.

Nmap Grep Help

<<

Medeoker

Newbie
Newbie

Posts: 3

Joined: Mon Apr 23, 2012 9:05 pm

Post Mon May 21, 2012 2:27 pm

Nmap Grep Help

Hey there,

I've been doing some searching and I'm having a tough time trying to figure out what I'm trying to do.

I'm running an nmap scan with the -oG option to grep the info.

I am looking to end up with a test file with the following format:

IP,Port

I'm grepping for specific services and want to output it in that format, as the next tool I want to run needs the data that way.

I can grep the IP with:

cat logfile |grep http |cut -d" " -f2

And I can grep the port with:
cat logfile |grep http |cut -d" " -f4 |cut -d"/" -f1

I just need to figure out how to grep those two things out and put the out put on the same line with a comma separating them.

I'm doing this for an automation exercise I'm working on.

Any help would be greatly appreciated! Thanks
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon May 21, 2012 2:56 pm

Re: Nmap Grep Help

use awk not cut. $2,$4 might work

so something like:

awk '{print $2","$4}'

really awk is probably your best bet in this case.

My awk is rusty, but I'm pretty sure you could do the whole thing with a single awk statement.
Last edited by rattis on Mon May 21, 2012 3:01 pm, edited 1 time in total.
OSWP, Sec+
<<

Medeoker

Newbie
Newbie

Posts: 3

Joined: Mon Apr 23, 2012 9:05 pm

Post Mon May 21, 2012 3:05 pm

Re: Nmap Grep Help

Sweet

I'll figure it out. Just need someone to point me in the right direction.

Thanks!
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon May 21, 2012 3:53 pm

Re: Nmap Grep Help

Your cat is what is known as a UUOC https://www.google.com/search?q=uuoc You don't need it.

[root@kenji ~]# cat nmap.scan | grep http
80/tcp  open  http
443/tcp closed https


[root@kenji ~]# grep http nmap.scan
80/tcp  open  http
443/tcp closed https

When using awk, you won't even need to bother with grep either:

[root@kenji ~]# awk '/http/' nmap.scan
80/tcp  open  http
443/tcp closed https

[root@kenji ~]# awk -F / '/http/ && /open/{print $1}' nmap.scan
80

[root@kenji ~]# awk -F / '/http/ && /open/{print "WHATEVER_YOU_WANT,"$1}' nmap.scan
WHATEVER_YOU_WANT,80

Anyhow, this is the easiest way for you to get the output you want:

awk '/http/{print $2","$5}' logfile | awk -F / '{print $1}'
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon May 21, 2012 3:56 pm

Re: Nmap Grep Help

Should have added the example beforehand:

[root@kenji ~]# more nmap.scanned
# Nmap 6.00 scan initiated Mon May 21 16:56:39 2012 as: nmap -sS -p 80,442 -oG nmap.scanned 10.4.4.72
Host: 10.4.4.72 (kenji.infiltrated.net) Status: Up
Host: 10.4.4.72 (kenji.infiltrated.net) Ports: 80/open/tcp//http///, 442/closed/tcp//cvc_hostd///
# Nmap done at Mon May 21 16:56:41 2012 -- 1 IP address (1 host up) scanned in 2.17 seconds

[root@kenji ~]# awk '/http/{print $2","$5}' nmap.scanned | awk -F / '{print $1}'
10.4.4.72,80
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue May 22, 2012 10:40 am

Re: Nmap Grep Help

Like I said, my Awk was rusty, the grep option didn't look all that appealing when I messed with it yesterday. But with the rest of the awk hints from Sil it really is cool.

Now to upgrade to nmap6.
OSWP, Sec+
<<

Medeoker

Newbie
Newbie

Posts: 3

Joined: Mon Apr 23, 2012 9:05 pm

Post Tue May 22, 2012 12:15 pm

Re: Nmap Grep Help

sil wrote:Should have added the example beforehand:

[root@kenji ~]# more nmap.scanned
# Nmap 6.00 scan initiated Mon May 21 16:56:39 2012 as: nmap -sS -p 80,442 -oG nmap.scanned 10.4.4.72
Host: 10.4.4.72 (kenji.infiltrated.net) Status: Up
Host: 10.4.4.72 (kenji.infiltrated.net) Ports: 80/open/tcp//http///, 442/closed/tcp//cvc_hostd///
# Nmap done at Mon May 21 16:56:41 2012 -- 1 IP address (1 host up) scanned in 2.17 seconds

[root@kenji ~]# awk '/http/{print $2","$5}' nmap.scanned | awk -F / '{print $1}'
10.4.4.72,80




This worked perfectly! Thanks again guys!
<<

camelCase

Newbie
Newbie

Posts: 12

Joined: Fri Apr 20, 2012 9:33 pm

Post Fri May 25, 2012 1:24 pm

Re: Nmap Grep Help

Came here to say what Sil already covered.

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software