Ndiff Ndiff is a tool to aid in the comparison of Nmap scans. Specifically, it takes two Nmap XML output files and prints the differences between them. It is capable of showing changes in host states (up or down), port states (open, closed, etc.), script results, and changes in service and OS detection. To install, run (as root) python setup.py install It's also possible to run the program from within the distribution without installing it. Use "ndiff --help" for usage instructions. Here is a sample of the output: $ ./ndiff test-scans/random-1.xml test-scans/random-2.xml -Nmap 4.85BETA4 at 2009-03-24 17:34 +Nmap 4.85BETA4 at 2009-03-25 16:35 10.137.81.38: OS details: FreeBSD 6.2-RELEASE Apple AirPort Extreme WAP v7.3.2 + APC Network Management Card (AOS 3.3.5) + Apple iPod touch audio player (iPhone OS 2.1) +10.181.218.66: +Host is up. +Not shown: 998 closed ports +PORT STATE SERVICE VERSION +222/tcp open rsh-spx +8080/tcp filtered http-proxy -bpdygf-130.example.com (10.188.226.230): -Host is up. -Not shown: 1000 filtered ports ysqxnovik-508.example.com (10.253.52.142): PORT STATE SERVICE VERSION +1503/tcp closed imtc-mcs -4567/tcp open tcpwrapped -OS details: - HP 4000M ProCurve switch (J4121A) - Nortel 5530 Ethernet Routing Switch - Nortel 5520 Ethernet Routing Switch - Sun StorageTek 6140 NAS device - FreeBSD 6.2-RELEASE Use -v or --verbose to see all hosts and ports, not just those that have changed. Ndiff started as a project by Michael Pattrick during the 2008 Google Summer of Code. Michael designed the program and led the discussion of its output formats. He wrote versions of the program in Perl and C++, but the summer ended shortly after it was decided to rewrite the program in Python for the sake of Windows compatibility. This Python version is written by David Fifield . Ndiff web site: https://nmap.org/ndiff/