• Stars
    star
    283
  • Rank 146,066 (Top 3 %)
  • Language
  • Created over 8 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Awesome Nmap Grep

awesome-nmap-grep πŸ’₯

A collection of awesome, grep-like commands for the nmap greppable output (-oG) format. This repository aims to serve as a quick reference to modify the output into readable formats.

All of the below commands assume the output was saved to a file called output.grep. The example command to produce this file as well as the sample outputs was: nmap -v --reason 127.0.0.1 -sV -oG output.grep -p-.

Finally, the NMAP_FILE variable is set to contain output.grep.

commands

count number of open ports

command

NMAP_FILE=output.grep

egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
sed -n -e 's/Ignored.*//p' | \
awk -F, '{split($0,a," "); printf "Host: %-20s Ports Open: %d\n" , a[1], NF}' \
| sort -k 5 -g

output

Host: 127.0.0.1            Ports Open: 16

explained

$ NMAP_FILE=output.grep

$ egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
#        | β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜      |                  |  └─ Select the rest of
#        |        |             |                  |      the fields which
#        |        |             |                  |      will be the open
#        |        |             |                  |      ports.
#        |        |             |                  |
#        |        |             |                  └─ Select the second field
#        |        |             |                      to print which will
#        |        |             |                      be IP Address
#        |        |             |
#        |        |             └─ The file containing the grepable output.
#        |        |
#        |        └─ Ignore lines that start with a # or contain the string
#        |            'Status: Up'
#        |
#        └─ Inverse the pattern match
    sed -n -e 's/Ignored.*//p' | \
#        |  | β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
#        |  |        └─ Remove text from the string 'Ignored' onwards.
#        |  |
#        |  └─ Specify the script to execute.
#        |
#        └─ Be quiet on errors.
    awk -F, '{split($0,a," "); printf "Host: %-20s Ports Open: %d\n" , a[1], NF}' | \
#        |    β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜                β””β”€β”¬β”€β”˜                     β””β”€β”¬β”€β”˜ |
#        |           |                         |  Use the second element β”˜   |
#        |           |                         |   in array a defined by     |
#        |           |                         |   the previous split().     |
#        |           |                         |                             |
#        |           |                         |      The total columns β”€β”€β”€β”€β”€β”˜
#        |           |                         |        extracted.
#        |           |                         |
#        |           |                         └─ Pad the string to 20 spaces.
#        |           |
#        |           └─ Split the item in the first column again by space,
#        |               storing the resultant array into a.
#        |
#        └─ Print a string from a format string
    sort -k 5 -g

print the top 10 ports

command

NMAP_FILE=output.grep

egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f4- | \
sed -n -e 's/Ignored.*//p' | tr ',' '\n' | sed -e 's/^[ \t]*//' | \
sort -n | uniq -c | sort -k 1 -r | head -n 10

output

1 9001/open/tcp//tor-orport?///
1 9000/open/tcp//cslistener?///
1 8080/open/tcp//http-proxy///
1 80/open/tcp//http//Caddy/
1 6379/open/tcp//redis//Redis key-value store/
1 631/open/tcp//ipp//CUPS 2.1/
1 6234/open/tcp/////
1 58377/filtered/tcp/////
1 53/open/tcp//domain//dnsmasq 2.76/
1 49153/open/tcp//mountd//1-3/

explained

$ NMAP_FILE=output.grep

$ egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f4- | \
#        | β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜      |                  └─ Select only the fields
#        |        |             |                      with the port details.
#        |        |             |
#        |        |             └─ The file containing the grepable output.
#        |        |
#        |        └─ Ignore lines that start with a # or contain the string
#        |            'Status: Up'
#        |
#        └─ Inverse the pattern match
    sed -n -e 's/Ignored.*//p' | tr ',' '\n' | sed -e 's/^[ \t]*//' |  \
#        |  | β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜      β””β”¬β”˜ β””β”€β”¬β”˜          β””β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜
#        |  |        |               |    |                 └─ Remove tabs and
#        |  |        |               |    |                      spaces.
#        |  |        |               |    └─ ... with newlines.
#        |  |        |               |
#        |  |        |               └─ Replace commas ...
#        |  |        |
#        |  |        └─ Remove text from the string 'Ignored' onwards.
#        |  |
#        |  └─ Specify the script to execute.
#        |
#        └─ Be quiet on errors.
    sort -n | uniq -c | sort -k 1 -r | head -n 10
#         |         |              |           └─ Print the first 10 lines.
#         |         |              |
#         |         |              └─ Output result in reverse
#         |         |
#         |         └─ Count occurrences
#         |
#         └─ Sort numerically.

top service identifiers

command

NMAP_FILE=output.grep

egrep -v "^#|Status: Up" $NMAP_FILE | cut -d ' ' -f4- | tr ',' '\n' | \
sed -e 's/^[ \t]*//' | awk -F '/' '{print $7}' | grep -v "^$" | sort | uniq -c \
| sort -k 1 -nr

output

2 Caddy
2 1-3 (RPC 100005)
1 dnsmasq 2.76
1 Redis key-value store
1 OpenSSH 6.9 (protocol 2.0)
1 MySQL 5.5.5-10.1.14-MariaDB
1 CUPS 2.1

top service names

command

NMAP_FILE=output.grep

egrep -v "^#|Status: Up" $NMAP_FILE | cut -d ' ' -f4- | tr ',' '\n' | \
sed -e 's/^[ \t]*//' | awk -F '/' '{print $5}' | grep -v "^$" | sort | uniq -c \
| sort -k 1 -nr

output

2 mountd
2 http
1 unknown
1 tor-orport?
1 ssl|https
1 ssh
1 redis
1 mysql
1 ipp
1 http-proxy
1 domain
1 cslistener?

hosts and open ports

command

NMAP_FILE=output.grep

egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
sed -n -e 's/Ignored.*//p'  | \
awk '{print "Host: " $1 " Ports: " NF-1; $1=""; for(i=2; i<=NF; i++) { a=a" "$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%-8s %s/%-7s %s\n" , v[2], v[3], v[1], v[5]}; a="" }'

output

Host: 127.0.0.1 Ports: 16
open     tcp/22    ssh
open     tcp/53    domain
open     tcp/80    http
open     tcp/443   https
open     tcp/631   ipp
open     tcp/3306  mysql
open     tcp/4767  unknown
open     tcp/6379
open     tcp/8080  http-proxy
open     tcp/8081  blackice-icecap
open     tcp/9000  cslistener
open     tcp/9001  tor-orport
open     tcp/49152 unknown
open     tcp/49153 unknown
filtered tcp/54695
filtered tcp/58369

banner grab

command

NMAP_FILE=output.grep

egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
awk -F, '{split($1,a," "); split(a[2],b,"/"); print a[1] " " b[1]; for(i=2; i<=NF; i++) { split($i,c,"/"); print a[1] c[1] }}' \
 | xargs -L1 nc -v -w1

output

Sample

found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
    outif lo0
    src 127.0.0.1 port 52224
    dst 127.0.0.1 port 3306
    rank info not available
    TCP aux info available

Connection to 127.0.0.1 port 3306 [tcp/mysql] succeeded!
Y
5.5.5-10.1.14-MariaDBοΏ½uds9^MIfοΏ½οΏ½!?οΏ½EgVZ>iv7KTD7mysql_native_passwordfound 0 associations

nc: connectx to 127.0.0.1 port 54695 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 58369 (tcp) failed: Connection refused

More Repositories

1

log4jpwn

log4j rce test environment and poc
Python
308
star
2

frida-boot

Frida Boot πŸ‘’- A binary instrumentation workshop, with Frida, for beginners!
CSS
261
star
3

ooktools

πŸ“‘ On-off keying tools for your SD-arrrR
Python
128
star
4

qrxfer

Transfer files from Air gapped machines using QR codes
Python
93
star
5

dnsfilexfer

File transfer via DNS
Python
63
star
6

wordpress-shell

Cheap & Nasty Wordpress Command Execution Shell
PHP
63
star
7

hogar

A pluggable Telegram bot framework
Python
52
star
8

trauth

πŸ”‘ A simple Traefik ForwardAuth server for HTTP Basic SSO
Go
30
star
9

tc2

treafik fronted c2 examples
Shell
25
star
10

dotfiles

βš‘οΈβ€’ files | Batteries included, dotfile configurations
Shell
16
star
11

PHPNessusNG

PHP wrapper functions for interfacing with the Nessus V6.x API
PHP
15
star
12

find-gw

πŸ›°A bash script to check if you have a gateway that could get you somewhere nice.
Shell
14
star
13

public-talks

🎀 A collection of presentation materials for my public talks.
12
star
14

metasploit-modules

Various Metasploit Modules
Ruby
12
star
15

go-observe

🌌 Go-Observe: A command line Mozilla Observatory client written in Go
Go
12
star
16

socat23

πŸ— Socat with SSL v2/3 Support
Shell
11
star
17

py2gource

py2gource
Python
11
star
18

pytel

A Pure Python telegram-cli Interface
Python
10
star
19

history-here

A zsh plugin to quickly isolate shell history recording.
Shell
9
star
20

longurl

A Command line URL Expander
Python
8
star
21

golert

🚨an osquery powered, almost cross platform HIDS
Go
8
star
22

php-nessus-api

PHP wrapper functions for the Nessus API
PHP
8
star
23

nutstat

πŸ”Œ a Network UPS Tools (NUT) to InfluxDB exporter, written in Go
Go
6
star
24

weblick

A Web Information Gathering Tool
Python
6
star
25

filesmudge

a silly file 'smudger'
Python
5
star
26

KaliDocker

Kali Docker Image
5
star
27

tli

Twitter (command) Line Interface
Python
4
star
28

PHP-ShockPot

Poor Man's Shellshock Honeypot
PHP
3
star
29

godoh-clients

various godoh client experiments
C
3
star
30

php-gitlab-jabberhook

A small library to parse Gitlab Webhooks and notify via XMPP
PHP
3
star
31

elk-docker

ELK stack in Docker, with documentation issues fixed.
Shell
3
star
32

adventofcode

adventofcode
Python
2
star
33

codeql-vuln-blog

Intentionally Vulnerable Blog Web Application
Python
2
star
34

not-infosec-twitter

Not Infosec Twitter
2
star
35

leonjza.github.io

πŸ±β€πŸ‘€ A checkbox Uncheckers' Notepad
Shell
2
star
36

minigrep

πŸ¦€ Rust Documentation Walkthrough - minigrep
Rust
1
star
37

dockerfiles

πŸ€– A collection of dockerfiles
Shell
1
star
38

docker-elk

docker-elk repo, using the https://github.com/deviantony/docker-elk template
Dockerfile
1
star
39

flick-check

The Flick II Vulnerable VM Android Application
Java
1
star
40

composer-shell

A silly reverse shell invoked via the Composer Dependency Manager
PHP
1
star
41

codeql-uboot

CodeQL
1
star
42

leonjza-octopress.github.io

A checkbox Uncheckers' Notepad
HTML
1
star
43

hasher

Hasherβ„’ is a completely client side password generator.
CSS
1
star
44

cvestream

a small utility to dump NVD information
Python
1
star
45

eskom-loadshedding-status

Eskom LoadShedding Status Bot
Python
1
star