC / Blue Team analysts.

❓ Problem

Manual Nmap scans have several issues:

• ⏳ They are time-consuming and easy to forget.
• 📊 Parameters change from one scan to another, making results hard to compare.
• 🗃️ Outputs often end up in random folders without a clear structure.

For a Blue Team, this makes it difficult to:

• Mantain regular baseline scans.
• Detect changes in exposed services.
• Reuse results during investigations.

🎯 Goal

Create an automation that:

• ⚙️ Runs Nmap scans on a regular schedule or on demand.
• 📋 Uses standardized profiles (quick scan, full scan, vuln scan…).
• 📁 Stores results in an organized way, tagged by date and target.
• 🧾 Generates summaries that speed up triage during investigations.

✨ Solution

🏗️ Architecture

The tool is built around a set of Bash scripts that:

• 📜 Read a targets list or IP ranges.
• 🎚️ Select the appropriate Nmap profile.
• 🚀 Launch Nmap with the right options.
• 💾 Save outputs in multiple formats (.gnmap, .xml, .txt).
• 🧾 Optionally generate a summary report.

Directory structure is organized like:

• logs/ – execution logs.
• results/YYYY-MM-DD/target/ – Nmap outputs per day and per target.

🧩 Core Features

• 🔄 Multiple scan profiles (fast, full, version detection, vulnerability scripts).
• 🧬 Support for custom NSE scripts when deeper analysis is needed.
• 📂 Automatic creation of folders per date and target.
• 🔍 Simple summary that highlights:
  • Hosts up / down.
  • Open services per host.
  • Potentially vulnerable services.

🔁 Workflow

1. 🧾 The analyst updates the targets file (hosts, ranges or subnets).
2. ▶️ Runs the main script (or schedules it with cron).
3. 🛰️ The tool launches all Nmap scans with the selected profiles.
4. 📊 At the end, results are stored and a brief summary is generated for review.

🧪 User Testing

I validated the tool in a lab environment:

• 🌐 Different subnets with mixed Windows / Linux hosts.
• 🔁 “Before and after” scenarios (services enabled/disabled).

This allowed me to verify that:

• 🧭 Changes in exposed ports are visible between scan runs.
• 📁 The folder structure is easy to navigate during an investigation.

⚙️ Challenges and Learnings

• ⚖️ Balancing speed vs. detail: aggressive scans give more info but can be slow; I separated profiles for routine checks vs. deep dives.
• 🧮 Output parsing: Nmap produces a lot of data; deciding what to summarize and what to keep as raw output was key.
• 🕰️ Scheduling: integrating with cron required careful logging so analysts know when each scan ran and if something failed.

✅ Final Thoughts

This project helped me practice:

• 🤖 Automating security tasks with Bash.
• 🛰️ Using Nmap not just as a one-off tool, but as part of a repeatable process.
• 📚 Structuring outputs so a Blue Team can quickly answer questions like
  “what changed on this host?” or “which services are exposed today?”.

It’s a solid base that I can extend with:

• 📄 HTML or Markdown reports.
• 🧷 Integration with SIEM / log platforms.
• 🎛️ Additional profiles focused on specific services or compliance checks.