π₯
awesome-nmap-grep A collection of awesome, grep-like commands for the nmap
greppable output
(-oG
) format. This repository aims to serve as a quick reference to modify the
output into readable formats.
All of the below commands assume the output was saved to a file called
output.grep
. The example command to produce this file as well as the sample
outputs was: nmap -v --reason 127.0.0.1 -sV -oG output.grep -p-
.
Finally, the NMAP_FILE
variable is set to contain output.grep
.
commands
- Count Number of Open Ports
- Top 10 Open Ports
- Top Service Identifiers
- Top Service Names
- Hosts and Open Ports
- Banner Grab
count number of open ports
command
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
sed -n -e 's/Ignored.*//p' | \
awk -F, '{split($0,a," "); printf "Host: %-20s Ports Open: %d\n" , a[1], NF}' \
| sort -k 5 -g
output
Host: 127.0.0.1 Ports Open: 16
explained
$ NMAP_FILE=output.grep
$ egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
# | ββββββββ¬βββββββ | | ββ Select the rest of
# | | | | the fields which
# | | | | will be the open
# | | | | ports.
# | | | |
# | | | ββ Select the second field
# | | | to print which will
# | | | be IP Address
# | | |
# | | ββ The file containing the grepable output.
# | |
# | ββ Ignore lines that start with a # or contain the string
# | 'Status: Up'
# |
# ββ Inverse the pattern match
sed -n -e 's/Ignored.*//p' | \
# | | ββββββββ¬ββββββββ
# | | ββ Remove text from the string 'Ignored' onwards.
# | |
# | ββ Specify the script to execute.
# |
# ββ Be quiet on errors.
awk -F, '{split($0,a," "); printf "Host: %-20s Ports Open: %d\n" , a[1], NF}' | \
# | ββββββββ¬βββββββ βββ¬ββ βββ¬ββ |
# | | | Use the second element β |
# | | | in array a defined by |
# | | | the previous split(). |
# | | | |
# | | | The total columns ββββββ
# | | | extracted.
# | | |
# | | ββ Pad the string to 20 spaces.
# | |
# | ββ Split the item in the first column again by space,
# | storing the resultant array into a.
# |
# ββ Print a string from a format string
sort -k 5 -g
print the top 10 ports
command
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f4- | \
sed -n -e 's/Ignored.*//p' | tr ',' '\n' | sed -e 's/^[ \t]*//' | \
sort -n | uniq -c | sort -k 1 -r | head -n 10
output
1 9001/open/tcp//tor-orport?///
1 9000/open/tcp//cslistener?///
1 8080/open/tcp//http-proxy///
1 80/open/tcp//http//Caddy/
1 6379/open/tcp//redis//Redis key-value store/
1 631/open/tcp//ipp//CUPS 2.1/
1 6234/open/tcp/////
1 58377/filtered/tcp/////
1 53/open/tcp//domain//dnsmasq 2.76/
1 49153/open/tcp//mountd//1-3/
explained
$ NMAP_FILE=output.grep
$ egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f4- | \
# | ββββββββ¬βββββββ | ββ Select only the fields
# | | | with the port details.
# | | |
# | | ββ The file containing the grepable output.
# | |
# | ββ Ignore lines that start with a # or contain the string
# | 'Status: Up'
# |
# ββ Inverse the pattern match
sed -n -e 's/Ignored.*//p' | tr ',' '\n' | sed -e 's/^[ \t]*//' | \
# | | ββββββββ¬ββββββββ ββ¬β βββ¬β βββββββ¬ββββββ
# | | | | | ββ Remove tabs and
# | | | | | spaces.
# | | | | ββ ... with newlines.
# | | | |
# | | | ββ Replace commas ...
# | | |
# | | ββ Remove text from the string 'Ignored' onwards.
# | |
# | ββ Specify the script to execute.
# |
# ββ Be quiet on errors.
sort -n | uniq -c | sort -k 1 -r | head -n 10
# | | | ββ Print the first 10 lines.
# | | |
# | | ββ Output result in reverse
# | |
# | ββ Count occurrences
# |
# ββ Sort numerically.
top service identifiers
command
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d ' ' -f4- | tr ',' '\n' | \
sed -e 's/^[ \t]*//' | awk -F '/' '{print $7}' | grep -v "^$" | sort | uniq -c \
| sort -k 1 -nr
output
2 Caddy
2 1-3 (RPC 100005)
1 dnsmasq 2.76
1 Redis key-value store
1 OpenSSH 6.9 (protocol 2.0)
1 MySQL 5.5.5-10.1.14-MariaDB
1 CUPS 2.1
top service names
command
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d ' ' -f4- | tr ',' '\n' | \
sed -e 's/^[ \t]*//' | awk -F '/' '{print $5}' | grep -v "^$" | sort | uniq -c \
| sort -k 1 -nr
output
2 mountd
2 http
1 unknown
1 tor-orport?
1 ssl|https
1 ssh
1 redis
1 mysql
1 ipp
1 http-proxy
1 domain
1 cslistener?
hosts and open ports
command
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
sed -n -e 's/Ignored.*//p' | \
awk '{print "Host: " $1 " Ports: " NF-1; $1=""; for(i=2; i<=NF; i++) { a=a" "$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%-8s %s/%-7s %s\n" , v[2], v[3], v[1], v[5]}; a="" }'
output
Host: 127.0.0.1 Ports: 16
open tcp/22 ssh
open tcp/53 domain
open tcp/80 http
open tcp/443 https
open tcp/631 ipp
open tcp/3306 mysql
open tcp/4767 unknown
open tcp/6379
open tcp/8080 http-proxy
open tcp/8081 blackice-icecap
open tcp/9000 cslistener
open tcp/9001 tor-orport
open tcp/49152 unknown
open tcp/49153 unknown
filtered tcp/54695
filtered tcp/58369
banner grab
command
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
awk -F, '{split($1,a," "); split(a[2],b,"/"); print a[1] " " b[1]; for(i=2; i<=NF; i++) { split($i,c,"/"); print a[1] c[1] }}' \
| xargs -L1 nc -v -w1
output
Sample
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif lo0
src 127.0.0.1 port 52224
dst 127.0.0.1 port 3306
rank info not available
TCP aux info available
Connection to 127.0.0.1 port 3306 [tcp/mysql] succeeded!
Y
5.5.5-10.1.14-MariaDBοΏ½uds9^MIfοΏ½οΏ½!?οΏ½EgVZ>iv7KTD7mysql_native_passwordfound 0 associations
nc: connectx to 127.0.0.1 port 54695 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 58369 (tcp) failed: Connection refused