PDA

View Full Version : Script to customize NMap Scan to import it to doc report



b0nd
05-23-2011, 01:07 PM
Nothing big, just sharing a simple script which I coded per my requirements and is quite helpful while creating official reports. It simply saves your time.

Example:

# nmap -vv -n 192.168.96.128 -oN NMap.txt

# cat NMap.txt
# Nmap 5.35DC1 scan initiated Mon May 23 15:23:54 2011 as: nmap -vv -n -oN NMap.txt 192.168.96.128
Nmap scan report for 192.168.96.128
Host is up (0.0018s latency).
Scanned at 2011-05-23 15:23:54 SGT for 1s
Not shown: 997 closed ports

PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:0C:29:4A:FF:79 (VMware)

Not sure about others, but I've to report all the open ports found during scan in report and the reporting format is like:

TCP 135 / msrpc
TCP 139 / netbios-ssn
TCP 445 / microsoft-ds


So if 50 IP's are there to be scanned during some internal PT, I used to die (2 years back) to fetch the information in a table in the report.

So coded the following script 1-2 years back to customize the output per my requirements.


#!/bin/bash

# Details: This program is meant for reporting out the port scan findings of a Penetration Test. If the number of ports found is very high, which generally happens during Internal Penetration Test, this script can be used.

# Usage: (either of them, but not grepable or XML format of NMap output)
# 1) ./PortList.sh NMap_port_scan_file.txt.nmap
# 2) ./PortList.sh NMap_port_scan_file.txt
# 3) ./PortList.sh NMap_port_scan_file
# 4) Must include the "-n" i.e. no reverse lookup parameter during nmap scan

clear
echo -e "\n\n\t ********************** Port List Maker Script *******************"

if [ $# -ne 1 ]
then
echo -e "Pass the NMap output file as input to this script (greable and XML formats not acceptable)"
echo -e "\nUsage : "
echo -e "\t1) ./PortList.sh NMapfile.txt.nmap"
echo -e "\t\t\tor"
echo -e "\t2) ./PortList.sh NMapfile.txt"
echo -e "\t\t\tor"
echo -e "\t3) ./PortList.sh NMapfile\n"
exit
fi
cat $1 | sed 's/Nmap scan report for/Interesting Ports on:/' | awk '/Interesting/ || /open/ { print $1"/"$2"/"$3"/"$4 }' | awk 'BEGIN {FS="/"} {print "TCP " $1" / "$4}' | sed 's/TCP Interesting \//\nInteresting Ports on:/' > ./PortList.txt

echo -e " ********** Done! Check the output file "PortList.txt" in the current directory **********\n"



Now the only thing remains is open up the PortList.txt and copy paste the result to report.

I love bash for being so handy to save our efforts and time.

the_empty
05-23-2011, 03:44 PM
I have written a bash script based on this one only. Difference in functioning is first of all it works on XML reports, you put all the XML reports in one folder, copy the script there, just run the script. It will generate a txt which will contain port list from all the XML reports separated by the name of the report. Its bit hard to explain so I will post the script within some time as it rests in my BT root drive....

ok here is the lame code -




for target in $(ls |grep "xml"); do
echo $target
cat $target |grep "state=\"open\" reason" |cut -d"\"" -f2,4,12| sed 's/"/ \/ /g'
echo " "
done



just save it with some name like porter.sh

copy all the nmap XML reports and this script to a folder

just do

./porter.sh >> port_list.txt

results in the format "" tcp / <port> / <detected service> " separated by report name can be found in the port_list.txt file.

rest is copy paste

Regards,
The_empty

Hackuin
05-23-2011, 04:46 PM
http://img1.imagehousing.com/52/4c8d1d7099a9cc1328076ee82518ddd3.png

And there a huge bug, saw it?

fb1h2s
05-23-2011, 09:40 PM
Oh god I should be really dump , all I could figure out here is the "/" lines misplaced in the output, but then again that is the format b0nd wants in his report. May be I should spend lil more time trying to figure out the issue.

abhaythehero
05-23-2011, 10:42 PM
And there a huge bug, saw it?

UDP ports will also be shown as TCP in the final report.

fb1h2s
05-24-2011, 01:46 AM
Thanks abay, But the input is only considering TCP [i/p file with TCP ports] right, as the output print only has only "TCP" in it ? . Lets wait for hackuin, what he has got to say.

Hackuin
05-24-2011, 02:37 AM
aby, you got the point, but, what if only TCP type of scan is made?
The bug is:
If the port is even filtered? It will just print:


TCP 22 / SSH

abhaythehero
05-24-2011, 02:48 AM
Damn .. !! *Banging my head*
Total googly :o

b0nd
05-24-2011, 07:22 AM
I got confused initially that which script you talked about because mine is free from that particular bug.


cat $1 | sed 's/Nmap scan report for/Interesting Ports on:/' | awk '/Interesting/ || /open/ { print $1"/"$2"/"$3"/"$4 }' | awk 'BEGIN {FS="/"} {print "TCP " $1" / "$4}' | sed 's/TCP Interesting \//\nInteresting Ports on:/' > ./PortList.txt

Not just the formatting is required but every result should be under proper heading (IP Address) so that result can be easily copy-pasted without getting confused:

Interesting Ports on: 192.168.96.128
TCP 135 / msrpc
TCP 139 / netbios-ssn
TCP 445 / microsoft-ds

Interesting Ports on: 192.168.96.130
TCP 23 / telnet
TCP 139 / netbios-ssn
TCP 445 / microsoft-ds

Rgds

the_empty
05-24-2011, 09:27 AM
@B0nd,

are you still working on the advance report automation we discussed about

neo
05-25-2011, 03:01 PM
@Bond
Try the Python Lib for nmap for better handling of nmap in automation.
You can do scanning, get results as a object and process it further.