LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-02-2007, 04:35 PM   #1
rsmccain
Member
 
Registered: Apr 2004
Location: Louisiana
Distribution: SUSE
Posts: 154

Rep: Reputation: 30
send output of namp scan to CSV file


Does anyone know how to take the output of nmap and put it into CSV format?

I've seen nmap-audit but it looks like development quit on it 4 yrs ago. Currently I am using the -oG option in nmap to output it in greppable format which is ok, but I can't get it into a spreadsheet cleanly.

Thanks..
 
Old 03-02-2007, 05:32 PM   #2
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,398
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
Is this a start?
Code:
nmap localhost | awk  'NF==3 {printf("\"%s\",\"%s\",\"%s\"\n", $1, $2, $3);} NF!=3 {printf("\"%s\"\n",$0);}'
Writes to standard output, but that is only a redirection away from a file.
--- rod.
 
Old 03-05-2007, 11:39 PM   #3
rsmccain
Member
 
Registered: Apr 2004
Location: Louisiana
Distribution: SUSE
Posts: 154

Original Poster
Rep: Reputation: 30
thanks, but..

Quote:
Originally Posted by theNbomr
Is this a start?
Code:
nmap localhost | awk  'NF==3 {printf("\"%s\",\"%s\",\"%s\"\n", $1, $2, $3);} NF!=3 {printf("\"%s\"\n",$0);}'
Writes to standard output, but that is only a redirection away from a file.
--- rod.

that does answer the question, however, i should have been more specific. this is the script i run (out_clean.txt is a list of network addresses)

#!/bin/bash
for name in $(cat out_clean.txt); do
nmap -sV -R --osscan-guess --append-output -p1-512,8080,8008,8009 $name/22 -oG j
ared.txt
done

---

the output of this looks like this:

Host: 10.114.4.2 () Ports: 135/open/tcp//msrpc//Microsoft Windows RPC/, 139/
open/tcp//netbios-ssn///, 427/open/tcp//svrloc?///, 445/filtered/tcp//microsoft-
ds///
Host: 10.114.4.3 () Ports: 135/open/tcp//msrpc//Microsoft Windows RPC/, 139/
open/tcp//netbios-ssn///, 427/open/tcp//svrloc?///, 445/filtered/tcp//microsoft-
ds///
Host: 10.114.7.180 (server1.domain.com) Ports: 25/open/tcp//smtp
//Microsoft ESMTP 5.0.2195.6713/, 53/open/tcp//domain//Microsoft DNS/, 80/open/t
cp//http//Microsoft IIS webserver 5.0/, 119/open/tcp//nntp//Microsoft NNTP Servi
ce 5.0.2195.7034 (posting ok)/, 135/open/tcp//msrpc//Microsoft Windows RPC/, 139
/open/tcp//netbios-ssn///, 427/open/tcp//svrloc?///, 443/open/tcp//https?///, 44
5/filtered/tcp//microsoft-ds///
Host: 10.114.7.181 (server2.domain.com) Ports: 23/open/tcp//teln
et//Cisco microswitch telnetd/, 80/open/tcp//http//Apache httpd 2.0.54 ((NETWARE
) mod_jk|1.2.14)/, 81/open/tcp//http//Novell Netware HTTP Stack (HTTPSTK.NLM)/,
389/open/tcp//ldap// (Anonymous bind OK)/, 427/open/tcp//svrloc?///, 443/open/tc
p//ssl//Novell Netware SSL/, 445/filtered/tcp//microsoft-ds///, 8008/open/tcp//h
ttp//Novell Netware HTTP Stack (HTTPSTK.NLM)/, 8009/open/tcp//ssl//Novell Netwar
e SSL/
Host: 10.114.7.183 (server3.domain.com) Ports: 21/open/tcp//ftp/
/Netware NWFTPD/, 23/open/tcp//telnet//Cisco microswitch telnetd/, 80/open/tcp//
http//Apache httpd 2.0.54 ((NETWARE) mod_jk|1.2.14)/, 81/open/tcp//http//Novell
Netware HTTP Stack (HTTPSTK.NLM)/, 389/open/tcp//ldap// (Anonymous bind OK)/, 42
7/open/tcp//svrloc?///, 443/open/tcp//ssl//Novell Netware SSL/, 445/filtered/tcp
//microsoft-ds///, 8008/open/tcp//http//Novell Netware HTTP Stack (HTTPSTK.NLM)/
, 8009/open/tcp//ssl//Novell Netware SSL/

---

what i need in the csv file is: hostname (if available), open port numbers and OS (if available).

i know some shell scripting but couldnt come up with anyway to get only the data i needed. i know very little sed/awk.

EDIT: the final result is to get it into a spreadsheet. i might be going about this the wrong way.
THANKS!

Last edited by rsmccain; 03-05-2007 at 11:51 PM.
 
Old 03-06-2007, 01:04 AM   #4
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,398
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
rsmccain, can you re-post your sample output inside CODE tags (click Go Advanced), so the formatting is preserved? My nmap isn't accepting the options you used, so I can't replicate it easily myself. I can probably cobble up sonething that gets you what you want.
--- rod.
 
Old 03-06-2007, 07:12 PM   #5
rsmccain
Member
 
Registered: Apr 2004
Location: Louisiana
Distribution: SUSE
Posts: 154

Original Poster
Rep: Reputation: 30
is this what you mean?

Quote:
Originally Posted by theNbomr
rsmccain, can you re-post your sample output inside CODE tags (click Go Advanced), so the formatting is preserved? My nmap isn't accepting the options you used, so I can't replicate it easily myself. I can probably cobble up sonething that gets you what you want.
--- rod.

Code:
nmap -R -O --osscan-guess --append-output -p1-512,8080,8008,8009 $name/22 -oG jared.txt
hopefully this works..

thanks?
 
Old 03-06-2007, 08:23 PM   #6
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,398
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
No, I meant the nmap output. The stuff you want parsed, formatted, diced, sliced and julienned. The formatting is right, now, though.
--- rod.
 
Old 03-06-2007, 08:34 PM   #7
rsmccain
Member
 
Registered: Apr 2004
Location: Louisiana
Distribution: SUSE
Posts: 154

Original Poster
Rep: Reputation: 30
gotcha.. here ya go..

Quote:
Originally Posted by theNbomr
No, I meant the nmap output. The stuff you want parsed, formatted, diced, sliced and julienned. The formatting is right, now, though.
--- rod.
thanks again..

Code:
Host: 10.114.7.177 ()   Ports: 80/open/tcp//http///, 161/closed/tcp//snmp///, 443/open/tcp//https///    OS: Microsoft Windows 2000, SP0, SP1, or SP2    Seq Index: 131  IPID Seq: Incremental
Host: 10.114.7.178 ()   Ports: 23/open/tcp//telnet///, 80/open/tcp//http///, 111/open/tcp//rpcbind///, 445/filtered/tcp//microsoft-ds///        OS: Avaya P330 Stackable Switch Seq Index: 17   IPID Seq: Incremental
Host: 10.114.7.179 ()   Ports: 23/open/tcp//telnet///, 80/open/tcp//http///, 111/open/tcp//rpcbind///, 445/filtered/tcp//microsoft-ds///        OS: Avaya P330 Stackable Switch Seq Index: 17   IPID Seq: Incremental
Host: 10.114.7.180 (server1.domain.com)      Ports: 25/open/tcp//smtp///, 53/open/tcp//domain///, 80/open/tcp//http///, 119/open/tcp//nntp///, 135/open/tcp//msrpc///, 139/open/tcp//netbios-ssn///, 427/open/tcp//svrloc///, 443/open/tcp//https///, 445/filtered/tcp//microsoft-ds///     Seq Index: 258  IPID Seq Incremental
Host: 10.114.7.181 (server2.domain.com)      Ports: 23/open/tcp//telnet///, 80/open/tcp//http///, 81/open/tcp//hosts2-ns///, 389/open/tcp//ldap///, 427/open/tcp//svrloc///, 443/open/tcp//https///, 445/filtered/tcp//microsoft-ds///, 8008/open/tcp/////, 8009/open/tcp//ajp13///  Seq Index: 263  IPID Seq: Broken little-endian incremental
 
Old 03-09-2007, 11:17 AM   #8
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,398
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
rsmccain: I haven't forgotten about you, but I've suddenly gotten quite busy, and your problem is a bit trickier than a simple one-liner. Sorry. Stay tuned.
--- rod.
 
Old 03-11-2007, 05:34 AM   #9
rsmccain
Member
 
Registered: Apr 2004
Location: Louisiana
Distribution: SUSE
Posts: 154

Original Poster
Rep: Reputation: 30
no problem

Quote:
Originally Posted by theNbomr
rsmccain: I haven't forgotten about you, but I've suddenly gotten quite busy, and your problem is a bit trickier than a simple one-liner. Sorry. Stay tuned.
--- rod.
no problem. any help you can provide is appreciated.
 
Old 03-13-2007, 01:12 PM   #10
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,398
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
Okay, I finally have something for you. This turned out to be more challenging than I anticipated, and as I said earlier, it definitely isn't a simple one-liner. FWIW, here is a perl script that I call nmap2csv.pl:
Code:
#! /usr/bin/perl -w
use strict;

    my @fieldNames = (
        "Host:",
        "Ports:",
        "OS:",
        "Seq Index:",
        "IPID Seq:"
    );

    my $split = join "|", @fieldNames;
    $split = "($split)";

    while( <> ){

        foreach my $fieldName ( @fieldNames ){
            if( $_ =~ m/$fieldName/ ){
                my ( $pre, $post ) = split $fieldName, $_ ;
                my ( $fieldVal, @junk ) = split /$split/, $post;
                
                if( $fieldName eq "Host:" ){
                    $fieldVal =~ m/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\s+\((.*)\)/;
                    my $dottedDecIp = $1; 
                    my $ipName = $2;
                    print "\"$dottedDecIp\",\"$ipName\",";
                }
                elsif( $fieldName eq "OS:" ){
                    my $os = $fieldVal;
                    $os =~ s/^\s+//;
                    $os =~ s/\s+$//;
                    print "\"$os\",";
                }
                elsif( $fieldName eq "Ports:" ){
                    my( @ports ) = $fieldVal =~ m/\s+([0-9]+)/g;
                    foreach my $port ( @ports ){
                        print "\"$port\",";
                    }
                }
            }
        }
        print "\n";
    }
When run from the commandline and given the name of a file containing the nmap output, or with the output of nmap piped into it, I believe it accomplishes your stated spec. I took the liberty of re-ordering the the fields so that the list of ports is last, since its lenght is variable, and it just seems to read better that way. Sorry it took so long.
--- rod.
 
Old 03-13-2007, 01:37 PM   #11
rsmccain
Member
 
Registered: Apr 2004
Location: Louisiana
Distribution: SUSE
Posts: 154

Original Poster
Rep: Reputation: 30
wow

Quote:
Originally Posted by theNbomr
Okay, I finally have something for you. This turned out to be more challenging than I anticipated, and as I said earlier, it definitely isn't a simple one-liner. FWIW, here is a perl script that I call nmap2csv.pl:
Code:
#! /usr/bin/perl -w
use strict;

    my @fieldNames = (
        "Host:",
        "Ports:",
        "OS:",
        "Seq Index:",
        "IPID Seq:"
    );

    my $split = join "|", @fieldNames;
    $split = "($split)";

    while( <> ){

        foreach my $fieldName ( @fieldNames ){
            if( $_ =~ m/$fieldName/ ){
                my ( $pre, $post ) = split $fieldName, $_ ;
                my ( $fieldVal, @junk ) = split /$split/, $post;
                
                if( $fieldName eq "Host:" ){
                    $fieldVal =~ m/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\s+\((.*)\)/;
                    my $dottedDecIp = $1; 
                    my $ipName = $2;
                    print "\"$dottedDecIp\",\"$ipName\",";
                }
                elsif( $fieldName eq "OS:" ){
                    my $os = $fieldVal;
                    $os =~ s/^\s+//;
                    $os =~ s/\s+$//;
                    print "\"$os\",";
                }
                elsif( $fieldName eq "Ports:" ){
                    my( @ports ) = $fieldVal =~ m/\s+([0-9]+)/g;
                    foreach my $port ( @ports ){
                        print "\"$port\",";
                    }
                }
            }
        }
        print "\n";
    }
When run from the commandline and given the name of a file containing the nmap output, or with the output of nmap piped into it, I believe it accomplishes your stated spec. I took the liberty of re-ordering the the fields so that the list of ports is last, since its lenght is variable, and it just seems to read better that way. Sorry it took so long.
--- rod.

wow.. THANKS!

I really appreciate it! Hopefully I can re-pay you one day.

Ryan
 
Old 04-18-2009, 08:31 PM   #12
roubir
LQ Newbie
 
Registered: Apr 2009
Posts: 1

Rep: Reputation: 0
Protocol, Port, Service Addition

theNbomr,
This is great! Thanks so much!

I just googled it found you and used it with Nmap output from BackTrack 4 and it works great.

However, is it possible to have it add the protocol for the open port as well as the service?

For example output in the .csv file will look like this with pipes:

Code:
"10.19.55.203","host","tcp|80|http","tcp|3389|ms-term-serv"
.CSV:
Code:
10.19.55.203 host      tcp|80|http    tcp|3389|ms-term-serv
Thanks Again!

-roubir


Quote:
Originally Posted by rsmccain View Post
wow.. THANKS!

I really appreciate it! Hopefully I can re-pay you one day.

Ryan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
help extracting data from csv file willinusf Linux - General 10 10-27-2006 09:10 PM
Culling Data from a CSV file to output in excel jterr02 Programming 2 05-19-2006 04:58 AM
Shell script to read from csv file hendemeg Programming 1 05-11-2004 08:23 PM
csv to fixed-length file roballen Programming 0 03-11-2004 03:12 AM
CSV File AMMullan Programming 2 11-10-2003 12:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration