Critical Security Control One (CSC 1) – Inventory of Authorized and Unauthorized Devices

I created a poor man’s solution to CSC 1 by writing a Python script that uses nmap to scan, ndiff to compare the scan results against a baseline (an nmap scan file of authorized devices), and then Python’s smtplib to send me an email if a device is on the network that is not on the baseline.

import os
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText

def discover_and_diff():
    """Scans and compare results against a baseline"""
    os.system("nmap -sn -oX inventory_current.xml")
    os.system("ndiff inventory_baseline.xml inventory_current.xml > inventory_diff.txt")

def read_diff():
    """Opens the diff and records the lines with added differences"""
    with open('inventory_diff.txt') as file_object:
        contents = []
        for line in file_object:
            if line.startswith("+") and line[1:5] != "Nmap":
        scan_diff_result = '\n'.join(contents)
    return scan_diff_result

def send_diff_email():
    """Calls read_diff, and sends an email if new hosts are present"""
    scan_alert = read_diff()
    if bool(scan_alert) == True:
        to_addr = ''
        from_addr = ''
        msg = MIMEMultipart()
        msg['From'] = from_addr
        msg['To'] = to_addr
        msg['Subject'] = 'Inventory Scan Alert'
        body = scan_alert
        smtp_obj = smtplib.SMTP('', 587)
        smtp_obj.login('', 'my_password')
        text = msg.as_string()
        smtp_obj.sendmail(from_addr, to_addr, text)
        print("No new devices. All secure.")

def main():

if __name__ == '__main__':


Leave a Reply

Your email address will not be published. Required fields are marked *