Nmap Development mailing list archives
Re: Nmap "short" or "simplified" output?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 21 May 2014 16:07:13 -0500
Ryan, The closest that Nmap has for quick bare output is the Grepable format (-oG, http://nmap.org/book/output-formats-grepable-output.html). This format is "deprecated," which for practical purposes means that it hasn't been updated in a long time, and won't be able to support any newer features of Nmap. The big things that are missing are: NSE script output, traceroute, MAC address, and CPE. The most useful advice I can give regarding this is to learn how to turn off the parts of Nmap that you don't want. Helpful options include: -sn Turn off port scanning -Pn Skip host discovery (Use with caution when scanning network ranges!) -p Specify only the ports you want scanned and no others -n Skip reverse name resolution --version-light Reduce the number of service scan probes that are sent (can reduce accuracy) And don't use -A unless you really mean it :) Here are a few recipes I've used for quick Nmap scans and parsing: # Print IP addresses that are up nmap -n -sn -oG - $targets | awk '/Status: Up$/{print $2}' # Print IP addresses that have port 22 open (abusing host discovery via TCP probes) nmap -n -sn -PS22 -oG - $targets | awk '/Status: Up$/{print $2}' # Print the reverse-dns names of a list of IPs without scanning them: nmap -sL -oG - $targets | awk '$3~/\(.+\)/{print $3}' | tr -d '()' # Print IPs that have any of these ports open: nmap -n -p 21-25 -oG - $targets | awk '/\/open\//{print $2}' You get the idea. Happy hacking! Dan On Tue, May 20, 2014 at 8:13 AM, Ryan Robson <ringo380 () gmail com> wrote:
Heya, I've had more trouble than I thought I would trying to find an answer to this question, and it may really end up being more of a feature request, but I could not track anything down to this effect in the documentation: Is there a flag or option designed to simplify the output that nmap provides? The example I've been using is dig's "+short", which just gives you the basic response. I realize that nmap provides output in a number of different of ways depending on how you use it, and for my purposes I'm generally just working with port status output, so I'm sure it's not a simple matter to implement a single flag that applies to all of the different types of nmap output, I understand entirely. This is totally a mild inconvenience and 100% unimportant in the scheme of things, but it's just something I've always wondered but have never been able to confirm. I can of course grep it down easily, but I always like to learn what I can about what can be done in the original application itself before piping out to other applications. I appreciate any response you could give on this! Thanks, Ryan Robson _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap "short" or "simplified" output? Ryan Robson (May 21)
- Re: Nmap "short" or "simplified" output? Daniel Miller (May 21)