Setting Up Email Alerts for Nmap Scan Results

Learn how to configure Nmap to generate scan reports and send them via email automatically.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  3 minute read  

Introduction

Nmap (Network Mapper) is a powerful tool used for network discovery and security auditing. While it is widely used to scan networks and detect vulnerabilities, setting up automated email alerts for Nmap scan results can significantly enhance network monitoring and security response. This article provides a step-by-step guide on how to configure Nmap to generate scan reports and send them via email automatically.

Why Set Up Email Alerts for Nmap Scan Results?

  • Real-time Monitoring: Automated alerts ensure that network administrators receive scan results immediately.
  • Improved Security: Prompt notifications help in detecting unauthorized devices or network vulnerabilities quickly.
  • Automation & Efficiency: Eliminates the need for manual scanning and monitoring.
  • Compliance & Auditing: Helps in maintaining security logs for compliance with industry regulations.

Prerequisites

Before setting up email alerts, ensure that you have the following:

  1. A Linux-based system (Ubuntu, CentOS, or Debian) – Windows can also work, but Linux is preferred for automation.

  2. Nmap installed – You can install it using:

    sudo apt install nmap -y  # For Debian/Ubuntu
sudo yum install nmap -y  # For CentOS/RHEL

  3. A working email server or SMTP service – This can be Gmail, Postfix, Sendmail, or an SMTP relay service.

  4. Basic scripting knowledge – Bash scripting will be used for automation.

Step 1: Create an Nmap Scan Script

To automate Nmap scanning, create a script that performs a scan and saves the results to a file.

#!/bin/bash

# Define variables
TARGET="192.168.1.0/24"  # Modify this to match your network range
OUTPUT_FILE="/tmp/nmap_scan_results.txt"

# Run Nmap scan
nmap -sV -oN "$OUTPUT_FILE" "$TARGET"

Explanation

  • TARGET specifies the network or IP range to scan.
  • OUTPUT_FILE defines where the scan results are saved.
  • nmap -sV -oN "$OUTPUT_FILE" "$TARGET" performs a service detection scan and saves results in a readable format.

Save this script as nmap_scan.sh and give it execution permission:

chmod +x nmap_scan.sh

Step 2: Configure Email Sending

You can use mailx or sendmail to send emails. First, install mailx if not installed:

sudo apt install mailutils -y  # Debian/Ubuntu
sudo yum install mailx -y      # CentOS/RHEL

Using Gmail SMTP (Optional)

If you prefer using Gmail’s SMTP server, configure it with your credentials:

  1. Install msmtp:

    sudo apt install msmtp -y

  2. Configure SMTP:

    nano ~/.msmtprc

    Add the following:

    account gmail
host smtp.gmail.com
port 587
auth on
user your-email@gmail.com
password your-email-password
tls on
tls_starttls on

account default: gmail

    Save the file and set correct permissions:

    chmod 600 ~/.msmtprc

Step 3: Automate Sending Email Alerts

Modify the nmap_scan.sh script to send an email after scanning:

#!/bin/bash

# Define variables
TARGET="192.168.1.0/24"
OUTPUT_FILE="/tmp/nmap_scan_results.txt"
EMAIL_RECIPIENT="admin@example.com"
EMAIL_SUBJECT="Nmap Scan Results"

# Run Nmap scan
nmap -sV -oN "$OUTPUT_FILE" "$TARGET"

# Send email
cat "$OUTPUT_FILE" | mail -s "$EMAIL_SUBJECT" "$EMAIL_RECIPIENT"

Replace admin@example.com with your email address.

Step 4: Schedule Nmap Scan with Cron Job

To automate scans, schedule the script using cron:

  1. Open the cron job editor:

    crontab -e

  2. Add the following line to run the script daily at midnight:

    0 0 * * * /path/to/nmap_scan.sh

  3. Save and exit.

Step 5: Verify and Test

Run the script manually to ensure it works:

./nmap_scan.sh

Check your email inbox for the scan results.

Enhancements

  • Use Grep for Filtering Results:

    cat "$OUTPUT_FILE" | grep "open"

    This filters only open ports.

  • Integrate with Security Information and Event Management (SIEM) systems for better security monitoring.

  • Use Python for Advanced Automation: If Bash is limited, Python with smtplib can be used for better email formatting.

Conclusion

Setting up email alerts for Nmap scan results improves network security by providing real-time monitoring and automated notifications. By combining Nmap scanning with a cron job and an email service, network administrators can efficiently track vulnerabilities and unauthorized network changes. This method is highly useful for IT security teams, penetration testers, and system administrators aiming for proactive security monitoring.


< Scheduling Nmap ScansScanning Entire Subnets Efficiently with Nmap >