Regular Expression for NMAP match lines for Machine & OS only

Question 1

Using awk

awk -F "OS: " '/^Nmap/ {a=$0} /OS:/ {print a"\n"FS$2}' file
Nmap scan report for 13.93.27.138
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.143
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.147
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.148
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.191
OS: Windows XP (Windows 2000 LAN Manager)

Question 2

When the problem is searching Nmap output, the answer is always, "Use the XML output format." This is because Nmap's regular output can change between versions and is not structured for machine input. zyou can get Nmap to emit XML with the -oX or -oA options.

You've already filtered the output down a lot, but I can tell from the "|" at the beginning of the lines that the output you want comes from a NSE script instead of the OS detection engine. Specifically, that is the output of the smb-os-discovery script. Knowing this, we can use an XML parser to look for each element //script[@id='smb-os-discovery'] whose output attribute contains the string "OS: Windows XP". Here's how to do that with xmlstarlet:

xmlstarlet sel -t -m "//script[@id='smb-os-discovery' and contains(@output, 'OS: Windows XP')" -v "ancestor::host/address[@addrtype='ipv4']/@addr" -n scan-output.xml

You can do similar things with the many XML parsing libraries in every language. Python, Perl, and Ruby all have good parsers specifically designed for Nmap's XML output.

EDIT: Since you only want the OS as detected by smb-os-detection, you could save time scanning by only running this script and skipping the OS fingerprinting step. Here's an example of a fast scan like this:

nmap -p 445 --script smb-os-detection -oA smb-scan-%y%m%d 192.0.2.0/24

Question 3

This should do the trick:

 perl -ne 'if (/nmap/i) { $nmap = $_ }; if (/(OS:.*XP.*)/) { print $nmap,$1,"\n"; }' report