What's New? Introduction Working Configuration Tuning Download Copyright
July 22, 2011
Using your own tools sometimes shows you your own errors too. Which is good.
I forgot to changes forward-slashes in output-filenames. If one of your hosts was a subnet like 192.168.12.0/24, the output-filenames were named like “2011-07-22-192.168.12.0/24.nmap”. Which makes it actually a directory. So for now I changed the slash into a minus-sign so the output filename would be something like: 2011-07-22-192.168.12.0-24.nmap
Februari 20, 2011
This is more than 5 years since the last update of this tool. After a long time, I got some projects which remembered me of my own tools. And it appears that the old bilbo is not really complaint anymore with the current versions of nmap. Therefore i'm in the process of rewriting bilbo. The steps so far:
Bilbo is not reporting anymore. Output-format from nmap has changed, so for now I removed that code.
Removed the database-option. It wasn't a database anyhow, so i'm rewriting to use sqlite to do this task.
Default input-file is now /etc/bilbo.conf . This is done for the packaging. (a debian-package will arrive soon)
Default output-directory is /var/log/bilbo . Bilbo will write all the nmap-output files from the targets, prepended with date and timestamp. Reviewing and comparing from files can be done with, i.e. zenmap or other tools for the time being.
Bilbo is still forking and suppressing output. Therefore it's (in my opinion) a wonderfull tool to run from cron and weekly have the lastest scans from your network. And as nmap has really beautifull options in scripting and header-fetching, you're able to keep track of all the changes on network-level by only fetching the reports and don't have to wait for a long, comprehensive scan.
September
24, 2005.
Once again, time proves time is not allways on my
side...
Bilbo now takes command-line options, in stead off
hacking in the header, which makes it easier to control. See the
configuration section to see what's
changed.
Besides that, i cleaned-up some code.
November
25, 2004.
A long time has gone between
these versions, but a lot of changes are made.
First of all,
the scanning is now done in multiple processes, to speed-up the
process of scanning. The amount of simultanous nmap-processes can be
tuned with the settings in the header of the tool.
Second,
i've implemented a flat-file database with the hosts and ports, so we
can compare results between the several scans. This can be run in
several modes, as explained in the tool.
Third, i changed the
layout of the report. With this new setup you can have a quicker
overview from the results, as port-information is all put on one
line.
Fourth, the "enhanced" mode (getting header
information from the open ports) was rewritten to improve
communication with other OS-ses. This to prevent hanging on newline /
linefeed characters.
December
27, 2003.
Added a switch to the infile,
so the nmap-options can be changed "on the flight". By
putting a line in the infile, starting with <OPT> and the
needed nmap-options (without nmap in it!), you can change
nmap-behaviour for a single host.
June
6, 2003.
Modified the reading from the
input-file and added search for the nmap-binary. Moved all the
config-settings to the top of the file.
The total changelog
can be visited here: Changelog
Introduction
Bilbo
is an automated, multithreaded nmap-scanner and reporter, capable of
header fetching and matching the results against a database from
previous scans.
This database can be updated while running, or by
hand.
Working
Bilbo
is a perl-script, which takes the input from a flat textfile with
hostnames, ip-addresses or networks and scans them. Afterwards it
generates a report out of it and writes it to disk or optional sends
it via email. An example is included.
Configuration
The
infile is a plain file, ignoring lines starting with a # sign and
empty lines and scans the host in the file. The nmap-options are in
the Bilbo-script itself, together with the admin-email, but can be
changed on the flight by using the <OPT>-switch in the infile.
#
Example inputfile for Bilbo.
# Lines
starting with a # are ignored.
#
as empty lines too.
# Add
ip-addresses:
1.2.3.4
#
Or hostnames:
host.my.lan
#
Or networks:
192.168.21.0/24
#
Even change the behaviour of nmap on the flight:
<OPT>
-sT -sU -PT80,443,25
my.new.host
Tuning
Tuning
has been re-written since version 0.12 so we take
commandline-options. This prevents the "hacking in the header"
for the main options from which te previous versions suffererd. Some
options still have to be modified in the header, so if you want, take
a look there (i.e. mail the report).
Usage (as root):
./bilbo
-i
<infile> File with hosts or networks to scan
-r <reportfile> Filename where
the report will be
-t <tune> Limit the amount of
simultanous scans (default: 5)
-d <debug> 0 or 1 for more
debug-info (default:0)
-m <Match-mode> 0, 1 or 2 for
not, compare or compare-and-update the open-port-database (default:
2)
-h
<help> This text
Download
bilbo-0.15.tar.gz
bilbo-0.14.tar.gz
bilbo-0.12.tar.gz
bilbo-0.11.tar.gz
bilbo-0.9.tar.gz
bilbo-0.8.tar.gz
February
20, 2011, version 0.14
SHA1SUM from this version:
66f32f602f08a0855ffadaf77d0f57aacb2f6c66
Copyright
Bilbo
is released under the GPL.