Penetration Testing mailing list archives
Re: How to aggregate output of NMAP
From: Fyodor <fyodor () insecure org>
Date: Tue, 5 Feb 2002 19:54:18 -0800
On Tue, Feb 05, 2002 at 09:38:45PM +0100, Lodin, Steven {GZ-Q~Mannheim} wrote:
Someone else mentioned Perl and gave a small code example. If this is interesting to you, check out ndiff (Nmap diff). I don't have the URL, but if I remember correctly, I found it from one of the nmap mailing list archives on www.insecure.org.
Ndiff was written by James Levine and is available at http://www.vinecorp.com/ndiff/ . Also, it sounds like the original poster had very simple needs, such as obtaining a list of ftp or web servers. The Nmap "grepable" output mode may be sufficient. The syntax is "-oG <filename>" and it puts the most critical info about a host on a line like this: Host: 127.0.0.1 (felix.insecure.org) Ports: 22/open/tcp//ssh///, 53/open/tcp//domain///, 515/open/tcp//printer///, 6000/open/tcp//X11/// Ignored State: closed (1548) OS: Linux Kernel 2.4.0 - 2.4.17 (X86) Seq Index: 3696008 IPID Seq: All zeros You can easily grep the file for ports like "/dtspc/" and OS strings like "Solaris". If there are a lot of results, you can obtain just the IPs by piping them to standard shell commands like 'cut "-d " -f2'. All this being said, I recommend the XML output mode (-oX) for more involved analysis and feeding results to other nontrivial programs. The XML also contains some info that I haven't found a place for in the normal (or grepable) output formats. Cheers, Fyodor http://www.insecure.org/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- How to aggregate output of NMAP Carmelo Floridia (Feb 05)
- Re: How to aggregate output of NMAP R. DuFresne (Feb 05)
- Re: How to aggregate output of NMAP stephen (Feb 06)
- Re: How to aggregate output of NMAP George Lewis (Feb 06)
- Re: How to aggregate output of NMAP Scott Nursten (Feb 06)
- <Possible follow-ups>
- Re: How to aggregate output of NMAP Mike Brentlinger (Feb 05)
- Re: How to aggregate output of NMAP Vladimir Parkhaev (Feb 05)
- RE: How to aggregate output of NMAP Lodin, Steven {GZ-Q~Mannheim} (Feb 05)
- Re: How to aggregate output of NMAP Fyodor (Feb 06)
- Re: How to aggregate output of NMAP Vladimir Parkhaev (Feb 06)
- RE: How to aggregate output of NMAP Viraf Hathiram (Feb 06)
- RE: How to aggregate output of NMAP Rayburn, Gordon (Feb 12)
- Re: How to aggregate output of NMAP Robert Rich (Feb 13)
- Re: How to aggregate output of NMAP R. DuFresne (Feb 05)