-1

I completed a nmap scan on a large-ish network and now I am trying to organize the data.

The report I have is the result of :

nmap -A -p 0-65535 -iL [filename] -oX [filename]

So what I am trying to do now is to extract the findings for each IP address that I scanned. I found another post here where the solution was to use awk :

awk 'BEGIN {RS="< host ";} /^starttime/ {print RS $0;}' [filename]

This didnt work for me because instead of stopping after the first block it ran right through the report. I realize of course that this is because '< host ' and 'starttime' are found in the output for all the IP addresses in the range.

Is there anyway for me to run through the nmap report and to extract the scan report for each IP address and save it in a separate file? A For loop will be required to do this of course... once the extraction and writing to file of one block is figured out then that can be expanded using the for loop (i think)...

Or does anyone, from experience or sheer inspiration, have a more refined solution/suggestion?

Any help in the matter will be greatly appreciated.

nomi
  • 1
  • 1
  • 2
    Show sample input and your desired output for that sample input. – Cyrus Jun 30 '15 at 17:23
  • It will be a bit difficult for me to insert the sample input as redacting the report will take an extensive amount of time. The report is in xml format and lists the hostname, port scan results, OS name, time up, last restart information. – nomi Jun 30 '15 at 17:40
  • Not all IPs have the same amount of data but they all do have the same categories... – nomi Jun 30 '15 at 17:41
  • Sample Output : I would like to take all the scan information for Host A, lets say IP address 192.168.1.100, and write it to a dedicated file. Then I would like to do the same for Host B... then Host C... to the point that I will potentially have 300 files each containing the state for a specific host. If I was doing this in excel I would have liked to have had a specific tab for each IP and that tab containing the pertinent information. – nomi Jun 30 '15 at 17:43
  • Without sample data, I can only recommend to use an XML parser. Example: `wget -O - http://www.nu.nl/rss/Algemeen 2>/dev/null | xmlstarlet sel -t -v /rss/channel/item/title` – Cyrus Jun 30 '15 at 17:52
  • Thanks for your comments Cyrus... i'll work on redacting a portion of the report and to attach it to the query in a few. Cheers – nomi Jun 30 '15 at 17:56

1 Answers1

0

Don't use awk to parse XML data. Nmap's XML output format is well-documented and there are parsers for it in Python (Ndiff also installs as a Python 2 library and has a parser built-in), Ruby, Perl, or you can use a number of command-line XML parsers.

Community
  • 1
  • 1
bonsaiviking
  • 5,825
  • 1
  • 20
  • 35
  • Is there any lib for c++ to parse Nmap output? – Mayur Oct 23 '18 at 14:04
  • 1
    @Mayur I'm not aware of one. Someone asked about it [here](https://stackoverflow.com/q/43061536/1183387), so you could upvote that question or put a bounty on it if you want. There are no answers right now. – bonsaiviking Oct 23 '18 at 18:24