• Stars
    star
    381
  • Rank 112,502 (Top 3 %)
  • Language
    Python
  • License
    GNU Lesser Genera...
  • Created about 12 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A simple python script to convert Nmap output to CSV

NmaptoCSV

Description

A simple python script to convert Nmap output to CSV

Features

  • Support of Nmap version 5, 6, 7 normal format output (default format, -oN option)
  • Support of Nmap any version Grepable format output (-oG option) and XML (-oX)
  • Parsing main information : IP, FQDN, rDNS, MAC address and vendor, open ports, tcp/udp protocols, listening services and versions, OS, Number of hops to the target, and script output
  • Custom output format following the main items

Usage

Pass the Nmap output via stdin or from a specified file (-i).
The processed dump can be collected at stdout or to a specified file (-o).

Options

usage: nmaptocsv [-h] [-i INPUT] [-x XML_INPUT] [-o OUTPUT] [-f FORMAT] [-S]
                 [-d DELIMITER] [-n] [-s]

optional arguments:
  -h, --help            show this help message and exit

Mandatory parameters:
  -i INPUT, --input INPUT
                        Nmap scan output file in normal (-oN) or Grepable
                        (-oG) format (stdin if not specified)
  -x XML_INPUT, --xml-input XML_INPUT
                        Nmap scan output file in XML (-oX) format

Output parameters:
  -o OUTPUT, --output OUTPUT
                        CSV output filename (stdout if not specified)
  -f FORMAT, --format FORMAT
                        CSV column format { fqdn, rdns, hop_number, ip,
                        mac_address, mac_vendor, port, protocol, os, script,
                        service, version } (default: ip-fqdn-port-protocol-
                        service-version)
  -S, --script          Adds the script column in output, alias for -f "ip-
                        fqdn-port-protocol-service-version-script"
  -d DELIMITER, --delimiter DELIMITER
                        CSV output delimiter (default ";"). Ex: -d ","
  -n, --no-newline      Do not insert a newline between each host. By default,
                        a newline is added for better readability
  -s, --skip-header     Do not print the CSV header

Nmap Normal format (default output format -oN)

$ python nmaptocsv.py -i test.nmap -f ip-fqdn-port-protocol-service-version-os
IP;FQDN;PORT;PROTOCOL;SERVICE;VERSION;OS
192.168.1.2;Test.lan;135;tcp;msrpc;Microsoft Windows RPC;Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
192.168.1.2;Test.lan;139;tcp;netbios-ssn;;Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
192.168.1.2;Test.lan;445;tcp;netbios-ssn;;Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
192.168.1.2;Test.lan;5357;tcp;http;Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP);Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)


$ python nmaptocsv.py -i test.nmap -f ip-fqdn-port-protocol-service-version -d ',' | csvlook
|--------------+----------+------+----------+-------------+------------------------------------------|
|  IP          | FQDN     | PORT | PROTOCOL | SERVICE     | VERSION                                  |
|--------------+----------+------+----------+-------------+------------------------------------------|
|  192.168.1.2 | Test.lan | 135  | tcp      | msrpc       | Microsoft Windows RPC                    |
|  192.168.1.2 | Test.lan | 139  | tcp      | netbios-ssn |                                          |
|  192.168.1.2 | Test.lan | 445  | tcp      | netbios-ssn |                                          |
|  192.168.1.2 | Test.lan | 5357 | tcp      | http        | Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)  |
|  |
|--------------+----------+------+----------+-------------+------------------------------------------|

$ nmap -sV -p- localhost -oN - | python nmaptocsv.py 
IP;FQDN;PORT;PROTOCOL;SERVICE;VERSION
127.0.0.1;localhost;22;tcp;ssh;OpenSSH 7.6p1 Debian 2 (protocol 2.0)
127.0.0.1;localhost;80;tcp;http;Apache httpd 2.4.29 ((Debian))
127.0.0.1;localhost;5432;tcp;postgresql;PostgreSQL DB 9.5.4
127.0.0.1;localhost;5433;tcp;postgresql;PostgreSQL DB 9.6.0 or later
127.0.0.1;localhost;5434;tcp;postgresql;PostgreSQL DB 9.6.0 or later

Nmap Grepable format (-oG)

$ cat scan.gnmap
# Nmap 6.01 scan initiated Thu Nov 22 11:28:15 2012 as: nmap -p- -sV -oA scan 10.0.0.0/24 
Host: 10.0.0.1 (test1.local)	Status: Up
Host: 10.0.0.1 (test1.local)	Ports: 23/open/tcp//telnet//Cisco router telnetd/	Ignored State: closed (65534)
Host: 10.0.0.2 (test2.local)	Status: Up
Host: 10.0.0.2 (test2.local)	Ports: 23/open/tcp//telnet//Cisco router telnetd/	Ignored State: closed (65534)
Host: 10.0.0.3 (test3.local)	Status: Up
Host: 10.0.0.3 (test3.local)	Ports: 23/open/tcp//telnet//Cisco router telnetd/	Ignored State: closed (65534)
Host: 10.0.0.50 (test50.local)	Status: Up
Host: 10.0.0.50 (test50.local)	Ports: 22/open/tcp//ssh//OpenSSH 3.8.1p1 Debian 8.sarge.6 (protocol 2.0)/, 80/open/tcp//http//Apache httpd 1.3.33 ((Debian GNU|Linux) PHP|4.3.10-19)/, 111/open/tcp//rpcbind (rpcbind V2)/(rpcbind:100000*2-2)/2 (rpc #100000)/, 113/open/tcp//ident///, 684/open/tcp//status (status V1)/(status:100024*1-1)/1 (rpc #100024)/, 5432/open/tcp//postgresql//PostgreSQL DB (French)/	Ignored State: closed (65529)
Host: 10.0.0.100 (test100.local)	Status: Up
Host: 10.0.0.100 (test100.local)	Ports: 80/closed/tcp//http///, 5432/open/tcp//postgresql//PostgreSQL DB (French)/, 19999/filtered/tcp/////	Ignored State: closed (65532)

$ python nmaptocsv.py -i scan.gnmap -f ip-fqdn
IP;FQDN
10.0.0.1;test1.local

10.0.0.2;test2.local

10.0.0.3;test3.local

10.0.0.50;test50.local

10.0.0.100;test100.local


$ cat scan.gnmap | python nmaptocsv.py 
IP;FQDN;PORT;PROTOCOL;SERVICE;VERSION
10.0.0.1;test1.local;23;tcp;telnet;Cisco router telnetd

10.0.0.2;test2.local;23;tcp;telnet;Cisco router telnetd

10.0.0.3;test3.local;23;tcp;telnet;Cisco router telnetd

10.0.0.50;test50.local;22;tcp;ssh;OpenSSH 3.8.1p1 Debian 8.sarge.6 (protocol 2.0)
10.0.0.50;test50.local;80;tcp;http;Apache httpd 1.3.33 ((Debian GNU|Linux) PHP|4.3.10-19)
10.0.0.50;test50.local;111;tcp;rpcbind (rpcbind V2);(rpcbind:100000*2-2)/2 (rpc #100000)
10.0.0.50;test50.local;113;tcp;ident;
10.0.0.50;test50.local;684;tcp;status (status V1);(status:100024*1-1)/1 (rpc #100024)
10.0.0.50;test50.local;5432;tcp;postgresql;PostgreSQL DB (French)

10.0.0.100;test100.local;5432;tcp;postgresql;PostgreSQL DB (French)

Dependencies and installation

  • A Python interpreter with version 2.7 or 3.X
    • Python 2.6 works with .nmap and .gnmap files but not with .xml ones
  • The easiest way to setup everything: pip install nmaptocsv and then directly use $ nmaptocsv
    • Or git clone that repository and pip install -r requirements.txt and then python nmaptocsv.py

Changelog

  • version 1.6 - 06/13/2019: Python 3 support
  • version 1.5 - 09/30/2018: few bugs fixed in XML parsing + script alias format added
  • version 1.4 - 08/16/2018: few bugs fixed + XML parsing implementation
  • version 1.3 - 08/13/2018: fixing the README layout on PyPI
  • version 1.2 - 01/07/2018: script output parsing addition
  • version 1.1 - 01/07/2018: Cleaning the code, fixing some parsing bugs, delimiter option addition and made newline default
  • version 1.0 - from 2012 to 2013

Copyright and license

Nmaptocsv is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Nmaptocsv is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with nmaptocsv. If not, see http://www.gnu.org/licenses/.

Contact

  • Thomas Debize < tdebize at mail d0t com >

More Repositories

1

thc-hydra-windows

The great THC-HYDRA tool compiled for Windows
Shell
922
star
2

impacket-examples-windows

The great impacket example scripts compiled for Windows
898
star
3

webscreenshot

A simple script to screenshot a list of websites
Python
653
star
4

androwarn

Yet another static code analyzer for malicious Android applications
HTML
473
star
5

CrackMapExecWin

The great CrackMapExec tool compiled for Windows
PowerShell
247
star
6

fgpoliciestocsv

A simple script to extract policies from a FortiGate configuration file to CSV
Python
137
star
7

sqldeveloperpassworddecryptor

A simple script to decrypt stored passwords from the Oracle SQL Developer IDE
Python
104
star
8

jnianalyzer

A simple tool to help finding JNI calls in a x86/ARM disassembly listing
Python
80
star
9

weblogicpassworddecryptor

A simple script to decrypt stored passwords from Oracle WebLogic Server configuration files
30
star
10

mimicertz

A minimal safe version of mimikatz to only allow the export of non-exportable Windows certificates
C
25
star
11

patator-windows

The great patator tool compiled for Windows
24
star
12

tgcd-windows

The great TCP Gender Changer (tgcd) tool compiled for Windows
14
star
13

rclonedeobscure

A simple script to decrypt obscured/encrypted passwords from rclone
Python
14
star
14

openocd-windows-buspirate

The great opencd tool compiled for Windows with Bus Pirate support
13
star
15

tibcopasswordrevealer

A simple script to decrypt mangled and obfuscated passwords from Tibco EMS
Python
12
star
16

dnsdumps

Various DNS dumps (daily new domains, FQDNs, etc.)
Python
11
star
17

proxy-selector-firefox-addon

The latest Proxy Selector addon file for Firefox
9
star
18

thc-amap-windows

The great THC-AMAP tool compiled for Windows
9
star
19

GhostPack-compiled

The great GhostPack tools compiled
6
star
20

ikat-on-kali-v2

A simple tutorial to enable iKAT Desktop on Kali v2
6
star
21

third-parties-version-history

A collection of version history for common third-party tools
Python
5
star
22

misc_hookons_avec_javasnoop

Java
5
star
23

jdwp-shellifier-windows

The great jdwp-shellifier tool compiled for Windows
5
star
24

adecadeofinfosectools

Code, details and output datasets of the study
5
star
25

GPartedPlusPlus

GParted++ (GPartedPlusPlus) is the original GParted Live image with several additions
4
star
26

red.flag.domains-publications

https://red.flag.domains publications enriched
Python
4
star
27

dotfiles

My personal dotfiles and scripts
Vim Script
4
star
28

mobilenetworkip

IP addresses of various mobile networks
Shell
3
star
29

some_termux_packages_history

Archive of old versions of some Termux packages
3
star
30

webtorrent-checker-scraper

A simple script to scrape results of WebTorrent Checker (https://checker.openwebtorrent.com)
Python
1
star
31

zmapproject_binaries

All the great tools from the ZMap Project in compiled versions
Roff
1
star
32

geoipbulk

A simple python script to retrieve some useful information such as location and occurence number for a provided IP list
1
star
33

kalicustom

Some customized Kali builds (VMDK, ISO)
Shell
1
star