├── demo.gif ├── nmap-parse-output-xslt ├── host-ports.xslt ├── search-product.xslt ├── blocked-ports.xslt ├── nmap-cmdline.xslt ├── hosts-to-port.xslt ├── http-title.xslt ├── service.xslt ├── all-hosts.xslt ├── host-ports-protocol.xslt ├── banner.xslt ├── reachable.xslt ├── product.xslt ├── hosts.xslt ├── service-names.xslt ├── port-info.xslt ├── ssl-common-name.xslt ├── tls-ports.xslt ├── exclude.xslt ├── show-comments.xslt ├── ports.xslt ├── include.xslt ├── exclude-ports.xslt ├── include-ports.xslt ├── ports-reachable.xslt ├── mark-ports.xslt ├── comment-hosts.xslt ├── http-info.xslt ├── comment-ports.xslt ├── http-ports.xslt ├── group-by-product.xslt ├── group-by-ports.xslt ├── group-by-service.xslt ├── to-json.xslt ├── html-bootstrap.xslt └── html.xslt ├── _nmap-parse-output ├── LICENSE ├── ThirdPartyNotices.md ├── nmap-parse-output └── README.md /demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ernw/nmap-parse-output/HEAD/demo.gif -------------------------------------------------------------------------------- /nmap-parse-output-xslt/host-ports.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts a list of all *open* ports in host:port format. 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | : 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/search-product.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Search in product names (case sensitive). 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | : 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/blocked-ports.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts all ports in host:port format, which either admin-prohibited or tcpwrapped. 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | : 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/nmap-cmdline.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Shows the parameters passed to nmap of the runned scan 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | # 15 | started: 16 | ; version: 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/hosts-to-port.xslt: -------------------------------------------------------------------------------- 1 | 2 | [port] 3 | Extracts a list of all hosts that have the given port open in 'host (hostname)' format. 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | () 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/http-title.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts a list of HTTP HTML titles in the following format: 4 | host:port HTML title 5 | 6 | extract 7 | 8 | 9 | 10 | 11 | 12 | : 13 | 14 | ; 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/service.xslt: -------------------------------------------------------------------------------- 1 | 2 | [service-name] 3 | Extracts a list of all *open* ports with a specific service (e.g. http, ms-wbt-server, smtp) in host:port format. 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | : 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/all-hosts.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Generates a line break separated list of all hosts. Can be used to perform an additional scan on this hosts. 4 | Can be useful to generate a list of IPs for masscan with nmap (masscan has a more limited support for IP lists): 5 | nmap -Pn -n -sL -iL input.lst -oX all-ips.xml; nmap-parse-output all-ips.xml all-hosts 6 | 7 | extract 8 | sort | uniq 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/host-ports-protocol.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts a list of all *open* ports in host:port format and marks the protocol type (tcp, udp) 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | : 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /_nmap-parse-output: -------------------------------------------------------------------------------- 1 | #/usr/bin/env bash 2 | 3 | _nmap-parse-output_completions() 4 | { 5 | local NPO_SCRIPT="$(whereis -b nmap-parse-output | cut -d ' ' -f 2)" 6 | if [ -h "$NPO_SCRIPT" ]; then 7 | local NPO_SCRIPT="$(readlink "$NPO_SCRIPT")" 8 | fi 9 | local NMAP_PARSE_OUTPUT_DIR="$( dirname "$NPO_SCRIPT" )/nmap-parse-output-xslt" 10 | 11 | if [ -n "$ZSH_VERSION" ]; then 12 | # ZSH 13 | local COMP0="${COMP_WORDS[0]}" 14 | local COMP1="${COMP_WORDS[1]}" 15 | elif [ -n "$BASH_VERSION" ]; then 16 | # Bash 17 | local COMP0="${COMP_WORDS[1]}" 18 | local COMP1="${COMP_WORDS[2]}" 19 | else 20 | echo "unsupported shell" 21 | fi 22 | 23 | if [ "${COMP_CWORD}" = "1" ]; then 24 | # nmap output filename 25 | COMPREPLY=($(compgen -f "$COMP0")) 26 | elif [ "${COMP_CWORD}" = "2" ]; then 27 | # command 28 | COMPREPLY=($(compgen -W "$(ls -1 $NMAP_PARSE_OUTPUT_DIR/ | sed 's/\.xslt/ /')" "$COMP1")) 29 | fi 30 | } 31 | 32 | complete -F _nmap-parse-output_completions nmap-parse-output 33 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/banner.xslt: -------------------------------------------------------------------------------- 1 | 2 | [service-name] 3 | Extracts a list of all ports with a specific service (e.g. http, ms-wbt-server, smtp) in host:port format. 4 | Note: This command is intended for the masscan XML output only. 5 | 6 | extract 7 | 8 | 9 | 10 | 11 | 12 | : 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/reachable.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Removes all hosts where all ports a filtered. Can be used to generate a smaller HTML report. 4 | Example usage to generate HTML report: 5 | nmap-parse-output scan.xml reachable | nmap-parse-output - html > scan.html 6 | 7 | manipulate 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/product.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts all detected product names. 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/hosts.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Generates a line break separated list of all hosts with open ports. Can be used to perform an additional scan on this hosts. 4 | 5 | extract 6 | sort | uniq 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/service-names.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts all detected service names (on open ports). 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/port-info.xslt: -------------------------------------------------------------------------------- 1 | 2 | [port] 3 | Extracts a list of extra information about the given port in the following format: 4 | port;service-name;http-server-header;http title 5 | 6 | extract 7 | sort | uniq 8 | 9 | 10 | 11 | 12 | ; 13 | ; 14 | ; 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/ssl-common-name.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts a list of TLS/SSL ports with the commonName and Subject Alternative Name in the following format: 4 | host:port commonName X509v3 Subject Alternative Name 5 | 6 | extract 7 | 8 | 9 | 10 | 11 | 12 | : 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/tls-ports.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts a list of all TLS ports in host:port format. Works only reliable after a script scan. Can be used to do a testssl.sh scan. 4 | Example testssl.sh command (generates a text and HTML report for each host): 5 | for f in `cat ~/ssl-hosts.txt`; do ./testssl.sh --logfile ~/testssl.sh-results/$f.log --htmlfile ~/testssl.sh-results/$f.html $f; done 6 | 7 | extract 8 | 9 | 10 | 11 | 12 | 13 | 14 | : 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/exclude.xslt: -------------------------------------------------------------------------------- 1 | 6 | [hosts] 7 | Excludes a list of hosts from scan result by its IP address. Expects a comma-separated list as input. 8 | You can pipe the output, for instance: 9 | nmap-parse-output scan.xml exclude '192.168.1.1,192.168.1.20' | nmap-parse-output - service-names 10 | 11 | manipulate 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/show-comments.xslt: -------------------------------------------------------------------------------- 1 | 6 | 7 | Shows comments added by the comment-* commands. 8 | 9 | extract 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | : 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/ports.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Generates a comma-separated list of all open ports. Can be used to verify if open ports reachable from another host or generate port lists for specific environments. Closed/filtered ports are not shown in the list. 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | , 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/include.xslt: -------------------------------------------------------------------------------- 1 | 6 | [hosts] 7 | Filter a scan by a list of hosts so that only the specified hosts are in the output. 8 | Filter a list of hosts from scan result by its IP address. Expects a comma-separated list as input. 9 | You can pipe the output, for instance: 10 | nmap-parse-output scan.xml include '192.168.1.1,192.168.1.20' | nmap-parse-output - service-names 11 | 12 | manipulate 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/exclude-ports.xslt: -------------------------------------------------------------------------------- 1 | 6 | [ports] 7 | Excludes a list of ports or ports of a specific host (in address:port format) from a scan result. Expects a comma-separated list as input. 8 | You can pipe the output, for instance: 9 | nmap-parse-output scan.xml exclude '80,443,192.168.0.2:80' | nmap-parse-output - service-names 10 | 11 | manipulate 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/include-ports.xslt: -------------------------------------------------------------------------------- 1 | 6 | [ports] 7 | Filter a scan by a list of ports or ports of a specific host (in address:port format) so that only the specified ports are in the output. Expects a comma-separated list as input. 8 | You can pipe the output, for instance: 9 | nmap-parse-output scan.xml include-ports '80,443,192.168.0.2:8080' | nmap-parse-output - http-title 10 | 11 | manipulate 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/ports-reachable.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Generates a comma-separated list of all reachable ports (open and closed, unfiltered). Can be used to verify if ports reachable from another host or generate port lists for specific environments. 4 | 5 | extract 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | , 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/mark-ports.xslt: -------------------------------------------------------------------------------- 1 | 6 | [ports] [color] 7 | Marks a list of ports or hosts with port (in address:port format) with the given color in scan result. Expects a comma-separated list as input. The comment will be displayed in the HTML report. 8 | Example: 9 | nmap-parse-output scan.xml mark-ports '80,10.0.0.1:8080' red | nmap-parse-output - html > report.html 10 | 11 | manipulate 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/comment-hosts.xslt: -------------------------------------------------------------------------------- 1 | 6 | [hosts] [comment] 7 | Comments a list of hosts in scan result. Expects a comma-separated list as input. The comment will be displayed in the HTML report. 8 | Example: 9 | nmap-parse-output scan.xml comment-hosts '10.0.0.1,192.168.10.1' 'allowed services' | nmap-parse-output - html > report.html 10 | You can comment hosts from another scan, too: 11 | nmap-parse-output scan.xml comment-hosts $(./nmap-parse-output.sh scan-subnet.xml hosts | tr "\n" ",") 'this host was scanned in subnet, too.' 12 | 13 | manipulate 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2018, Sven Nobis 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | * Redistributions of source code must retain the above copyright 7 | notice, this list of conditions and the following disclaimer. 8 | * Redistributions in binary form must reproduce the above copyright 9 | notice, this list of conditions and the following disclaimer in the 10 | documentation and/or other materials provided with the distribution. 11 | * Neither the name of the nor the 12 | names of its contributors may be used to endorse or promote products 13 | derived from this software without specific prior written permission. 14 | 15 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 16 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY 19 | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/http-info.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Extracts a list of extra information about the HTTP ports from a script scan in the following format: 4 | host:port service-name service-tunnel product http-server-header http-title redirect_url 5 | 6 | extract 7 | sort | uniq 8 | 9 | 10 | 11 | 12 | 13 | : 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/comment-ports.xslt: -------------------------------------------------------------------------------- 1 | 6 | [ports] [comment] 7 | Comments a list of ports or hosts with port (in address:port format) in scan result. Expects a comma-separated list as input. The comment will be displayed in the HTML report. 8 | Example: 9 | nmap-parse-output scan.xml comment-ports '80,10.0.0.1:8080' 'allowed services' | nmap-parse-output - html > report.html 10 | You can comment services, too: 11 | nmap-parse-output scan.xml comment-ports $(./nmap-parse-output.sh scan.xml service http | tr "\n" ",") 'this is a http port' 12 | 13 | manipulate 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/http-ports.xslt: -------------------------------------------------------------------------------- 1 | 2 | 3 | Generates a line separated list of all HTTP(s) ports. Script scan output is recommended. 4 | Currently, the following services are detected as HTTP: http, https, http-alt, https-alt, http-proxy, sip, rtsp, soap, vnc-http, caldav (potentially incomplete) and to get a more reliable result all ports which which have output in the http-methods script. 5 | On ports where HTTPs and HTTP is responding, the HTTPs port is preferred. 6 | 7 | extract 8 | 9 | 10 | 11 | 12 | 13 | 14 | https:// 15 | 16 | 17 | http:// 18 | 19 | 20 | 21 | : 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/group-by-product.xslt: -------------------------------------------------------------------------------- 1 | 5 | 6 | Groups open ports by product name and generates a human-readable list in the markdown format. The command ignores ports with empty product name. 7 | 8 | extract 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 23 | 24 | 25 | 27 | - Product 28 | 29 | on: 30 | 31 | 32 | - 33 | 34 | : 35 | 36 | () 37 | ; version: 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/group-by-ports.xslt: -------------------------------------------------------------------------------- 1 | 5 | 6 | Groups hosts by open TCP ports and generates a human-readable list in the markdown format. 7 | 8 | extract 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | , 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 28 | 29 | 30 | 32 | 33 | 34 | - No open TCP ports 35 | 36 | 37 | - Open TCP ports 38 | 39 | 40 | 41 | 42 | on: 43 | 44 | 45 | - () 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/group-by-service.xslt: -------------------------------------------------------------------------------- 1 | 5 | 6 | Groups open ports by service name and generates a human-readable list in the markdown format. 7 | 8 | extract 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 23 | 24 | 25 | 27 | 28 | 29 | - No service detected 30 | 31 | 32 | - Service 33 | 34 | 35 | 36 | 37 | on: 38 | 39 | 40 | - 41 | 42 | : 43 | 44 | () 45 | ; product: 46 | ; version: 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /ThirdPartyNotices.md: -------------------------------------------------------------------------------- 1 | # nmap-parse-output 2 | 3 | ## THIRD-PARTY SOFTWARE NOTICES AND INFORMATION 4 | 5 | This project incorporates components from the projects listed below. The original copyright notices and the licenses under which ERNW received such components are set forth below. 6 | 7 | 1. [Nmap Bootstrap XSL](https://github.com/honze-net/nmap-bootstrap-xsl) 8 | 2. [XSLTJSON Lite v0.2](https://github.com/bramstein/xsltjson) 9 | 3. [nmap.xsl](https://github.com/nmap/nmap) 10 | 11 | ### 1. Nmap Bootstrap XSL 12 | 13 | Used in [command html-bootstrap](nmap-parse-output-xslt/html-bootstrap.xslt) 14 | 15 | https://github.com/honze-net/nmap-bootstrap-xsl 16 | 17 | ``` 18 | Creative Commons BY-SA 19 | Andreas Hontzia (@honze_net) 20 | ``` 21 | ### 2. XSLTJSON Lite v0.2 22 | 23 | Used in [command to-json](nmap-parse-output-xslt/to-json.xslt) 24 | 25 | https://github.com/bramstein/xsltjson/blob/master/conf/xml-to-jsonml.xsl 26 | 27 | ``` 28 | XSLTJSON Lite v0.2 - Transform arbitrary XML to JSONML 29 | 30 | Licensed under the new BSD License. 31 | Copyright 2009, Bram Stein 32 | All rights reserved. 33 | ``` 34 | 35 | ### 3. nmap.xsl 36 | 37 | Used in [command to-json](nmap-parse-output-xslt/html.xslt) 38 | 39 | https://github.com/nmap/nmap/blob/master/docs/nmap.xsl 40 | 41 | ``` 42 | ========================================================================= 43 | nmap.xsl stylesheet version 0.9c 44 | last change: 2010-12-28 45 | Benjamin Erb, http://www.benjamin-erb.de 46 | ============================================================================== 47 | Copyright (c) 2004-2006 Benjamin Erb 48 | All rights reserved. 49 | 50 | Redistribution and use in source and binary forms, with or without 51 | modification, are permitted provided that the following conditions 52 | are met: 53 | 1. Redistributions of source code must retain the above copyright 54 | notice, this list of conditions and the following disclaimer. 55 | 2. Redistributions in binary form must reproduce the above copyright 56 | notice, this list of conditions and the following disclaimer in the 57 | documentation and/or other materials provided with the distribution. 58 | 3. The name of the author may not be used to endorse or promote products 59 | derived from this software without specific prior written permission. 60 | 61 | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 62 | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 63 | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 64 | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 65 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 66 | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 67 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 68 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 69 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 70 | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 71 | ========================================================================== 72 | ``` 73 | -------------------------------------------------------------------------------- /nmap-parse-output: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | NPO_VERSION=1.5.1 3 | 4 | # get script path 5 | SOURCE="${BASH_SOURCE[0]}" 6 | while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink 7 | DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" 8 | SOURCE="$(readlink "$SOURCE")" 9 | [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located 10 | done 11 | SCRIPT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" 12 | 13 | XSLT_DIR=$SCRIPT_DIR/nmap-parse-output-xslt 14 | 15 | # functions (mostly for help) 16 | function xml_node_text() { 17 | xmllint --xpath "//*[local-name()='$2' and namespace-uri()='http://xmlns.sven.to/npo']/text()" $1 2>/dev/null 18 | } 19 | 20 | function print_command_category() { 21 | echo "$1 Commands:" 22 | for fullf in $XSLT_DIR/*.xslt; do 23 | if [ "$(xml_node_text $fullf category)" == "$2" ] 24 | then 25 | f=$(basename $fullf) 26 | echo -e -n " ${f%.*} " 27 | xml_node_text $fullf comment || echo -e "\n\t(No documentation)" 28 | fi 29 | done 30 | echo 31 | } 32 | 33 | function help() { 34 | echo "Usage: $0 [options]... [command-parameters]..." 35 | echo 36 | echo "Converts/manipulates/extracts data from nmap scan XML output." 37 | echo 38 | echo "Options:" 39 | echo -e " -u, --unfinished-scan\t\t\t try to read an unfinished scan output" 40 | echo 41 | print_command_category "Extract Data" "extract" 42 | print_command_category "Manipulate Scan" "manipulate" 43 | print_command_category "Convert Scan" "convert" 44 | print_command_category "Misc" "" 45 | 46 | echo "[v$NPO_VERSION]" 47 | 48 | exit 1 49 | } 50 | 51 | # check if xsltproc is installed 52 | command -v xsltproc >/dev/null 2>&1 || { echo "Please install xsltproc. Aborting." >&2; exit 1; } 53 | 54 | # parse global options 55 | UNFINISHED_SCAN="" 56 | 57 | while [ $# -gt 0 ] 58 | do 59 | CURRENT_PARAM=$1 60 | 61 | case "$1" in 62 | --help|-h) 63 | help 64 | ;; 65 | --unfinished-scan|-u) 66 | UNFINISHED_SCAN="" 67 | ;; 68 | *) 69 | break 70 | esac 71 | 72 | shift 73 | done 74 | 75 | # NMAP_XML_OUTPUT and COMMAND was not provided; print help: 76 | [ $# -lt 2 ] && help 77 | 78 | # check if input is readable 79 | NMAP_XML_OUTPUT=$1 80 | [ -f "$NMAP_XML_OUTPUT" -o "$NMAP_XML_OUTPUT" = "-" ] || { echo "Can't read nmap file: $NMAP_XML_OUTPUT. Aborting." >&2; exit 1; } 81 | 82 | XSLT=$XSLT_DIR/$2.xslt 83 | [ -f $XSLT ] || { echo "Unknown command: $2. Aborting." >&2; exit 1; } 84 | 85 | # read post process command from xslt 86 | POST_PIPE=$(xml_node_text $XSLT post-processor) 87 | if [ -z "$POST_PIPE" ] 88 | then 89 | POST_PIPE="cat - " 90 | else 91 | POST_PIPE="cat - | $POST_PIPE" 92 | fi 93 | 94 | # pass remaining parameters to xslt 95 | EXTRA_PARAMS=() 96 | i=0 97 | shift 98 | shift 99 | while [ $# -gt 0 ] 100 | do 101 | ((i++)) 102 | EXTRA_PARAMS+=(--stringparam "param$i" "$1") 103 | shift 104 | done 105 | 106 | # process command on scan XML output 107 | { cat "$NMAP_XML_OUTPUT"; echo "$UNFINISHED_SCAN"; } | \ 108 | xsltproc "${EXTRA_PARAMS[@]}" "$XSLT" - | \ 109 | bash -c "$POST_PIPE" 110 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/to-json.xslt: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | Converts a nmap scan output to JSON 7 | 8 | convert 9 | 10 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | [ 35 | 36 | 37 | 38 | 39 | 40 | 41 | , 42 | { 43 | 44 | 45 | 46 | , 47 | 48 | 49 | } 50 | 51 | 52 | , 53 | 54 | 55 | 56 | , 57 | 58 | 59 | 60 | ] 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | : 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 1 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | " 128 | 129 | 130 | 131 | " 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/html-bootstrap.xslt: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | Converts the XML output into a fancy HTML report based on Bootstrap. 10 | Note: This HTML report requests JS/CSS libs from CDNs. However, the generated file uses the no-referrer meta tag and subresource integrity to protect the confidentiality. 11 | 12 | convert 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 45 | Scan Report Nmap <xsl:value-of select="/nmaprun/@version"/> 46 | 47 | 48 | 68 |
69 |
70 |

Scan Report
Nmap

71 |
72 |

73 |
74 | hosts scanned. 75 | hosts up. 76 | hosts down. 77 |

78 |
79 |
80 | width:%; 81 | 82 | 83 |
84 |
85 | width:%; 86 | 87 | 88 |
89 |
90 |
91 |

Scanned Hosts (offline hosts are hidden)

92 |
93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 |
StateAddressHostnameTCP (open)UDP (open)
label label-success
label label-success
130 |
131 | 136 |

Online Hosts

137 | 138 |
139 |
140 |

-

141 |
142 |
143 | 144 |

Hostnames

145 |
    146 | 147 |
  • ()
    • 148 |     149 |
150 | 151 |

Ports

152 |
153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 |
PortProtocolState
Reason		ServiceProductVersionExtra Info

180 | https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version= 181 | 182 |
183 |
184 | 185 |



225 |
226 | 227 |

Host Script

228 | 229 | 230 |
231 |
232 | 233 |
234 |
235 | 236 |

Open Services

237 |
238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 |
AddressPortProtocolServiceProductVersionCPEExtra info
-
268 |
269 | 274 |
275 | 284 | 285 | 286 | 287 | 288 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nmap-parse-output 2 | 3 | Converts/manipulates/extracts data from a nmap scan output. 4 | 5 | Needs [xsltproc](http://xmlsoft.org/XSLT/xsltproc.html) as dependency. 6 | 7 | **Demo** 8 | 9 | ![Demo](demo.gif) 10 | 11 | **Table of Contents** 12 | - [nmap-parse-output](#nmap-parse-output) 13 | - [Examples](#examples) 14 | - [Usage](#usage) 15 | - [Changelog](#changelog) 16 | - [Contribute](#contribute) 17 | - [Adding new Commands](#adding-new-commands) 18 | - [Installation](#installation) 19 | - [Bash Completion](#bash-completion) 20 | - [ZSH Completion](#zsh-completion) 21 | - [Distro package](#distro-prackage) 22 | 23 | ## Examples 24 | 25 | Write HTML output to scan.html: 26 | 27 | $ ./nmap-parse-output scan.xml html > scan.html 28 | 29 | Generates a list of all HTTP(s) ports: 30 | 31 | $ ./nmap-parse-output scan.xml http-ports 32 | http://192.168.0.1:8081 33 | https://192.168.0.1:8443 34 | 35 | List all names of detected services and get a list of hosts with the port for the service http-proxy: 36 | 37 | $ ./nmap-parse-output scan.xml service-names 38 | http 39 | https 40 | http-proxy 41 | ms-wbt-server 42 | smtp 43 | $ ./nmap-parse-output scan.xml service http-proxy 44 | 192.168.0.24:8085 45 | 192.168.0.25:9000 46 | 47 | Exclude some hosts from a scan and generate a list of ports: 48 | 49 | $ ./nmap-parse-output scan.xml exclude '192.168.1.1,192.168.1.20' | nmap-parse-output - ports 50 | 22,80,443,8080 51 | 52 | Filter `scan-all.xml` to include only hosts scanned in `scan-subnet.xml` and write the output to `filtered-scan.xml`: 53 | 54 | $ ./nmap-parse-output scan-all.xml include $(./nmap-parse-output.sh scan-subnet.xml hosts | tr "\n" ",") > filtered-scan.xml 55 | 56 | Generate a subreport with results only from the networks 10.0.1.0/24 and 10.80.0.0/24 from `big-scan-result.xml`: 57 | 58 | $ ./nmap-parse-output big-scan-result.xml \ 59 | include $(nmap -Pn -n -sL 10.0.1.0/24 10.80.0.0/24 -oX - | nmap-parse-output - all-hosts | tr "\n" ',') \ 60 | > networks-10.0.1.0-24-and-10.80.0.0-24.xml 61 | 62 | Add comments to a scan, mark specific ports red, and generate a HTML report with the annotations: 63 | 64 | $ ./nmap-parse-output scan.xml comment-ports '8080,10.0.20.4:443' 'this port should be filtered' 65 | | ./nmap-parse-output - mark-ports '8080,10.0.20.4:443' red 66 | | ./nmap-parse-output - comment-hosts '10.0.20.1' 'look further into this host' 67 | | ./nmap-parse-output - html > test.html 68 | 69 | Remove all ports found in `scan-before.xml` from `scan-after.xml` and write the output to `filtered-scan.xml`: 70 | 71 | $ ./nmap-parse-output scan-after.xml exclude-ports $(./nmap-parse-output.sh scan-before.xml host-ports | tr "\n" ",") > filtered-scan.xml 72 | 73 | Group hosts by open TCP ports: 74 | 75 | $ ./nmap-parse-output scan.xml group-by-ports 76 | - Open TCP ports 22,443 on: 77 | - 192.168.1.73 (web.local) 78 | - 192.168.1.74 (web2.local) 79 | - Open TCP ports 8080 on: 80 | - 192.168.1.135 81 | - No open TCP ports on: 82 | - 192.168.1.71 (db.local) 83 | - 192.168.1.81 84 | 85 | Rerun TCP scan for all alive hosts but only scan open ports found in the previous scan: 86 | 87 | $ for host in ./nmap-parse-output scan.xml hosts; do nmap -sSVC -p $(./nmap-parse-output scan.xml include $host | nmap-parse-output - ports) -oA $host.xml -vv -Pn; done 88 | 89 | ## Usage 90 | 91 | Usage: ./nmap-parse-output [options]... [command-parameters]... 92 | 93 | Converts/manipulates/extracts data from nmap scan XML output. 94 | 95 | Options: 96 | -u, --unfinished-scan try to read an unfinished scan output 97 | 98 | Extract Data Commands: 99 | all-hosts 100 | Generates a line break separated list of all hosts. Can be used to perform an additional scan on this hosts. 101 | Can be useful to generate a list of IPs for masscan with nmap (masscan has a more limited support for IP lists): 102 | nmap -Pn -n -sL -iL input.lst -oX all-ips.xml; nmap-parse-output all-ips.xml all-hosts 103 | 104 | banner [service-name] 105 | Extracts a list of all ports with a specific service (e.g. http, ms-wbt-server, smtp) in host:port format. 106 | Note: This command is intended for the masscan XML output only. 107 | 108 | blocked-ports 109 | Extracts all ports in host:port format, which either admin-prohibited or tcpwrapped. 110 | 111 | group-by-ports 112 | Groups hosts by open TCP ports and generates a human-readable list in the markdown format. 113 | 114 | group-by-product 115 | Groups open ports by product name and generates a human-readable list in the markdown format. The command ignores ports with empty product name. 116 | 117 | group-by-service 118 | Groups open ports by service name and generates a human-readable list in the markdown format. 119 | 120 | host-ports-protocol 121 | Extracts a list of all *open* ports in host:port format and marks the protocol type (tcp, udp) 122 | 123 | host-ports 124 | Extracts a list of all *open* ports in host:port format. 125 | 126 | hosts-to-port [port] 127 | Extracts a list of all hosts that have the given port open in 'host (hostname)' format. 128 | 129 | hosts 130 | Generates a line break separated list of all hosts with open ports. Can be used to perform an additional scan on this hosts. 131 | 132 | http-info 133 | Extracts a list of extra information about the HTTP ports from a script scan in the following format: 134 | host:port service-name service-tunnel product http-server-header http-title redirect_url 135 | 136 | http-ports 137 | Generates a line separated list of all HTTP(s) ports. Script scan output is recommended. 138 | Currently, the following services are detected as HTTP: http, https, http-alt, https-alt, http-proxy, sip, rtsp, soap, vnc-http, caldav (potentially incomplete) and to get a more reliable result all ports which which have output in the http-methods script. 139 | On ports where HTTPs and HTTP is responding, the HTTPs port is preferred. 140 | 141 | http-title 142 | Extracts a list of HTTP HTML titles in the following format: 143 | host:port HTML title 144 | 145 | nmap-cmdline 146 | Shows the parameters passed to nmap of the runned scan 147 | 148 | port-info [port] 149 | Extracts a list of extra information about the given port in the following format: 150 | port;service-name;http-server-header;http title 151 | 152 | ports-reachable 153 | Generates a comma-separated list of all reachable ports (open and closed, unfiltered). Can be used to verify if ports reachable from another host or generate port lists for specific environments. 154 | 155 | ports 156 | Generates a comma-separated list of all open ports. Can be used to verify if open ports reachable from another host or generate port lists for specific environments. Closed/filtered ports are not shown in the list. 157 | 158 | product 159 | Extracts all detected product names. 160 | 161 | search-product 162 | Search in product names (case sensitive). 163 | 164 | service-names 165 | Extracts all detected service names (on open ports). 166 | 167 | service [service-name] 168 | Extracts a list of all *open* ports with a specific service (e.g. http, ms-wbt-server, smtp) in host:port format. 169 | 170 | show-comments 171 | Shows comments added by the comment-* commands. 172 | 173 | ssl-common-name 174 | Extracts a list of TLS/SSL ports with the commonName and Subject Alternative Name in the following format: 175 | host:port commonName X509v3 Subject Alternative Name 176 | 177 | tls-ports 178 | Extracts a list of all TLS ports in host:port format. Works only reliable after a script scan. Can be used to do a testssl.sh scan. 179 | Example testssl.sh command (generates a text and HTML report for each host): 180 | for f in `cat ~/ssl-hosts.txt`; do ./testssl.sh --logfile ~/testssl.sh-results/$f.log --htmlfile ~/testssl.sh-results/$f.html $f; done 181 | 182 | 183 | Manipulate Scan Commands: 184 | comment-hosts [hosts] [comment] 185 | Comments a list of hosts in scan result. Expects a comma-separated list as input. The comment will be displayed in the HTML report. 186 | Example: 187 | nmap-parse-output scan.xml comment-hosts '10.0.0.1,192.168.10.1' 'allowed services' | nmap-parse-output - html > report.html 188 | You can comment hosts from another scan, too: 189 | nmap-parse-output scan.xml comment-hosts $(./nmap-parse-output.sh scan-subnet.xml hosts | tr "\n" ",") 'this host was scanned in subnet, too.' 190 | 191 | comment-ports [ports] [comment] 192 | Comments a list of ports or hosts with port (in address:port format) in scan result. Expects a comma-separated list as input. The comment will be displayed in the HTML report. 193 | Example: 194 | nmap-parse-output scan.xml comment-ports '80,10.0.0.1:8080' 'allowed services' | nmap-parse-output - html > report.html 195 | You can comment services, too: 196 | nmap-parse-output scan.xml comment-ports $(./nmap-parse-output.sh scan.xml service http | tr "\n" ",") 'this is a http port' 197 | 198 | exclude-ports [ports] 199 | Excludes a list of ports or ports of a specific host (in address:port format) from a scan result. Expects a comma-separated list as input. 200 | You can pipe the output, for instance: 201 | nmap-parse-output scan.xml exclude '80,443,192.168.0.2:80' | nmap-parse-output - service-names 202 | 203 | exclude [hosts] 204 | Excludes a list of hosts from scan result by its IP address. Expects a comma-separated list as input. 205 | You can pipe the output, for instance: 206 | nmap-parse-output scan.xml exclude '192.168.1.1,192.168.1.20' | nmap-parse-output - service-names 207 | 208 | include-ports [ports] 209 | Filter a scan by a list of ports or ports of a specific host (in address:port format) so that only the specified ports are in the output. Expects a comma-separated list as input. 210 | You can pipe the output, for instance: 211 | nmap-parse-output scan.xml include-ports '80,443,192.168.0.2:8080' | nmap-parse-output - http-title 212 | 213 | include [hosts] 214 | Filter a scan by a list of hosts so that only the specified hosts are in the output. 215 | Filter a list of hosts from scan result by its IP address. Expects a comma-separated list as input. 216 | You can pipe the output, for instance: 217 | nmap-parse-output scan.xml include '192.168.1.1,192.168.1.20' | nmap-parse-output - service-names 218 | 219 | mark-ports [ports] [color] 220 | Marks a list of ports or hosts with port (in address:port format) with the given color in scan result. Expects a comma-separated list as input. The comment will be displayed in the HTML report. 221 | Example: 222 | nmap-parse-output scan.xml mark-ports '80,10.0.0.1:8080' red | nmap-parse-output - html > report.html 223 | 224 | reachable 225 | Removes all hosts where all ports a filtered. Can be used to generate a smaller HTML report. 226 | Example usage to generate HTML report: 227 | nmap-parse-output scan.xml reachable | nmap-parse-output - html > scan.html 228 | 229 | 230 | Convert Scan Commands: 231 | html-bootstrap 232 | Converts the XML output into a fancy HTML report based on Bootstrap. 233 | Note: This HTML report requests JS/CSS libs from CDNs. However, the generated file uses the no-referrer meta tag and subresource integrity to protect the confidentiality. 234 | 235 | html 236 | Converts a XML output into a HTML report 237 | 238 | to-json 239 | Converts a nmap scan output to JSON 240 | 241 | 242 | Misc Commands: 243 | 244 | [v1.5.1] 245 | 246 | ## Changelog 247 | 248 | * v1.5.1 249 | * More reliable SSL/TLS detection 250 | * More reliable HTTP(s) port detection 251 | * Added group-by-service command 252 | * Added group-by-product command 253 | * Added http-info command 254 | * Added http-server-header to port-info command 255 | * Added hostname to group-by-ports command 256 | * v1.4.6 257 | * Added search-product command 258 | * Added group-by-ports command 259 | * Added examples for generating subreports, group-by-ports command, and rerun scans 260 | * v1.4.5 261 | * Show only service-names of open ports 262 | * Splitted ports command in: ports and ports-reachable 263 | * Added show-comments command 264 | * v1.4.4 265 | * Fixed bug in [bash completion](_nmap-parse-output) when installed system-wide 266 | * Improved documentation 267 | * v1.4.3 268 | * Fixed bug in [include-ports command](nmap-parse-output-xslt/include-ports.xslt) 269 | * v1.4.2 270 | * Added [nmap-bootstrap-xsl](https://github.com/honze-net/nmap-bootstrap-xsl) as [html-bootstrap command](nmap-parse-output-xslt/html-bootstrap.xslt) 271 | * Added [nmap-cmdline command](nmap-parse-output-xslt/nmap-cmdline.xslt) 272 | * Added [host-ports-protocol command](nmap-parse-output-xslt/host-ports-protocol.xslt) 273 | * v1.4.1 274 | * Improved error handling 275 | * Bugfix in ports command 276 | * v1.4.0 277 | * Support for unfinished scans 278 | * Commands are categorized as convert, manipulate, extract and misc now 279 | * v1.3.0 280 | * First public release 281 | 282 | ## Contribute 283 | 284 | ### Adding new Commands 285 | 286 | Commands are written as [XSLT](https://en.wikipedia.org/wiki/XSLT). See [nmap-parse-output-xslt/](nmap-parse-output-xslt/) if you want to add new commands. A good way is mostly copying an existing script that does something similar. 287 | 288 | The documentation printed in the help page can be written with the ```` tag (XML namespace: http://xmlns.sven.to/npo). A command can have one of the following categories: convert, manipulate or extract. You can set it with the ```` tag. It is not necessary to set a category, uncategorized commands are will be shown as a misc command in the help page. Commands with an invalid category will not be shown on the help page. 289 | 290 | Parameters will be passed as variables named ``$param1``, ``$param2`` and so on. An post processing command can be added with the ```` tag. 291 | 292 | Example XSLT file: 293 | 294 | 295 | 296 | 297 | 298 | extract 299 | sort | uniq 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | , 309 | 310 | 311 | 312 | 313 | 314 | 315 | More information about XSLT and writing new commands can be found here: 316 | - http://xmlsoft.org/XSLT/ 317 | - http://www.w3.org/TR/xslt 318 | - http://www.exslt.org/ 319 | - http://xmlsoft.org/XSLT/xsltproc.html 320 | 321 | ## Installation 322 | 323 | Requierements: 324 | * bash 325 | * [xsltproc](http://xmlsoft.org/XSLT/xsltproc.html) 326 | 327 | Check out the repository and run it: 328 | 329 | git clone https://github.com/ernw/nmap-parse-output.git 330 | cd nmap-parse-output 331 | ./nmap-parse-output 332 | 333 | You can create a link to the ``nmap-parse-output`` script in your local bin directory or add the directory into your path if you want to execute it directly. Add the following line into your ``~/.bash_profile`` or your ``~/.zshrc`` file: 334 | 335 | export PATH="$PATH:$PATH_TO_YOUR_NMAP_PARSE_OUTPUT_DIR" 336 | 337 | ### Bash Completion 338 | 339 | Bash completion can be enabled by adding the following line to your `~/.bash_profile` or `.bashrc`: 340 | 341 | source ~/path/to/nmap-parse-output/_nmap-parse-output 342 | 343 | ### ZSH Completion 344 | 345 | ZSH completion can be enabled by adding the following line to your `~/.zshrc`: 346 | 347 | autoload bashcompinit && bashcompinit && source ~/path/to/nmap-parse-output/_nmap-parse-output 348 | 349 | ### Distro Packages 350 | 351 | [![Packaging status](https://repology.org/badge/vertical-allrepos/nmap-parse-output.svg)](https://repology.org/project/nmap-parse-output/versions) 352 | -------------------------------------------------------------------------------- /nmap-parse-output-xslt/html.xslt: -------------------------------------------------------------------------------- 1 | 2 | 32 | 33 | 41 | 42 | Converts a XML output into a HTML report 43 | 44 | convert 45 | 46 | 47 | 48 | 0.9c 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | generated with nmap.xsl - version by Benjamin Erb - http://www.benjamin-erb.de/nmap_xsl.php 70 | 71 | 352 | 353 | Nmap Scan Report - Scanned at <xsl:value-of select="$start" /> 354 | 355 | 356 | 398 | 399 | 400 | 401 | 402 | 403 |
404 | 405 |

Nmap Scan Report - Scanned at

406 | 407 | 463 | 464 | 465 | scansummary 466 | 467 | 468 |
469 | 470 |

Scan Summary

471 | 472 |

473 | Nmap was initiated at with these arguments:
474 |
475 |

476 |

477 | Verbosity: ; Debug level 478 |

479 | 480 |

481 | 482 |

483 | 484 | 485 | 486 | 487 | 488 | 489 | 490 | 491 | 492 |
493 | 494 | 499 | 500 | 501 | 502 | 503 | 504 | 505 | 506 | 507 | 508 |
509 | 510 | 511 | 512 | 513 | host_ 514 | 515 | 516 | 517 | 518 | 519 |

520 | 521 | 522 | 523 | 524 | / 525 | 526 | 527 | 528 | (online) 529 |

530 | 531 | 532 | 533 | 534 |

535 | 536 | 537 | 538 | 539 | / 540 | 541 | 542 | 543 | 544 | javascript:toggle('hostblock_'); 545 | host_down 546 | (click to expand) 547 | 548 | (offline)

549 | 550 | 551 | 552 | 553 | 554 | 555 | hostblock_ 556 | 557 | 558 | 559 | unhidden 560 | 561 | 562 | 563 | hidden 564 | 565 | 566 | 567 | 568 | 569 |

Address

570 | 571 |
    572 | 573 |
  • 574 | 575 | - 576 | 577 | 578 | 579 | () 580 |
    • 581 |     582 |
583 | 584 | 585 | 586 | 587 | 588 |
589 | 590 | 591 | javascript:toggle('metrics_'); 592 | Misc Metrics (click to expand) 593 | 594 | 595 | 596 | 597 | metrics_ 598 | hidden 599 | 600 | 601 | 602 | 603 | 604 | 605 | 606 | 607 | 608 | 614 | 615 | 616 | 617 | 618 | 619 | 621 | 622 | 623 | 624 | 625 | 626 | 627 | 628 | 629 | 630 | 631 | 632 | 633 | 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 | 643 | 644 | 645 | 646 |
MetricValue
Ping Results 609 | 610 | from 611 | 612 | 613 |
System Uptime seconds (last reboot: ) 620 |
Network Distance hops
TCP Sequence PredictionDifficulty= ()
IP ID Sequence Generation
647 | 648 | 649 | 650 | 651 | 652 | 653 | 654 | 655 | 656 | 657 |

Comment

658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 |

Hostnames

 666 | 667 | 668 | 669 | 670 | 671 | 672 |
  • ()
    • 673 |     674 | 675 | 676 | 677 | 678 | 679 | 680 |

    Ports

    681 | 682 | 683 |

    The ports scanned but not shown below are in state:

    684 |     685 | 686 |
      687 | 688 | 689 |

    • ports replied with:

      • 690 |       691 |       692 |
    693 |     694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 703 | 704 | porttable_ 705 | 1 706 | 707 | 708 | Port 709 | State 710 | 711 | javascript:togglePorts('porttable_','closed'); 712 | (toggle closed [] 713 | 714 | 715 | javascript:togglePorts('porttable_','filtered'); 716 | | filtered []) 717 | 718 | 719 | Service 720 | Reason 721 | Product 722 | Version 723 | Extra info 724 | 725 | 726 | 727 | 728 | 729 |     730 | 731 | 732 | 733 | 734 | 735 | 736 | 737 | 738 | 739 | 740 | 741 | 742 | 743 | 744 | 745 | 746 | 747 | 748 | 749 | 750 | 751 | 752 |   753 | 754 | 755 | from 756 | 757 | 758 | 759 |   760 |   761 |   762 | 763 | 764 | 765 | 766 | 767 | 768 | Comment   769 | 770 | 
      
    771 | 772 | 773 |     774 | 775 | 776 | 777 | 778 |   779 | 780 | 
      
    781 | 782 | 783 | 784 |     785 |     786 | 787 | 788 | 789 | 790 | 791 | 792 |   793 | 794 | 795 | from 796 | 797 | 798 | 799 |   800 |   801 |   802 | 803 | 804 | 805 | 806 | 807 | 808 | 809 | 810 |   811 | 812 | 813 | from 814 | 815 | 816 | 817 |   818 |   819 |   820 | 821 | 822 | 823 | 824 | 825 | 826 | 827 | 828 |   829 | 830 | 831 | from 832 | 833 | 834 | 835 |   836 |   837 |   838 | 839 | 840 | 841 |     842 |     843 | 844 | 845 | 846 | 847 | 848 |

    Remote Operating System Detection

    849 | 850 |

    Unable to identify operating system.

     851 | 852 |
      853 | 854 |
    • Used port: / ()
      • 855 |       856 | 857 | 858 |
    • OS match: (%)
      • 859 |       860 |
    861 | 862 | 863 | 864 |     865 | 866 | 867 | 868 | 869 | 870 | 871 | 872 | 873 | 874 | 875 | 876 | 877 |
      878 |
    • Cannot determine exact operating system. Fingerprint provided below.
      • 879 |
    • If you know what OS is running on it, see https://nmap.org/submit/
      • 880 |
    881 | 882 | 883 | 884 | 885 | 886 | 887 | 888 |
    Operating System fingerprint
    889 | 890 |     891 | 892 | 893 |
      894 |
    • OS identified but the fingerprint was requested at scan time. 895 | 896 | 897 | javascript:toggle('osblock_'); 898 | (click to expand) 899 | 900 |
      • 901 |
    902 | 903 | 904 | osblock_ 905 | hidden 906 | 907 | 908 | 909 | 910 | 911 | 912 | 913 | 914 |
    Operating System fingerprint
    915 | 916 |     917 | 918 |     919 | 920 |     921 | 922 |     923 | 924 | 925 | 926 | 927 | 928 | 929 |
    930 | 931 | 932 | prescript 933 | 934 | 935 |

    Pre-Scan Script Output

    936 | 937 | 938 | 939 | 940 | 941 | 942 | 943 | 944 | 945 | 948 | 953 | 954 | 955 | 956 |
    Script NameOutput
    946 |   947 | 949 | 
     950 |            
 951 |
    952 |
    957 |     958 | 959 | 960 | 961 | 962 | 963 | 964 |
    965 | 966 | 967 | postscript 968 | 969 | 970 |

    Post-Scan Script Putput

    971 | 972 | 973 | 974 | 975 | 976 | 977 | 978 | 979 | 980 | 983 | 988 | 989 | 990 | 991 |
    Script NameOutput
    981 |   982 | 984 | 
     985 |            
 986 |
    987 |
    992 |     993 | 994 | 995 | 996 | 997 | 998 | 999 |

    Host Script Output

    1000 | 1001 | 1002 | 1003 | 1004 | 1005 | 1006 | 1007 | 1008 | 1009 | 1012 | 1017 | 1018 | 1019 | 1020 |
    Script NameOutput
    1010 |   1011 | 1013 | 
    1014 |               
1015 |
    1016 |
    1021 |     1022 | 1023 | 1024 | 1025 | 1026 | 1027 |

    Smurf Responses

    1028 |
      1029 |
    • responses counted
      • 1030 |
    1031 |     1032 |     1033 | 1034 | 1035 | 1036 | 1037 | 1038 | 1039 | 1040 | 1041 | 1042 | 1043 | 1044 | 1045 | 1046 | javascript:toggle('trace_'); 1047 | Traceroute Information (click to expand) 1048 | 1049 | 1050 | 1051 | trace_ 1052 | hidden 1053 | 1054 | 1055 | 1056 | 1057 |
    • Traceroute data generated using port /
    1058 |     1059 |     1060 | 1061 | 1062 | 1063 | 1064 | 1065 | 1066 | 1067 | 1068 | 1069 | 1070 | 1071 | 1072 | 1073 | 1074 | 1075 | 1076 | 1077 | 1078 | 1079 | 1080 | 1081 | 1082 | 1083 | 1084 | 1085 | 1086 | 1087 | 1088 | 1089 | 1090 | 1091 | 1092 | 1093 | 1094 | 1095 | 1096 |
    HopRttIPHost
    --
    1097 |     1098 | 1099 |     1100 |     1101 | 1102 |     1103 | --------------------------------------------------------------------------------