Skip to content

fathom.rb

Jump to bottom Edit New page
Tom Sellers edited this page Jun 21, 2016 · 1 revision

Usage

Usage: fathom.rb [options]

Query options:
    -p, --port <number>              Search for specified port number
    -s, --service <string>           Search service, product and information fields for the specified string
    -o, --operating-system <string>  Search for specified OS string
    -m, --mac-address <string>       Search for specified MAC address or vendor string
    -a, --all-hosts                  Return a list of all hosts in the logs

Filter options:
        --ip-filter <ip_address>     Filter results by IP Address
                                     Acceptable formats are as a single IP address   (xxx.xxx.xxx.xxx)
                                     or in IP/CIDR notation                          (xxx.xxx.xxx.xxx/xx)
                                     or in IP/netmask notation                       (xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx)
        --start-date <YYYY-MM-DD>    Limit output to hosts scanned ON or AFTER the specified date, valid delimiters are . / and -
        --end-date <YYYY-MM-DD>      Limit output to hosts scanned ON or BEFORE the specified date, valid delimiters are . / and -
    -e, --exclude-port <number>      Exclude results matching the specified port
    -x, --exclude-service <string>   Exclude service where the service name or product matches the specified string
        --exclude-os <string>        Exclude results matching the specified OS (if the OS is identified by Nmap)

Misc options:
    -l, --log <location>             Specify a particular Nmap XML file or the location of the directory containing Nmap XML logs
    -r, --report <filename>          Output results to specified file, as opposed to the terminal
    -b, --bare                       Output IP Address only
    -c, --csv                        Output results in CSV format
        --metrics [number]           Generate OS and port statistics, optionally limit result count
        --script-data <string>       Search NSE script result data (case insensitive)

    -v, --version                    Show version information
    -h, --help                       Show this message

Examples

Search for all hosts with port 25 open

./fathom.rb -p 25

Search for all http services, exclude those on port 80, output in CSV to a file named http.csv

./fathom.rb -s http -e 80 -c -r http.csv

Search for all ftp services, excluding printers, scanned on or after 2015-02-10 in the IP range 192.168.12.1/24

./fathom.rb -s ftp --exclude-os Printer --start-date 2015-02-10 --ip-filter 192.168.12.1/24

Open every .xml file in the directory ./xmlfiles/, search the services for those identified as Microsoft SQL Servers, output IP addresses only

./fathom.rb -l ./xmlfiles -s "Microsoft SQL" -b

Show the top 10 OSes, services and ports in the logs

./fathom.rb --metrics 10
Add a custom footer

Introduction

Installing Fathom

Installing Nmap

Basic Configuration

Usage and Examples

fathom.rb

cert-query.rb

Clone this wiki locally