Skip to content
/ servicediscovery Public

CIDR-aware Nmap scanner that runs one subprocess per IP and writes XML output per host into a results directory.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

offseq/servicediscovery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
servicediscovery.py
servicediscovery.py
 
 

Repository files navigation

servicediscovery.py (OffSeq)

CIDR-aware Nmap scanner that runs one subprocess per IP and writes XML output per host into a results directory.

Requirements

  • Python 3
  • nmap installed and available in PATH

Quick Start

python3 servicediscovery.py 10.0.0.0/24
python3 servicediscovery.py 192.168.1.10 --test
python3 servicediscovery.py 10.0.0.0/24 --top 200 --threads 8
python3 servicediscovery.py 10.0.0.0/24 --udp

What It Does

  • Accepts one or more IPs/CIDRs as targets, separated by spaces.
  • Launches one nmap subprocess per IP.
  • Runs multiple subprocesses in parallel (default: 4).
  • Writes a separate XML file per host into results/.
  • Supports TCP SYN or TCP connect scans.
  • Optional UDP scanning.

Output

Each scanned IP produces one XML file in the results directory:

  • IPv4: results/192.168.1.10.xml
  • IPv6: colons are replaced with underscores, e.g. results/2001_db8__1.xml

Options

targets (positional)

One or more IP addresses or CIDRs (IPv4 or IPv6), separated by spaces.

Example:

python3 servicediscovery.py 10.0.0.0/24 192.168.1.10 172.16.0.0/16

--threads N

Number of parallel Nmap subprocesses.

  • Default: 4

--timing 0-5

Nmap timing template. Lower is slower/stealthier, higher is faster.

  • Default:
    • T3 for TCP-only scans
    • T4 for UDP-enabled scans (unless you explicitly set --timing)

--results-dir DIR

Directory for per-host XML output.

  • Default: results

--top [N]

Scan top ports instead of all ports.

  • If --top is present with no value, defaults to 1000 top ports.
  • If --top N is provided, scans top N ports.

--test

Single-IP test mode using top ports only.

  • Requires exactly one IP target.
  • Uses --top value if provided, otherwise 1000 top ports.

--nmap-path PATH

Explicit path to the nmap binary if it is not in PATH.

--scan-type {syn,connect}

TCP scan type:

  • syn: -sS (default, requires elevated privileges on most systems)
  • connect: -sT (no special privileges required)

--udp

Enable UDP scanning by adding -sU.

  • When enabled and --timing is not specified, the default timing is T4.

--ping

Enable host discovery.

  • Default behavior is -Pn (treat all hosts as up).
  • Use --ping if you want Nmap to probe for host discovery.

Examples

All ports (default), 4 threads, T3:

python3 servicediscovery.py 10.0.0.0/24

Top ports only:

python3 servicediscovery.py 10.0.0.0/24 --top
python3 servicediscovery.py 10.0.0.0/24 --top 200

Single IP test (top ports only):

python3 servicediscovery.py 192.168.1.10 --test

UDP + TCP with rapid timing defaults:

python3 servicediscovery.py 10.0.0.0/24 --udp

Explicit timing and connect scan:

python3 servicediscovery.py 10.0.0.0/24 --scan-type connect --timing 2

Notes

  • SYN (-sS) and UDP (-sU) scans often require elevated privileges. If you see warnings, run with appropriate privileges or use --scan-type connect for TCP.
  • Scanning large CIDRs with -p- and UDP enabled can be very heavy. Consider --top for faster discovery runs.

About

CIDR-aware Nmap scanner that runs one subprocess per IP and writes XML output per host into a results directory.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages