View Full Version : Script to customize NMap Scan to import it to doc report

05-23-2011, 01:07 PM
Nothing big, just sharing a simple script which I coded per my requirements and is quite helpful while creating official reports. It simply saves your time.


# nmap -vv -n -oN NMap.txt

# cat NMap.txt
# Nmap 5.35DC1 scan initiated Mon May 23 15:23:54 2011 as: nmap -vv -n -oN NMap.txt
Nmap scan report for
Host is up (0.0018s latency).
Scanned at 2011-05-23 15:23:54 SGT for 1s
Not shown: 997 closed ports

135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:0C:29:4A:FF:79 (VMware)

Not sure about others, but I've to report all the open ports found during scan in report and the reporting format is like:

TCP 135 / msrpc
TCP 139 / netbios-ssn
TCP 445 / microsoft-ds

So if 50 IP's are there to be scanned during some internal PT, I used to die (2 years back) to fetch the information in a table in the report.

So coded the following script 1-2 years back to customize the output per my requirements.


# Details: This program is meant for reporting out the port scan findings of a Penetration Test. If the number of ports found is very high, which generally happens during Internal Penetration Test, this script can be used.

# Usage: (either of them, but not grepable or XML format of NMap output)
# 1) ./PortList.sh NMap_port_scan_file.txt.nmap
# 2) ./PortList.sh NMap_port_scan_file.txt
# 3) ./PortList.sh NMap_port_scan_file
# 4) Must include the "-n" i.e. no reverse lookup parameter during nmap scan

echo -e "\n\n\t ********************** Port List Maker Script *******************"

if [ $# -ne 1 ]
echo -e "Pass the NMap output file as input to this script (greable and XML formats not acceptable)"
echo -e "\nUsage : "
echo -e "\t1) ./PortList.sh NMapfile.txt.nmap"
echo -e "\t\t\tor"
echo -e "\t2) ./PortList.sh NMapfile.txt"
echo -e "\t\t\tor"
echo -e "\t3) ./PortList.sh NMapfile\n"
cat $1 | sed 's/Nmap scan report for/Interesting Ports on:/' | awk '/Interesting/ || /open/ { print $1"/"$2"/"$3"/"$4 }' | awk 'BEGIN {FS="/"} {print "TCP " $1" / "$4}' | sed 's/TCP Interesting \//\nInteresting Ports on:/' > ./PortList.txt

echo -e " ********** Done! Check the output file "PortList.txt" in the current directory **********\n"

Now the only thing remains is open up the PortList.txt and copy paste the result to report.

I love bash for being so handy to save our efforts and time.

05-23-2011, 03:44 PM
I have written a bash script based on this one only. Difference in functioning is first of all it works on XML reports, you put all the XML reports in one folder, copy the script there, just run the script. It will generate a txt which will contain port list from all the XML reports separated by the name of the report. Its bit hard to explain so I will post the script within some time as it rests in my BT root drive....

ok here is the lame code -

for target in $(ls |grep "xml"); do
echo $target
cat $target |grep "state=\"open\" reason" |cut -d"\"" -f2,4,12| sed 's/"/ \/ /g'
echo " "

just save it with some name like porter.sh

copy all the nmap XML reports and this script to a folder

just do

./porter.sh >> port_list.txt

results in the format "" tcp / <port> / <detected service> " separated by report name can be found in the port_list.txt file.

rest is copy paste


05-23-2011, 04:46 PM

And there a huge bug, saw it?

05-23-2011, 09:40 PM
Oh god I should be really dump , all I could figure out here is the "/" lines misplaced in the output, but then again that is the format b0nd wants in his report. May be I should spend lil more time trying to figure out the issue.

05-23-2011, 10:42 PM
And there a huge bug, saw it?

UDP ports will also be shown as TCP in the final report.

05-24-2011, 01:46 AM
Thanks abay, But the input is only considering TCP [i/p file with TCP ports] right, as the output print only has only "TCP" in it ? . Lets wait for hackuin, what he has got to say.

05-24-2011, 02:37 AM
aby, you got the point, but, what if only TCP type of scan is made?
The bug is:
If the port is even filtered? It will just print:

TCP 22 / SSH

05-24-2011, 02:48 AM
Damn .. !! *Banging my head*
Total googly :o

05-24-2011, 07:22 AM
I got confused initially that which script you talked about because mine is free from that particular bug.

cat $1 | sed 's/Nmap scan report for/Interesting Ports on:/' | awk '/Interesting/ || /open/ { print $1"/"$2"/"$3"/"$4 }' | awk 'BEGIN {FS="/"} {print "TCP " $1" / "$4}' | sed 's/TCP Interesting \//\nInteresting Ports on:/' > ./PortList.txt

Not just the formatting is required but every result should be under proper heading (IP Address) so that result can be easily copy-pasted without getting confused:

Interesting Ports on:
TCP 135 / msrpc
TCP 139 / netbios-ssn
TCP 445 / microsoft-ds

Interesting Ports on:
TCP 23 / telnet
TCP 139 / netbios-ssn
TCP 445 / microsoft-ds


05-24-2011, 09:27 AM

are you still working on the advance report automation we discussed about

05-25-2011, 03:01 PM
Try the Python Lib for nmap for better handling of nmap in automation.
You can do scanning, get results as a object and process it further.