Ready to Start Your Career?

Nmap Ndiff and Telegram for red teaming

TYEB 's profile image


June 13, 2019

What is Phactive?

Phactive is a little script written in bash, it’s to aid in a red team workflow, Since red team is mostly about continuous monitoring and simulation of a real life attack. unlike in Penetration testing where you just have to run a scan and submit a report the explain your findings, which can be accomplished with a short time missing out new risks and vulnerabilities. For example: During a penetration testing you can run an Nmap scan on port “22” during your scan and its closed. Which might then be opened tomorrow for maybe technical support. So this is where red team idea comes in handing.

So Phactive runs an Nmap scan every morning at 10am with the use of cron job, it then compares the result of Yesterday’s scan result with Todays result using Ndiff. If they are any new open ports or changes in the scan it’s send a report of the new findings to your specified Telegram bot.

This is a very basic red teaming script that runs nmap every day at 10AM using cron job that Scans 0-65535 with "-A -Pn -v -T4 -F -sV" Flags then uses ndiff to compare the result. If there's any difference it sends a notification to your specified Telegram bot aboutnew ports discovered.

Download, setup, and usage

You must have Nmap and Ndiff installed:

git clone /opt/phactive

sudo nano /opt/phactive/

Add the host you want to scan and monitor:

TARGETS="" # Target eg: (Ex:,,; 10.0.0-255.1-254)

Add your telegram chat id and token:

chat_id="<Telegram chat id>" # Telegram Chat idtg_token="<Telegram Bot Token"# Telegram bot Token

To setup a telegram token and chat id check out this post.

Setup a cron job

Once you done with the setup. You can run a cron job that runs every morning at 10am or your desirable time. Here is an example:

sudo nano /etc/crontab

Then copy and paste then save.

00 10 * * * root bash /opt/phactive/

Schedule Demo