|
Title: Nmap Grep Help Post by: Medeoker on May 21, 2012, 02:27:15 PM Hey there,
I've been doing some searching and I'm having a tough time trying to figure out what I'm trying to do. I'm running an nmap scan with the -oG option to grep the info. I am looking to end up with a test file with the following format: IP,Port I'm grepping for specific services and want to output it in that format, as the next tool I want to run needs the data that way. I can grep the IP with: cat logfile |grep http |cut -d" " -f2 And I can grep the port with: cat logfile |grep http |cut -d" " -f4 |cut -d"/" -f1 I just need to figure out how to grep those two things out and put the out put on the same line with a comma separating them. I'm doing this for an automation exercise I'm working on. Any help would be greatly appreciated! Thanks Title: Re: Nmap Grep Help Post by: chrisj on May 21, 2012, 02:56:40 PM use awk not cut. $2,$4 might work
so something like: awk '{print $2","$4}' really awk is probably your best bet in this case. My awk is rusty, but I'm pretty sure you could do the whole thing with a single awk statement. Title: Re: Nmap Grep Help Post by: Medeoker on May 21, 2012, 03:05:00 PM Sweet
I'll figure it out. Just need someone to point me in the right direction. Thanks! Title: Re: Nmap Grep Help Post by: sil on May 21, 2012, 03:53:21 PM Your cat is what is known as a UUOC https://www.google.com/search?q=uuoc You don't need it.
[root@kenji ~]# cat nmap.scan | grep http 80/tcp open http 443/tcp closed https [root@kenji ~]# grep http nmap.scan 80/tcp open http 443/tcp closed https When using awk, you won't even need to bother with grep either: [root@kenji ~]# awk '/http/' nmap.scan 80/tcp open http 443/tcp closed https [root@kenji ~]# awk -F / '/http/ && /open/{print $1}' nmap.scan 80 [root@kenji ~]# awk -F / '/http/ && /open/{print "WHATEVER_YOU_WANT,"$1}' nmap.scan WHATEVER_YOU_WANT,80 Anyhow, this is the easiest way for you to get the output you want: awk '/http/{print $2","$5}' logfile | awk -F / '{print $1}' Title: Re: Nmap Grep Help Post by: sil on May 21, 2012, 03:56:34 PM Should have added the example beforehand:
[root@kenji ~]# more nmap.scanned # Nmap 6.00 scan initiated Mon May 21 16:56:39 2012 as: nmap -sS -p 80,442 -oG nmap.scanned 10.4.4.72 Host: 10.4.4.72 (kenji.infiltrated.net) Status: Up Host: 10.4.4.72 (kenji.infiltrated.net) Ports: 80/open/tcp//http///, 442/closed/tcp//cvc_hostd/// # Nmap done at Mon May 21 16:56:41 2012 -- 1 IP address (1 host up) scanned in 2.17 seconds [root@kenji ~]# awk '/http/{print $2","$5}' nmap.scanned | awk -F / '{print $1}' 10.4.4.72,80 Title: Re: Nmap Grep Help Post by: chrisj on May 22, 2012, 10:40:59 AM Like I said, my Awk was rusty, the grep option didn't look all that appealing when I messed with it yesterday. But with the rest of the awk hints from Sil it really is cool.
Now to upgrade to nmap6. Title: Re: Nmap Grep Help Post by: Medeoker on May 22, 2012, 12:15:42 PM Should have added the example beforehand: [root@kenji ~]# more nmap.scanned # Nmap 6.00 scan initiated Mon May 21 16:56:39 2012 as: nmap -sS -p 80,442 -oG nmap.scanned 10.4.4.72 Host: 10.4.4.72 (kenji.infiltrated.net) Status: Up Host: 10.4.4.72 (kenji.infiltrated.net) Ports: 80/open/tcp//http///, 442/closed/tcp//cvc_hostd/// # Nmap done at Mon May 21 16:56:41 2012 -- 1 IP address (1 host up) scanned in 2.17 seconds [root@kenji ~]# awk '/http/{print $2","$5}' nmap.scanned | awk -F / '{print $1}' 10.4.4.72,80 This worked perfectly! Thanks again guys! Title: Re: Nmap Grep Help Post by: camelCase on May 25, 2012, 01:24:12 PM Came here to say what Sil already covered.
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |