Penetration Testing mailing list archives

RE: Nmap results in spreadsheet format

From: <Kim.Sassaman () cox com>
Date: Tue, 15 Jun 2004 09:53:52 -0700

Here is the source code of the 2 files that generated that report.

# more db.php
<?php
/******************************************************************************
*               Provide valid DB Result Object
*                       DB Connectivity
/******************************************************************************/

require_once('DB.php');

$dbUserName = 'xxx'; //mySQL username -u
$dbPassword = 'xxx'; //mySQL password -p
$dbHost     = 'localhost'; //host default = 'localhost'
$dbName     = 'nmapout'; //name of database

$db = DB::connect( "mysql://$dbUserName:$dbPassword@$dbHost/$dbName" );
if (DB::isError($db)) { die ($db->getMessage());}
//ini_set("session.bug_compat_42", 0);
?>




# more index.php

<?php
require_once 'db.php';  # db connection library

// edit the date_format string format parameters to your liking:
// http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html
$sql    =   "SELECT Address, Portid, Service, PortState, HostState, DATE_FORMAT(Updated, '%W %M %Y %H:%i:%s') AS 
Updated FROM test";


$items  =   $db->getAll($sql, DB_FETCHMODE_ASSOC);
$bgcolor        =       "#C0C0C0";
?>



<table width="100%" border="0" cellspacing="0" style="border: 1px solid #000000">
  <tr bgcolor="#CCCCCC">
    <td bgcolor="#CCCCCC"><strong>Address</strong></td>
    <td><strong>PortID</strong></td>
    <td bgcolor="#CCCCCC"><strong>Service</strong></td>
    <td bgcolor="#CCCCCC"><strong>Port State </strong></td>
    <td bgcolor="#CCCCCC"><strong>Host State </strong></td>
    <td bgcolor="#CCCCCC"><strong>Updated</strong></td>
  </tr>
<?php foreach($items as $row): ?>
<?php $bgcolor  =       ($bgcolor == "") ? "#F2F2F2" : "" ?>
  <tr bgcolor="<?= $bgcolor ?>">
    <td><?= $row['Address'] ?></td>
    <td><?= $row['Portid'] ?></td>
    <td><?= $row['Service'] ?></td>
    <td><?= $row['PortState'] ?></td>
    <td><?= $row['HostState'] ?></td>
    <td><?= $row['Updated'] ?></td>
  </tr>
<?php endforeach; ?>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
#

Kim Sassaman 
CISSP - CCNP
"Research is what I'm doing when I don't know what I'm doing." - Wernher Von Braun (1912-1977) 




-----Original Message-----
From: Sassaman, Kim (CCI-Phoenix) 
Sent: Tuesday, June 15, 2004 9:49 AM
To: 'Bill Z.'; Jerry Shenk
Cc: pen-test () securityfocus com
Subject: RE: Nmap results in spreadsheet format


http://www.securimind.com/temp/

Worked up a little something to display the output in a web format.  The scan is dumped to XML then converted to CSV 
and imported into MySql then coughed back out into a web format.  Going to create a little app where you can enter your 
devices and have them setup to scan at whatever time intervals you want.. daily, weekly, etc... and a reporting 
function to see what services were running on what devices.  Also contemplating implementing alerting for certain ports 
like 111   :)

Kim Sassaman 
CISSP - CCNP
"Research is what I'm doing when I don't know what I'm doing." - Wernher Von Braun (1912-1977) 




-----Original Message-----
From: Bill Z. [mailto:bgk () hotunix com]
Sent: Monday, June 14, 2004 11:22 AM
To: Jerry Shenk
Cc: pen-test () securityfocus com
Subject: Re: Nmap results in spreadsheet format


This is a simple task - here's my quick and dirty way of converting the
plain-text nmap output (e.g., nmap-out) into an Excel file with html tags:

echo "<table>" ; grep "^[0-9*]" nmap-out | awk '{print "<tr><td>" $1 \
"<td>" $2 "<td>" $3}'; echo "</table>" > nmap-out.xls

Enjoy :)

--
What do you call a failed pentest?  - VA.
http://hotunix.com/tools/


On Fri, 11 Jun 2004, Jerry Shenk wrote:

I once saw a mention of a utility (probably a perl script) that would
take the information from an nmap scan and kick it out in a spreadsheet
format.  I am working with a guy right now that really needs to take
inventory of what machines exist on the network and what ports are open
on them.  There are over 100 web servers, numerous servers with terminal
server, vnc and dameware, snmp on way too many and the list goes on.
Instead of having raw nmap output to wade through, it would be nice to
scan down a column and say, "Which of these web servers do you really
need?  Shut the rest down."

If somebody can point me to a link for that, I'd appreciate it.

Current thread:

RE: Nmap results in spreadsheet format Roman, David (Jun 16)
- <Possible follow-ups>
- RE: Nmap results in spreadsheet format Kim.Sassaman (Jun 16)
- RE: Nmap results in spreadsheet format Jonathan Pokrzyk (Jun 16)
  - Re: Nmap results in spreadsheet format Vladimir Parkhaev (Jun 17)
  - Biting my Tongue Re: Nmap results in spreadsheet format Donald Voss (Jun 18)
- RE: Nmap results in spreadsheet format Kim.Sassaman (Jun 17)
- RE: Nmap results in spreadsheet format Kim.Sassaman (Jun 17)