Send Nmap scan output via Telegram

Yoplux
4 min readMay 24, 2021

--

Imagine that you need to run a big scan against a target and you have to leave home but you also want to see the result of your scan when Nmap as finished the job.

To proceed we need to create a Telegram Bot with The BotFather. To create a bot with Telegram i redirect you to this tutorial, the video is very friendly and easy to follow, https://www.youtube.com/watch?v=UhZtrhV7t3U.

Once done you can come back here to follow my tutorial !

The bash script

At this momen you should have your Token and your chat ID, we can now create a bash script to send files to the group (where you should be if you followed the link above).

Create a folder to store you script, in my case it’s ‘TelegramBot’

mkdir /home/kalidunet/TelegramBot

Go into this path and create a bash file

nano bot.sh

Now we can start writing the script !

  • #!/bin/bash is used to execute the script with the bash shell
  • xsltproc is programm to convert the Nmap .xml output to .html wich is much more readable and friendly to see !
  • -o to send the output to the path folder you choose

You have to know that when you will start you nmap scan you have to specify the ouput -oX to this folder you see in the script, in my case it is /home/kalidunet/Bureau/NmapBot

This is the second part of the script, to send document with the bot the syntax is https://api.telegram.org/YOURTOKEN/sendDocument?chat_id=YOURCHATID , it is different if you want to only send text !

  • if [[-f ]] checks if the file exist, if the file exist then the script will run, else the program exit !
  • token is the token you have stored “i hope you did :)” if you followed the video at the begining, the token is used to identify you
  • chat_id is the chat number
  • file is where the nmap output is stored
  • curl -F causes curl to POST data using the Content-Type multipart/form-data
  • document=@$file is used to specify the file we need to send, in our case we had stored it in the $file variable but you can specify it in clear like /home/kalidunet/…. you do as you want to do
  • sendDocument is used to specify that we want to send Document and not text

The test of the script

Let’s now do a Nmap Scan and register it with a .xml output

nmap -v -sV -T5 nmap.org -oX /home/kalidunet/Bureau/NmapBot/nmap.xml

When the scan is done we can run the script

/home/kalidunet/TelegramBot/bot.sh

When you run the script you should have this ouput ! (i hide my personal information)

Look at your Phone, you may have receive the file in .html on the chatgroup :)

Open it

You now have a very clear output to work with, but we still have to be here to run the script and this is not our goal.

Crontab

Yes we will use crontab to run the script when we are not in front of the keyboard ;) To do so enter this command to edit your crontab

crontab -e

Let’s create a Job to run the script every hour, usually scan’s are very long to perform so let’s execute the Job every hour.

Then close it and now you can run your nmap script and leave the house, the output we will send it to you on your mobile phone !

Remember to match the output file with the files you had specified on the script ! If you have to change the name of the output file you also have to change it in your script.

I know the script is very basic but the idea is here, you can upgrade it and send me what you did it will be a pleasure to work on it with someone else.

Thanks.

Signed Alix.

--

--

Yoplux
Yoplux

Written by Yoplux

Learn with Christian & Alix

No responses yet