Using `lnsscmd.exe' - the command line scanning tool
The `lnsscmd.exe' command line target scanning tool allows you to run vulnerability checks against network targets directly from the command line, or through third party applications, batch files and scripts. The `lnsscmd.exe' command line tool supports the following switches:
lnsscmd [Target] [/profile=profileName] [/report=reportPath] [/output=pathToXmlFile] [/user=usrname /password=password] [/UseComputerProfiles] [/email=emailAddress] [/DontShowStatus] [/?]
Switches:
- Target - Specify the IP / range of IPs or host name(s) to be scanned.
- /Profile - (Optional) Specify the scanning profile that will be used during a security scan. If this parameter is not specified, the scanning profile that is currently active in the GFI LANguard N.S.S. will be used.
NOTE: In the configuration interface, the default (i.e. currently active) scanning profile is denoted by the word (Active) next to its name. To view which profile is active expand the Configuration } Scanning Profiles node.
- /Output - (Optional) Specify the full path (including filename) of the XML file where the scan results will be saved.
- /Report - (Optional) Specify the full path (including filename) of the HTML file where the scan results HTML report will be output/saved.
- /User and /Password - (Optional) Specify the alternative credentials that the scanning engine will use to authenticate to a target computer during security scanning. Alternatively you can use the /UseComputerProfiles switch to use the authentication credentials already configured in the Computer Profiles (Configuration } Computer Profiles node).
- /Email - (Optional) Specify the email address on which the resulting report(s) will be sent at the end of this scan. Reports will be emailed to destination through the mail server currently configured in the Configuration } Alerting Options node (of the configuration interface).
- /DontShowStatus - (Optional) Include this switch if you want to perform silent scanning. In this way, the scan progress details will not be shown.
- /? - (Optional) Use this switch to show the command line tool's usage instructions.
NOTE: Always enclose full paths, and profile names within double quotes (i.e. `[path or profile name]') for example, "Default", "c:\temp\test.xml".
The command line target scanning tool allows you to pass parameters through specific variables. These variables will be automatically replaced with their respective value during execution. Supported variables include:
- %INSTALLDIR% - During scanning, this variable will be replaced with the path to the GFI LANguard N.S.S. installation directory.
- %TARGET% - During scanning this variable will be replaced with the name of the target computer.
- %SCANDATE% - During scanning this variable will be replaced with the date of scan.
- %SCANTIME% - During scanning this variable will be replaced with the time of scan.
Example: How to launch target computer scanning from the command line tool.
For this example, we will be assuming that a scan with the following parameters is required:
1. Perform a security scan on a target computer having IP address `130.16.130.1'.
2. Output the scan results to `c:\out.xml' (i.e. XML file)
3. Generate an HTML report and save it in `c:\result.html'.
4. Send the HTML report via email to `lnss@127.0.0.1'
The command line tool instruction for this particular security scan is:
lnsscmd.exe 130.16.130.1 /Profile="Default" /Output="c:\out.xml" /Report="c:\result.html" /email="lnss@127.0.0.1"
