Re: Version Detection based on past TCP/UDP scan results

[Brandon Enright <bmenrigh () ucsd edu>]

On Thu, 31 May 2007 15:56:05 -0500 plus or minus some time "DePriest, Jason
R." <jrdepriest () gmail com> wrote:

> On 5/30/07, Hyper 4S  wrote:
> > All,
> >
> > assuming we have the results (eg in greppable format) of a normal
> > TCP/UDP portscan, is it possible to version scan (-sV) the found open
> > ports, without repeating this TCP/UDP scan?
> >
> > E.g. we have "output", the result of the scan "nmap -sS -sU -p0-65535
> > -oG output [host]"
<snip>
> I suppose if you are a master with sed or awk you could come up with a
> one linter that could use the oG file instead of the oX file.  That's
> beyond me, though.
>
> -Jason

Here is one way to skin the cat in bash/perl:

grep 'Host:' output.gnmap | \
perl -ne 'my @stack; my $host = $1 if (m#Host:\s([\d.]+)#); '\
'while (m#(\d+)/open/tcp#g) { push @stack, $1; } '\
'print join(",", @stack), " ", $host, "\n";' | \
while read LINE; 
  do sudo nmap -v -n -P0 -sV -p $LINE;
done


This quick and dirty shell script will fire nmap off once per host in your
gnmap output.  You should be able to take it from there.

Brandon

Attachment: signature.asc
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org