The command is invoked once per detection, which may contain multiple IP addresses.
What you could do instead, is to extract IP addresses directly from the database and feed them into nmap:
- Download SQLite command line tools from SQLite site.
- Extract sqlite3.exe and place it in a folder.
- Extract and place this .cmd script file into the same folder.
- Edit the file as needed and specify it to be launched from WiFi Guard.
The script will extract all last seen IP addresses, save them to a file, and then run an nmap scan against them.
Script code:
sqlite3 WiFiGuard.DB "SELECT ACTIVITY.IPADDR FROM DEVICE JOIN ACTIVITY ON DEVICE.HWADDR = ACTIVITY.HWADDR WHERE DEVICE.KNOWN = 0 AND ACTIVITY.DAY = CURRENT_DATE" > ips.txt
nmap.exe -v -A -oX report.xml -iL ips.txt