Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Script to customize NMap Scan to import it to doc report Share/Save - My123World.Com!

  1. #1
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744

    Script to customize NMap Scan to import it to doc report

    Nothing big, just sharing a simple script which I coded per my requirements and is quite helpful while creating official reports. It simply saves your time.

    Example:
    # nmap -vv -n 192.168.96.128 -oN NMap.txt

    # cat NMap.txt
    # Nmap 5.35DC1 scan initiated Mon May 23 15:23:54 2011 as: nmap -vv -n -oN NMap.txt 192.168.96.128
    Nmap scan report for 192.168.96.128
    Host is up (0.0018s latency).
    Scanned at 2011-05-23 15:23:54 SGT for 1s
    Not shown: 997 closed ports

    PORT STATE SERVICE
    135/tcp open msrpc
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    MAC Address: 00:0C:29:4A:FF:79 (VMware)
    Not sure about others, but I've to report all the open ports found during scan in report and the reporting format is like:
    TCP 135 / msrpc
    TCP 139 / netbios-ssn
    TCP 445 / microsoft-ds
    So if 50 IP's are there to be scanned during some internal PT, I used to die (2 years back) to fetch the information in a table in the report.

    So coded the following script 1-2 years back to customize the output per my requirements.

    #!/bin/bash

    # Details: This program is meant for reporting out the port scan findings of a Penetration Test. If the number of ports found is very high, which generally happens during Internal Penetration Test, this script can be used.

    # Usage: (either of them, but not grepable or XML format of NMap output)
    # 1) ./PortList.sh NMap_port_scan_file.txt.nmap
    # 2) ./PortList.sh NMap_port_scan_file.txt
    # 3) ./PortList.sh NMap_port_scan_file
    # 4) Must include the "-n" i.e. no reverse lookup parameter during nmap scan

    clear
    echo -e "\n\n\t ********************** Port List Maker Script *******************"

    if [ $# -ne 1 ]
    then
    echo -e "Pass the NMap output file as input to this script (greable and XML formats not acceptable)"
    echo -e "\nUsage : "
    echo -e "\t1) ./PortList.sh NMapfile.txt.nmap"
    echo -e "\t\t\tor"
    echo -e "\t2) ./PortList.sh NMapfile.txt"
    echo -e "\t\t\tor"
    echo -e "\t3) ./PortList.sh NMapfile\n"
    exit
    fi
    cat $1 | sed 's/Nmap scan report for/Interesting Ports on:/' | awk '/Interesting/ || /open/ { print $1"/"$2"/"$3"/"$4 }' | awk 'BEGIN {FS="/"} {print "TCP " $1" / "$4}' | sed 's/TCP Interesting \//\nInteresting Ports on:/' > ./PortList.txt

    echo -e " ********** Done! Check the output file "PortList.txt" in the current directory **********\n"
    Now the only thing remains is open up the PortList.txt and copy paste the result to report.

    I love bash for being so handy to save our efforts and time.
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  2. #2
    InfoSec Consultant the_empty's Avatar
    Join Date
    Jul 2010
    Location
    the blue no-where
    Posts
    155
    Blog Entries
    2
    I have written a bash script based on this one only. Difference in functioning is first of all it works on XML reports, you put all the XML reports in one folder, copy the script there, just run the script. It will generate a txt which will contain port list from all the XML reports separated by the name of the report. Its bit hard to explain so I will post the script within some time as it rests in my BT root drive....

    ok here is the lame code -


    for target in $(ls |grep "xml"); do
    echo $target
    cat $target |grep "state=\"open\" reason" |cut -d"\"" -f2,4,12| sed 's/"/ \/ /g'
    echo " "
    done
    just save it with some name like porter.sh

    copy all the nmap XML reports and this script to a folder

    just do

    ./porter.sh >> port_list.txt

    results in the format "" tcp / <port> / <detected service> " separated by report name can be found in the port_list.txt file.

    rest is copy paste

    Regards,
    The_empty
    Last edited by the_empty; 05-23-2011 at 04:38 PM.
    ACCESS is GOD

  3. #3
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104


    And there a huge bug, saw it?

  4. #4
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Oh god I should be really dump , all I could figure out here is the "/" lines misplaced in the output, but then again that is the format b0nd wants in his report. May be I should spend lil more time trying to figure out the issue.
    Hacking Is a Matter of Time Knowledge and Patience

  5. #5
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    Quote Originally Posted by Hackuin View Post
    And there a huge bug, saw it?
    UDP ports will also be shown as TCP in the final report.
    In the world of 0s and 1s, are you a zero or The One !

  6. #6
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Thanks abay, But the input is only considering TCP [i/p file with TCP ports] right, as the output print only has only "TCP" in it ? . Lets wait for hackuin, what he has got to say.
    Hacking Is a Matter of Time Knowledge and Patience

  7. #7
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    aby, you got the point, but, what if only TCP type of scan is made?
    The bug is:
    If the port is even filtered? It will just print:
    Code:
    TCP 22 / SSH

  8. #8
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    Damn .. !! *Banging my head*
    Total googly
    In the world of 0s and 1s, are you a zero or The One !

  9. #9
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    I got confused initially that which script you talked about because mine is free from that particular bug.

    cat $1 | sed 's/Nmap scan report for/Interesting Ports on:/' | awk '/Interesting/ || /open/ { print $1"/"$2"/"$3"/"$4 }' | awk 'BEGIN {FS="/"} {print "TCP " $1" / "$4}' | sed 's/TCP Interesting \//\nInteresting Ports on:/' > ./PortList.txt
    Not just the formatting is required but every result should be under proper heading (IP Address) so that result can be easily copy-pasted without getting confused:
    Interesting Ports on: 192.168.96.128
    TCP 135 / msrpc
    TCP 139 / netbios-ssn
    TCP 445 / microsoft-ds

    Interesting Ports on: 192.168.96.130
    TCP 23 / telnet
    TCP 139 / netbios-ssn
    TCP 445 / microsoft-ds
    Rgds
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  10. #10
    InfoSec Consultant the_empty's Avatar
    Join Date
    Jul 2010
    Location
    the blue no-where
    Posts
    155
    Blog Entries
    2
    @B0nd,

    are you still working on the advance report automation we discussed about
    ACCESS is GOD

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •