Go Back

Bilbo

An automated nmap-scanner and reporter tool

What's New?      Introduction     Working    Configuration    Tuning    Download    Copyright

What's new?

July 22, 2011

Using your own tools sometimes shows you your own errors too. Which is good.

I forgot to changes forward-slashes in output-filenames. If one of your hosts was a subnet like 192.168.12.0/24, the output-filenames were named like “2011-07-22-192.168.12.0/24.nmap”. Which makes it actually a directory. So for now I changed the slash into a minus-sign so the output filename would be something like: 2011-07-22-192.168.12.0-24.nmap

Februari 20, 2011

This is more than 5 years since the last update of this tool. After a long time, I got some projects which remembered me of my own tools. And it appears that the old bilbo is not really complaint anymore with the current versions of nmap. Therefore i'm in the process of rewriting bilbo. The steps so far:

• Bilbo is not reporting anymore. Output-format from nmap has changed, so for now I removed that code.

• Removed the database-option. It wasn't a database anyhow, so i'm rewriting to use sqlite to do this task.

• Default input-file is now /etc/bilbo.conf . This is done for the packaging. (a debian-package will arrive soon)

• Default output-directory is /var/log/bilbo . Bilbo will write all the nmap-output files from the targets, prepended with date and timestamp. Reviewing and comparing from files can be done with, i.e. zenmap or other tools for the time being.

• Bilbo is still forking and suppressing output. Therefore it's (in my opinion) a wonderfull tool to run from cron and weekly have the lastest scans from your network. And as nmap has really beautifull options in scripting and header-fetching, you're able to keep track of all the changes on network-level by only fetching the reports and don't have to wait for a long, comprehensive scan.

September 24, 2005.
Once again, time proves time is not allways on my side...

Bilbo now takes command-line options, in stead off hacking in the header, which makes it easier to control. See the configuration section to see what's changed.

Besides that, i cleaned-up some code.

November 25, 2004.
A long time has gone between these versions, but a lot of changes are made.

First of all, the scanning is now done in multiple processes, to speed-up the process of scanning. The amount of simultanous nmap-processes can be tuned with the settings in the header of the tool.

Second, i've implemented a flat-file database with the hosts and ports, so we can compare results between the several scans. This can be run in several modes, as explained in the tool.

Third, i changed the layout of the report. With this new setup you can have a quicker overview from the results, as port-information is all put on one line.

Fourth, the "enhanced" mode (getting header information from the open ports) was rewritten to improve communication with other OS-ses. This to prevent hanging on newline / linefeed characters.

December 27, 2003.
Added a switch to the infile, so the nmap-options can be changed "on the flight". By putting a line in the infile, starting with <OPT> and the needed nmap-options (without nmap in it!), you can change nmap-behaviour for a single host.

June 6, 2003.
Modified the reading from the input-file and added search for the nmap-binary. Moved all the config-settings to the top of the file.

The total changelog can be visited here: Changelog

Introduction

Bilbo is an automated, multithreaded nmap-scanner and reporter, capable of header fetching and matching the results against a database from previous scans.
This database can be updated while running, or by hand.

Working

Bilbo is a perl-script, which takes the input from a flat textfile with hostnames, ip-addresses or networks and scans them. Afterwards it generates a report out of it and writes it to disk or optional sends it via email. An example is included.

Configuration

The infile is a plain file, ignoring lines starting with a # sign and empty lines and scans the host in the file. The nmap-options are in the Bilbo-script itself, together with the admin-email, but can be changed on the flight by using the <OPT>-switch in the infile.

# Example inputfile for Bilbo.
# Lines starting with a # are ignored.

# as empty lines too.
# Add ip-addresses:
1.2.3.4

# Or hostnames:
host.my.lan

# Or networks:
192.168.21.0/24

# Even change the behaviour of nmap on the flight:
<OPT> -sT -sU -PT80,443,25
my.new.host

Tuning

Tuning has been re-written since version 0.12 so we take commandline-options. This prevents the "hacking in the header" for the main options from which te previous versions suffererd. Some options still have to be modified in the header, so if you want, take a look there (i.e. mail the report).

Usage (as root): ./bilbo
        -i      <infile> File with hosts or networks to scan
        -r      <reportfile> Filename where the report will be
        -t      <tune> Limit the amount of simultanous scans (default: 5)
        -d      <debug> 0 or 1 for more debug-info (default:0)
        -m      <Match-mode> 0, 1 or 2 for not, compare or compare-and-update the open-port-database (default: 2)
        -h      <help> This text


Download

bilbo-0.15.tar.gz
bilbo-0.14.tar.gz
bilbo-0.12.tar.gz
bilbo-0.11.tar.gz
bilbo-0.9.tar.gz
bilbo-0.8.tar.gz

February 20, 2011, version 0.14
SHA1SUM from this version: 66f32f602f08a0855ffadaf77d0f57aacb2f6c66


Copyright

Bilbo is released under the GPL.