Regex Match on IP Address Before Known String

StackOverflow https://stackoverflow.com/questions/21808110

  •  12-10-2022
  •  | 
  •  

Question

I'm using nmap to search for hostnames and related IPs on my local (home) network. I can pull a string that looks something like this:

Starting Nmap 6.40 ( http://nmap.org ) at 2014-02-15 22:20 PST
Nmap scan report for 192.168.1.1
Host is up (0.00025s latency).
MAC Address: ZZ:ZZ:11:ZZ:ZZ:ZZ (Cisco-Linksys)
Nmap scan report for 192.168.1.2
Host is up (0.0084s latency).
MAC Address: ZZ:ZZ:A1:2E:ZZ:ZZ (Apple)
Nmap scan report for 192.168.1.9
Host is up (0.012s latency).
MAC Address: A4:ZZ:57:17:ZZ:ZZ (Seiko Epson)
Nmap scan report for 192.168.1.103
Host is up (0.036s latency).
MAC Address: ZZ:ZZ:6D:05:ZZ:ZZ (Apple)

I know that I can put together a regular expression to give me the IP address directly above the "Seiko Epson" line, but I cannot figure out how to do it.

I'm specifically looking for a way to find the IP address of the host that I'm searching for, I'm currently using:

(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)

to find IP addresses, but I do not know how to augment this to find the IP address above a given string.

Était-ce utile?

La solution

If you get the whole input as a single string, then

  1. You firstly search for a fixed string Nmap scan report for,
  2. nextly remember a sequence 0-9 or . (which should be there) as the output IP address,
  3. then skip until the MAC addr part (containing :),
  4. skip until the next opening paren,
  5. and finally check if the string inside parens is Seiko Epson.

Example:

>>> inp='''Starting Nmap 6.40 ( http://nmap.org ) at 2014-02-15 22:20 PST
... Nmap scan report for 192.168.1.1
... Host is up (0.00025s latency).
... MAC Address: ZZ:ZZ:11:ZZ:ZZ:ZZ (Cisco-Linksys)
... Nmap scan report for 192.168.1.2
... Host is up (0.0084s latency).
... MAC Address: ZZ:ZZ:A1:2E:ZZ:ZZ (Apple)
... Nmap scan report for 192.168.1.9
... Host is up (0.012s latency).
... MAC Address: A4:ZZ:57:17:ZZ:ZZ (Seiko Epson)
... Nmap scan report for 192.168.1.103
... Host is up (0.036s latency).
... MAC Address: ZZ:ZZ:6D:05:ZZ:ZZ (Apple)'''
>>> import re
>>> r1 = re.compile(r'Nmap scan report for ([0-9.]*)[^:]*[^(]*\(Seiko Epson\)')
>>> r1.search(inp).group(1)
'192.168.1.9'

The idea behind [^...]'s is finite state machine.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top