Security Basics mailing list archives

Re: Use logs from nmap

From: Spurge <spurgeonbj () softhome net>
Date: Tue, 6 Jul 2004 19:19:23 +0530

Hi,

Anything could said me, any tool for see the ie: nmap's logs in xml,text
and can cut the columns that i want, or make operations with this?


This had figured in SF's pentest list recently and Bill Z. <bgk () hotunix com> 
had given a wonderful snippet to do that.  Here's what 
was suggested and I've tried it out and find it very useful.

----snip----
echo '<table>' >nmap.xls; grep ^[0-9] nmap.out  | tr '/' ' ' | 
awk'{printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",$2,$1,
$3,$4);}' >> nmap.xls; echo '</table>' >> nmap.xls
----snip----

here's how this goes:
0.    Put the table tag in the outputfile.
1.      Filter the port data of nmap thru grep and pipe it to next.
2.      Replace the slash between the port no and protocol in col 1 with a space 
to make the output as 4 fields (port no, protocol, state and service) and 
pipe to next.
3.      awk does the rest of separating fields and prepending and appending HTML 
tags around each field and append the lines to outputfile
4.      finish off the outputfile by appending ending tag for the table.

this saves nmap result as an excel spreadsheet, which you can further export 
into various DB formats, sort etc...  The same approach can be made to parse 
any format you deem fit... If you are determined ;-)

Regards
Spurge

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

RE: New Trojan? Nick Duda (Jun 30)
- <Possible follow-ups>
- Re: New Trojan? nee cee (Jun 30)
- Re: New Trojan? Michael Painter (Jul 01)
- RE: New Trojan? Beesley, Aubrey (Capita Symonds) (Jul 01)
- Re: New Trojan? vrsnet (Jul 01)
  - RE: New Trojan? David Gillett (Jul 01)
  - Use logs from nmap efrén serrano (Jul 05)
    - Re: Use logs from nmap Spurge (Jul 06)
- Re: New Trojan? Zoran Perkov (Jul 01)
- RE: New Trojan? Lauren Ward (Jul 01)
- Re: New Trojan? Michael Painter (Jul 01)
- Re: New Trojan? Greg Bur (Jul 01)
- Re: New Trojan? FLEXITI GmbH (Jul 01)
- re: New Trojan? Jeff (Jul 01)
- RE: New Trojan? Steven Hess (Jul 01)
- RE: New Trojan? Raj (Jul 01)