Nmap Import
Nmap Import
Section titled “Nmap Import”Import Nmap XML scan results to automatically populate your project with discovered assets, including IP addresses, hostnames, open ports, and services.
Overview
Section titled “Overview”Nmap is the industry standard for network discovery and security auditing. NEURO can import Nmap XML output to:
- Populate asset inventory automatically
- Import port and service information
- Include OS detection results
- Speed up project setup
Supported Nmap Output
Section titled “Supported Nmap Output”NEURO supports Nmap XML output format:
- File extension:
.xml - Generated with
-oXflag - Any Nmap version
Running Nmap for Import
Section titled “Running Nmap for Import”Basic Discovery Scan
Section titled “Basic Discovery Scan”nmap -sn 192.168.1.0/24 -oX discovery.xmlFull Port Scan with Services
Section titled “Full Port Scan with Services”nmap -sV -sC -p- 192.168.1.0/24 -oX full_scan.xmlRecommended Scan for NEURO
Section titled “Recommended Scan for NEURO”nmap -sV -sC -O -p- --open 192.168.1.0/24 -oX neuro_import.xmlOptions explained:
-sV: Service version detection-sC: Default script scan-O: OS detection-p-: All ports--open: Only show open ports-oX: XML output
Web-Focused Scan
Section titled “Web-Focused Scan”nmap -sV -p 80,443,8080,8443,8000,3000 --script http-title 192.168.1.0/24 -oX web_scan.xmlImporting Nmap Results
Section titled “Importing Nmap Results”Step-by-Step Import
Section titled “Step-by-Step Import”- Open your project in NEURO
- Navigate to the Assets tab
- Click Import → Nmap XML
- Upload your XML file
- Preview discovered assets:
- Host count
- Port summary
- Service summary
- Select assets to import (all by default)
- Click Import Selected
Import Preview
Section titled “Import Preview”Before confirming, you’ll see:
| Column | Description |
|---|---|
| IP Address | Discovered IP |
| Hostname | Resolved hostname |
| Ports | Open port count |
| OS | Detected operating system |
| Status | Host status |
Selection Options
Section titled “Selection Options”- Select All: Import all discovered hosts
- Deselect All: Clear selection
- Filter: Show only hosts matching criteria
- Individual: Check/uncheck specific hosts
Imported Data
Section titled “Imported Data”Asset Fields Populated
Section titled “Asset Fields Populated”| Field | Source |
|---|---|
| Name | Hostname or IP |
| IP Address | Nmap address |
| Hostname | DNS resolution |
| Type | Inferred from services |
| OS | Nmap OS detection |
| Ports | Open ports list |
| Notes | Service details |
Port Information
Section titled “Port Information”For each open port:
- Port number
- Protocol (TCP/UDP)
- Service name
- Service version
- State (open/filtered)
Service Details
Section titled “Service Details”Example service data:
Port 443/tcpService: httpsVersion: Apache httpd 2.4.41Product: ApacheOS: UbuntuAdvanced Import Options
Section titled “Advanced Import Options”Merge with Existing Assets
Section titled “Merge with Existing Assets”When importing into a project with existing assets:
- Match by IP: Assets with same IP are merged
- Update ports: New ports added to existing asset
- Preserve data: Existing custom data retained
- Add new: New hosts created as new assets
Duplicate Handling
Section titled “Duplicate Handling”| Scenario | Behavior |
|---|---|
| Same IP, new ports | Merge ports |
| Same IP, same ports | Skip/update |
| New IP | Create new asset |
| Hostname match | Option to merge |
Import Tags
Section titled “Import Tags”Auto-tag imported assets:
- In import dialog, click Tags
- Add tags (e.g., “Nmap Import 2024-01-15”)
- All imported assets receive tags
Scan Strategy Tips
Section titled “Scan Strategy Tips”Coverage
Section titled “Coverage”For comprehensive assessment:
# Phase 1: Quick discoverynmap -sn -T4 192.168.1.0/24 -oX phase1_discovery.xml
# Phase 2: Top ports on live hostsnmap -sV -T4 -iL live_hosts.txt -oX phase2_ports.xml
# Phase 3: Full scan on interesting hostsnmap -sV -sC -O -p- target_hosts.txt -oX phase3_full.xmlPerformance vs. Detail
Section titled “Performance vs. Detail”| Scan Type | Time | Detail | Use Case |
|---|---|---|---|
-sn | Fast | Low | Initial discovery |
-F | Medium | Medium | Quick assessment |
-p- | Slow | High | Full assessment |
Large Networks
Section titled “Large Networks”For networks with many hosts:
- Scan in segments
- Import multiple files
- Use
-T4for faster scanning - Consider splitting by subnet
Troubleshooting
Section titled “Troubleshooting”Import Errors
Section titled “Import Errors”“Invalid XML format”
- Ensure file is Nmap XML output
- Check file isn’t corrupted
- Verify
-oXwas used, not-oNor-oG
“No hosts found”
- Check scan actually found hosts
- Verify target was reachable
- Try broader scan parameters
“File too large”
- Split scan into smaller ranges
- Import in multiple batches
- Remove verbose script output
Missing Data
Section titled “Missing Data”No hostnames
- Nmap couldn’t resolve DNS
- Add
-nto skip resolution - Or ensure DNS is accessible
No OS detection
- Requires root/admin privileges
- Use
-Oflag - May need more ports open
Service version missing
- Use
-sVflag - Service may not respond to probes
- Check Nmap output directly
Best Practices
Section titled “Best Practices”Before Scanning
Section titled “Before Scanning”- Get authorization - Written permission for targets
- Define scope - Know what’s in-scope
- Plan timing - Schedule appropriately
- Document settings - Record scan parameters
During Import
Section titled “During Import”- Review preview - Verify expected hosts
- Use tags - Organize imported data
- Check duplicates - Handle existing assets
- Save originals - Keep scan files
After Import
Section titled “After Import”- Verify count - Confirm all hosts imported
- Spot check - Review sample assets
- Add context - Enhance with notes
- Update status - Mark as tested
Next: Learn about Nessus Import