By the way, the reasoning for the mixture in awk, perl and ruby in my example, is to get you guys to see other variations across different languages. Improvisation
I knew I was setting myself to get schooled, yet I posted anyway...
Nah no way, not schooling at all, offering the same in an alternative form
I don't really use oA at all with nmap, here is how I would do it if using nmap with your one liners based off the crap in my office:
[root@kenji ~]# nmap -sS -O --version-intensity 7 -sV -p `awk '$3 >= .25{print}' /usr/local/share/nmap/nmap-services |\
awk -F "/" '!/^#/{print $1}' |\
awk '{print $2}'|\
perl -p -e 's:\n:,:g'|\
ruby -pe 'gsub(/,$/, "")'` 10.4.4.1,55,72 |awk '!/closed|filtered/'
Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-04-11 10:49 EDT
Nmap scan report for 10.4.4.1
Host is up (0.00041s latency).
PORT STATE SERVICE VERSION
MAC Address: 00:16:76:2F:A1:6E (Intel)
Device type: firewall|general purpose
Running: Genua OpenBSD 4.X, OpenBSD 4.X|5.X
OS CPE: cpe:/o:genua:openbsd:4 cpe:/o:openbsd:openbsd:4.1 cpe:/o:openbsd:openbsd:5
OS details: Genua GeNUGate Firewall 7.0 (OpenBSD 4.6), OpenBSD 4.1, OpenBSD 4.1 (x86), OpenBSD 4.1 - 4.3, OpenBSD 4.3, OpenBSD 4.5, OpenBSD 5.0 GENERIC
Network Distance: 1 hop
Nmap scan report for 10.4.4.55
Host is up (0.00018s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.10 ((Linux/SUSE))
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: SHISEI)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.13 - 2.6.32
Network Distance: 1 hop
Nmap scan report for kenji.infiltrated.net (10.4.4.72)
Host is up (0.000017s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.22 ((FreeBSD) PHP/5.3.10 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.61TEST5%E=4%D=4/11%OT=80%CT=123%CU=35801%PV=Y%DS=0%DC=L%G=Y%TM=
OS:4F859A3E%P=i386-portbld-freebsd9.0)SEQ(SP=101%GCD=2%ISR=10C%TI=I%CI=I%TS
OS:=21)OPS(O1=M5B4NW6ST11%O2=M578NW6ST11%O3=M280NW6NNT11%O4=M3FD8NW6ST11%O5
OS:=M218NW6ST11%O6=M109ST11)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=
OS:FFFF)ECN(R=Y%DF=Y%T=41%W=FFFF%O=M5B4NW6SLL%CC=N%Q=)T1(R=Y%DF=Y%T=41%S=O%
OS:A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=41%W=FFFF%S=O%A=S+%F=AS%O=M109NW6
OS:ST11%RD=0%Q=)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=4
OS:1%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%
OS:Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=41%IPL=38%
OS:UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=41%CD=S)
Network Distance: 0 hops
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 3 IP addresses (3 hosts up) scanned in 39.06 seconds
[root@kenji ~]#
My scans tend to stay in SYN land
and I always (without fail) go deep in versioning when possible.
General Certification : Red Team/Blue Team
