community.general.nmap inventory – Uses nmap to find hosts to target
Note
This inventory plugin is part of the community.general collection (version 6.6.9).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
You need further requirements to be able to use this inventory plugin,
see Requirements for details.
To use it in a playbook, specify: community.general.nmap.
Synopsis
Uses a YAML configuration file with a valid YAML extension.
Requirements
The below requirements are needed on the local controller node that executes this inventory.
nmap CLI installed
Parameters
Parameter |
Comments |
|---|---|
Network IP or range of IPs to scan, you can use a simple range (10.2.2.15-25) or CIDR notation. Configuration:
|
|
Toggle to enable/disable the caching of the inventory’s source data, requires a cache plugin setup to work. Choices:
Configuration:
|
|
Cache connection data or path, read cache plugin documentation for specifics. Configuration:
|
|
Cache plugin to use for the inventory’s source data. Default: Configuration:
|
|
Prefix to use for cache plugin files/tables Default: Configuration:
|
|
Cache duration in seconds Default: Configuration:
|
|
Create vars from jinja2 expressions. Default: |
|
Whether to always ( Choices:
|
|
List of addresses to exclude. For example Configuration:
|
|
Add hosts to group based on Jinja2 conditionals. Default: |
|
Scan via ICMP Timestamp ( Depending on your system you might need Choices:
|
|
use IPv4 type addresses Choices:
|
|
use IPv6 type addresses Choices:
|
|
Add hosts to group based on the values of a variable. Default: |
|
The default value when the host variable’s value is an empty string. This option is mutually exclusive with |
|
The key from input dictionary used to generate groups |
|
parent group for keyed group |
|
A keyed group name will start with this prefix Default: |
|
separator used to build the keyed group name Default: |
|
Set this option to This option is mutually exclusive with Choices:
|
|
Use in conjunction with keyed_groups. By default, a keyed group that does not have a prefix or a separator provided will have a name that starts with an underscore. This is because the default prefix is “” and the default separator is “_”. Set this option to False to omit the leading underscore (or other separator) if no prefix is given. If the group name is derived from a mapping the separator is still used to concatenate the items. To not use a separator in the group name at all, set the separator for the keyed group to an empty string instead. Choices:
|
|
Only scan for open (or possibly open) ports. Choices:
|
|
token that ensures this is a source file for the ‘nmap’ plugin. Choices:
|
|
Only scan specific port or port range ( For example, you could pass |
|
Enable/disable scanning ports. Choices:
|
|
If Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default. Choices:
|
|
Set to Choices:
|
|
Scan via UDP. Depending on your system you might need Choices:
|
|
Whether to always ( Choices:
|
|
Merge extra vars into the available variables for composition (highest precedence). Choices:
Configuration:
|
Notes
Note
At least one of ipv4 or ipv6 is required to be True, both can be True, but they cannot both be False.
TODO: add OS fingerprinting
Examples
# inventory.config file in YAML format
plugin: community.general.nmap
strict: false
address: 192.168.0.0/24
# a sudo nmap scan to fully use nmap scan power.
plugin: community.general.nmap
sudo: true
strict: false
address: 192.168.0.0/24
# an nmap scan specifying ports and classifying results to an inventory group
plugin: community.general.nmap
address: 192.168.0.0/24
exclude: 192.168.0.1, web.example.com
port: 22, 443
groups:
web_servers: "ports | selectattr('port', 'equalto', '443')"