As an auditor I liked to quickly analyze my Nmap scan results by parsing the XML output produced and loading it into my favorite spreadsheet application.
From there I could sort by host, port, service, or operating system for analysis. The parsed results are a lot easier to add to reports and workpapers. Just remember to keep the original Nmap results.
I’ve developed a LAMP framework to parse and load Nmap results into a database for reporting and analysis. However if you are just looking to quickly parse the results of individual scans I’ve got a Perl script for you!
First a quick blurb on getting installing Perl and and Nmap-Parser module.
Windows
Download ActivePerl from the Active State website: https://www.activestate.com/activeperl/downloads/
Once ActivePerl is installed you will need to install the Nmap Parser written by Anthony Persaud.
From the Command Prompt enter the following command:
C:\>ppm install nmap-parser
Downloading Nmap-Parser-1.19...done
Downloading XML-Twig-3.32...done
Unpacking Nmap-Parser-1.19...done
Unpacking XML-Twig-3.32...done
Generating HTML for Nmap-Parser-1.19...done
Generating HTML for XML-Twig-3.32...done
Updating files in site area...done
21 files installed
Linux
For Ubuntu/Debian you can install the package.
#apt-get install libnmap-parser-perl
For every Linux distro you can install the package via CPAN.
#perl -MCPAN -e 'install Nmap::Parser'
Copy the following Perl code below and save it as nmap_parse.pl.
#!/usr/bin/perl
use Nmap::Parser;
my $np = new Nmap::Parser;
my $infile = @ARGV[0];
$np->parsefile($infile);
#GETTING SCAN INFORMATION
print "Scan Information:\n";
my $si = $np->get_session();
print
'Number of services scanned: '.$si->numservices()."\n",
'Start Time: '.$si->start_str()."\n",
'Finish Time: '.$si->time_str()."\n",
'Scan Arguments: '.$si->scan_args()."\n";
print "Host Name,Ip Address,MAC Address,OS Name,OS Family,OS Generation,OS Accuracy,Port,Service Name,Service Product,Service Version,Service Confidence\n";
for my $host ($np->all_hosts()){
for my $port ($host->tcp_ports()){
my $service = $host->tcp_service($port);
my $os = $host->os_sig;
print $host->hostname().",".$host->ipv4_addr().",".$host->mac_addr().",".$os->name.",".$os->family.",".$os->osgen().",".$os->name_accuracy().",".$port.",".$service->name.",".$service->product.",".$service->version.",".$service->confidence()."\n";
}
}
Save the above code and run it from the command line as follows:
C:\>nmap_parse.pl nmap_scan_output.xml >> results.csv
Additional Information
ppm – Perl Package Manager, version 4
http://docs.activestate.com/activeperl/5.10/bin/ppm.html
ActiveState CPAN PPM Repository
http://ppm4.activestate.com/
Nmap Parser
http://search.cpan.org/dist/Nmap-Parser/Parser.pm
3/22/2011: Updated when I noticed WordPress encoded the greater than symbol.
I used the Perl script during my audit work. Thanks, Jozef.
http://www.nmap-parser.org/ it could be useful.
I modified the script, so it’s able to
use warnings, which is recommended.