RE: How to aggregate output of NMAP

["Lodin, Steven {GZ-Q~Mannheim}" <STEVEN.LODIN () Roche COM>]

Someone else mentioned Perl and gave a small code example.  If this is interesting to you, check out ndiff (Nmap diff). 
 I don't have the URL, but if I remember correctly, I found it from one of the nmap mailing list archives on 
www.insecure.org.

I think I would use a combination of grep/cut/sort/uniq/wc for the how many part.  One question you didn't ask is "what 
are the web servers".  For this, I use Whisker to classify the web servers.  Any better options?

Another thought came to me...  Perhaps the scanssh program has some summarization code in it as well that could be 
reused...

Steve Lodin
Head of Global IT Security 
Roche Diagnostics
(W) +49-621-759-5276
(M) +49-173-348-4974 
 
> I used nmap -sS -p80,25,110,21 172.31.*.* -oN output
> do you know if exist any tool to summarize the result in 
> order to know (for
> example):
>
> how may WEB answered
> who are the web server
>
> hom many FTP
> who are ftp
>
> I used nlog....any other tool?

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/