Greping strings from different lines of nmap output

StackOverflow https://stackoverflow.com/questions/23679219

  •  23-07-2023
  •  | 
  •  

Domanda

I have the following nmap output: 

Nmap scan report for 192.168.1.14
Host is up (0.13s latency).
PORT    STATE  SERVICE VERSION
110/tcp closed pop3    
--
Nmap scan report for 192.168.1.15
Host is up (0.13s latency).
PORT    STATE SERVICE    VERSION
110/tcp open  pop3       Popper
--
Nmap scan report for 192.168.1.20
Host is up (0.13s latency).
PORT    STATE SERVICE VERSION
110/tcp open  pop3    Dove

which I get using the command: nmap -p 110 -sV 192.168.1.10-20

Note: I have not used the -oG output format with nmap because I understand that it is deprecated.

The output I require:

192.168.1.15 open Popper
192.168.1.20 open Dove

As you can see it should print the IP address, the State and Version of only the OPEN ports

What I have tried:

Using all sorts of variations (of the command below) using grep and awk to get my required output but cannot get it too work how I want it to:

nmap -p 110 -sV 192.168.1.10-20 | grep -B3 'open' | egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}"

The difficulty I am having is how to extract specific parts from different lines of the output and put them together

Update

I have found that sometimes in the VERSION column there are more than just single words e.g sometimes it may say Popper 1.2.7-Beta rather than just Popper. In which case it then just prints 1.2.7-Beta instead of Popper 1.2.7-Beta (because the space between the words confuses it). How would you deal with this occurring?

È stato utile?

Soluzione

Try this:

awk '/Nmap scan report/ { host=$NF } NF==4 && $2=="open" { print host, $2, $NF }' nmap-output.txt

Explanation:

1) For any line that matches the string "Nmap scan report", remember the last field of the line in the variable name "host"

2) For any line that has 4 fields and where the second field matches the string "open", print the remembered "host" variable, the second field of this line ("open"), and the last field of the line (what is in the Version column).

Altri suggerimenti

How about this awk:

awk '/^Nmap/{a=$5}
     /^110\/tcp open/{print a,$2,$3}' Your_file
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top