ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have to create one function in which read IP addresses one by one from one file (iplist.txt) and scan these IP using nmap. This scan IP's output is saved in output.txt file and parse output.txt file to filter only open ports with particular IP which is saved in parse.txt file.
format of parse.txt file:
Code:
ip open port
x.x.x.x x
2. My goal:
1. Find all ports open on a whole range and in one file.
2. Save only open ports with IP address in another file. Don't save filtered or closed ports in this file.
eg. Format of file:
IP_address Open_port
Code:
192.168.0.1 21
192.168.0.1 80
....
so I have write the script which scan IP range and save the whole output. I just want script of second option.
I have attached the script. Please help me if possible to implement second option. In second option, my script take open port/tcp and all other details but i want only ip address with open port as shown above file format.
Nmap scan report for 192.168.0.1
Host is up, received echo-reply ttl 128 (1.0s latency).
Scanned at 2017-03-14 05:47:17 EDT for 90s
Not shown: 985 closed ports
Reason: 985 resets
PORT STATE SERVICE REASON
135/tcp open msrpc syn-ack ttl 128
139/tcp open netbios-ssn syn-ack ttl 128
445/tcp open microsoft-ds syn-ack ttl 128
514/tcp filtered shell no-response
554/tcp open rtsp syn-ack ttl 128
902/tcp open iss-realsecure syn-ack ttl 128
912/tcp open apex-mesh syn-ack ttl 128
1025/tcp open NFS-or-IIS syn-ack ttl 128
1026/tcp open LSA-or-nterm syn-ack ttl 128
1027/tcp open IIS syn-ack ttl 128
1028/tcp open unknown syn-ack ttl 128
1029/tcp open ms-lsa syn-ack ttl 128
2869/tcp open icslap syn-ack ttl 128
5357/tcp open wsdapi syn-ack ttl 128
10243/tcp open unknown syn-ack ttl 128
Nmap scan report for 192.168.0.2
Host is up, received reset ttl 128 (0.18s latency).
All 1000 scanned ports on 192.168.0.1 are filtered (914) or closed (86) because of 914 no-responses and 86 resets
parse.txt
Code:
135/tcp open msrpc syn-ack ttl 128
139/tcp open netbios-ssn syn-ack ttl 128
445/tcp open microsoft-ds syn-ack ttl 128
514/tcp filtered shell no-response
554/tcp open rtsp syn-ack ttl 128
902/tcp open iss-realsecure syn-ack ttl 128
912/tcp open apex-mesh syn-ack ttl 128
1025/tcp open NFS-or-IIS syn-ack ttl 128
1026/tcp open LSA-or-nterm syn-ack ttl 128
1027/tcp open IIS syn-ack ttl 128
1028/tcp open unknown syn-ack ttl 128
1029/tcp open ms-lsa syn-ack ttl 128
2869/tcp open icslap syn-ack ttl 128
5357/tcp open wsdapi syn-ack ttl 128
10243/tcp open unknown syn-ack ttl 128
Just a quick guess: You'd just look for /^Nmap scan report for/ and clear your value for the 1st column, then if /host down/ is not present use the 5th or 6th field to set the subsequent 1st column value. Then until that happens again, print out the port number when 'open' is found in the appropriate column.
Functions like sub() or gsub() can be used to tidy the fields.
The way the forum works is that you show what you have been trying and ask questions about it. So please show what you tried with awk and how far you were able to get with either your own approach or the guidance given already.
This should be fairly easy with awk, one method already indicated by Turbocapitalist in post #2.
Alternatively, you might want to think of 'Nmap scan report...' as the record separator and each subsequent line as a field, then get the IP address from the first "field" and port numbers from /^[0-9]+/ of each following field (line).
But as already said, it is more helpful to everyone if you show us your own attempt as the starting point, then we can suggest and refine our advice based on that example.
readfile()
{
while read -r line
do
name="$line"
echo "$name"
conunt=$line
nmap -oG output.txt -T4 -f -iL iplist.txt $line1
done < iplist.txt
awk -f filter.awk output.txt > parse.txt
}
readfile
filter.awk
Code:
awk '/^Nmap scan report/{cHost=$5;}
/open/ { split($1,a,"/"); result[cHost][a[1]]=""}
END {
for (i in result) {
printf i;
for (j in result[i])
printf ",%s", j ;
print ""} }' |
sed -e 's/,/\t/'
Output-
output.txt-
Code:
# Nmap 7.01 scan initiated Sat Mar 15 06:27:08 2017 as: nmap -oG output.txt -T4 -f -iL iplist.txt
Host: 192.168.1.99 () Status: Up
Host: 192.168.1.99 () Ports: 135/open/tcp//msrpc///, 139/open/tcp//netbios-ssn///, 445/open/tcp//microsoft-ds///, 514/filtered/tcp//shell///, 554/open/tcp//rtsp///, 902/open/tcp//iss-realsecure///, 912/open/tcp//apex-mesh///, 1025/open/tcp//NFS-or-IIS///, 1026/open/tcp//LSA-or-nterm///, 1027/open/tcp//IIS///, 1028/open/tcp//unknown///, 1036/open/tcp//nsstp///, 2869/open/tcp//icslap///, 5357/open/tcp//wsdapi///, 10243/open/tcp//unknown/// Ignored State: closed (985)
Host: 192.168.0.1 () Status: Up
Host: 192.168.0.1 () Status: Up
Host: 192.168.0.101 () Status: Up
Host: 192.168.0.101 () Status: Up
# Nmap done at Sat Mar 15 06:29:02 2017 -- 3 IP addresses (3 hosts up) scanned in 113.19 seconds
Error-
Code:
awk: 2: unexpected character '''
awk: filter.awk: line 4: syntax error at or near [
awk: filter.awk: line 7: syntax error at or near [
awk: 9: unexpected character '''
Ok. With that kind of input and the way you are starting awk, I'd try something like the pieces below. The Output Field Separator (OFS) can be set to a tab if you like. However, the following does not really use it because of the printf. Also, since the string "open" could possibly come in several contexts, it's best to not rely on it by itself and add in an extra check.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.