Jump to content
antmar904

Help Parsing nmap scan logs

Recommended Posts

Hi,

I have a bunch of nmap.exe scan logs that I would like to get the results from and put into a excel sheet.

Attached is an example of the output nmap log.  IPs were manually changed.

I would like the ip address in column A and any open ports in the next column B.

Any help to get me started would be much appreciated.

I'm guessing I would have to use "StringRegExp" then output to a csv?

#include<AutoItConstants.au3>
#include<FileConstants.au3>
#include<Array.au3>
#include<File.au3>

Global $Files = _FileListToArray(@ScriptDir & "\ScanResults\", "*", 1, False), $Results = @ScriptDir & "\Results.csv"

;_ArrayDisplay($Files) ;Debug

For $i = 0 To UBound($Files) -1
    $a = StringRegExp(FileRead($Files[$i]), " STUCK!! ")
Next

image.png.ceb4900a659d51fa196f492f94242b76.png

ExampleResults.txt

Share this post


Link to post
Share on other sites
Posted (edited)

in this instance I would chop up the text into sections and process that way.

Threw this together, works with your sample but not sure if it will work with the full file.

$hFile = FileOpen("C:\Downloads\ExampleResults.txt", 0)
$sData = FileRead($hFile)


$aSplit = StringSplit($sData, "Nmap scan report for", 1)
ConsoleWrite("Segments = " & $aSplit[0] & @CRLF)

global $aOutput[$aSplit[0]][2]  ;Create an array that will store the info


For $i = 2 to $aSplit[0]    ;Skipping 1 since it will be the file header stuff

    $aLines = StringSplit($aSplit[$i], @CRLF)   ;Split up each section by line
    ConsoleWrite("Segment " & $i & " contains " & $aLines[0] & " lines" & @CRLF)

    If $aLines[0] < 4 then ContinueLoop         ;Attempt to skip sections that are not a scan report

    $aOutput[$i - 2][0] = StringStripWS($aLines[1], 8)  ;Save the IP address

    For $r = 2 to $aLines[0]
        If StringInStr($aLines[$r], "open") Then    
            If $aOutput[$i - 2][1] <> "" Then
                $aOutput[$i - 2][1] &= "," & StringLeft($aLines[$r], StringInStr($aLines[$r], "/") - 1)
            Else
                $aOutput[$i - 2][1] = StringLeft($aLines[$r], StringInStr($aLines[$r], "/") - 1)
            EndIf
        EndIf

    Next

Next

;Use the _Excel functions to write to a spreadsheet

For $o = 0 to UBound($aOutput) - 1
    ConsoleWrite($aOutput[$o][0] & @TAB & $aOutput[$o][1] & @CRLF)
Next

 

Edited by BigDaddyO

hmm... I guess I have to have a signature...

Share this post


Link to post
Share on other sites

@Nine

thank you.  your script worked however I forgot to add in my sample text that the DNS name COULD should before the ip address.

exp:

Nmap scan report for smtadfap-1.kretasdfaez.com.ar (1.1.1.1)
Host is up (0.18s latency).
Not shown: 1091 filtered ports
PORT    STATE SERVICE
25/tcp  open  smtp
443/tcp open  https
 

The DNS name could contain numbers, letters and special characters.

Share this post


Link to post
Share on other sites

@antmar904

The fact is that you could have more than four ports, and so, you should/could extract them in a separate instruction.

By the way, the pattern below extracts even  the DNS from the string:

'(?s)Nmap scan report for (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[-.\w]+\s\([^)]+\)).*?(\d+)\/[^\n]+\n(\d+)\/[^\n]+\n(\d+)\/[^\n]+\n(\d+)\/[^\n]+\n'

:)


Click here to see my signature:

Spoiler

Thoughts:

  • I will always thank you for the time you spent for me.
    I'm here to ask, and from your response, I'd like to learn.
    By my knowledge, I can help someone else, and "that someone" could help in turn another, and so on.

/*--------------------------------------------------------------------------------------------------------------------------------------------------------------------------*/

ALWAYS GOOD TO READ:

 

Share this post


Link to post
Share on other sites
Posted (edited)

@Nine thank you for your help.  the nmap output file could have many variations.  sorry about that. 

@FrancescoDiMuro if I run your string on this output file, some ips are missed and not shown in the array.

 

Unable to find nmap-services!  Resorting to /etc/services
# Nmap 7.70 scan initiated Tue Apr 02 10:55:13 2019 as: nmap.exe -oN C:\20.3.170.4-30.txt 20.3.170.4-30
Cannot find nmap-payloads. UDP payloads are disabled.
Nmap scan report for ip-20-003-170-005.cooxcvzgpvgg.com.ar (20.3.170.5)
Host is up (0.19s latency).
Not shown: 1089 closed ports
PORT    STATE    SERVICE
53/tcp  filtered domain
79/tcp  open     finger
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

Nmap scan report for ip-20-003-170-006.cooxcvzgpvgg.com.ar (20.3.170.6)
Host is up (0.19s latency).
Not shown: 1090 closed ports
PORT    STATE    SERVICE
53/tcp  filtered domain
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

Nmap scan report for (20.3.170.9)
Host is up (0.18s latency).
Not shown: 1092 filtered ports
PORT     STATE SERVICE
3389/tcp open  ms-wbt-server

Nmap scan report for smtp-1.kressdfg.tz.com.ar (20.3.170.10)
Host is up (0.18s latency).
Not shown: 1091 filtered ports
PORT    STATE SERVICE
25/tcp  open  smtp
443/tcp open  https

Nmap scan report for ip-20-003-170-012.cooxcvzgpvgg.com.ar (20.3.170.12)
Host is up (0.18s latency).
Not shown: 1092 filtered ports
PORT    STATE  SERVICE
443/tcp closed https

Nmap scan report for ip-20-003-170-014.cooxcvzgpvgg.com.ar (20.3.170.14)
Host is up (0.19s latency).
Not shown: 1089 closed ports
PORT    STATE    SERVICE
53/tcp  filtered domain
79/tcp  open     finger
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

Nmap scan report for ip-20-003-170-017.cooxcvzgpvgg.com.ar (20.3.170.17)
Host is up (0.17s latency).
Not shown: 1089 closed ports
PORT    STATE    SERVICE
53/tcp  filtered domain
79/tcp  open     finger
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

Nmap scan report for (20.3.170.25)
Host is up (0.18s latency).
Not shown: 1089 closed ports
PORT    STATE    SERVICE
53/tcp  filtered domain
79/tcp  open     finger
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

# Nmap done at Tue Apr 02 10:57:05 2019 -- 27 IP addresses (8 hosts up) scanned in 112.01 seconds

image.png.5e29ec3f370b9c5cf9a254110b9aac7c.png

 

Edited by antmar904

Share this post


Link to post
Share on other sites

got it thanks.

working much better now however there are spaces between the ports but i could probably clean those up in excel.

 

image.thumb.png.3009e68645480af75eff834d7823a517.png

Share this post


Link to post
Share on other sites

I'm having issues trying to write the array to csv.  i think I keep overwriting the file...  I'd like to read all the scan result logs to one csv file:

 

For $i = 0 To UBound($Files) -1
    Local $sFile = FileRead($Files[$i])
    Local $aRes = StringRegExp ($sFile, "Nmap scan report for \K.*|\d+(?=/tcp)", $STR_REGEXPARRAYGLOBALMATCH)
Next

_FileWriteFromArray($Results, $aRes, 0)

 

Share this post


Link to post
Share on other sites
#include <Constants.au3>
#include <Array.au3>
#include <Excel.au3>

Opt ("MustDeclareVars", 1)

Local $sFile = FileRead ("ExampleResults2.txt")
Local $aRes = StringRegExp ($sFile, "(?s)Nmap scan report for.*?\((\d+\.\d+\.\d+\.\d+)|\v{2}(\d{1,4})\/", $STR_REGEXPARRAYGLOBALMATCH)

Local $oExcel = _Excel_Open()
If @error Then Exit MsgBox($MB_SYSTEMMODAL, "", "Error creating the Excel application object.")
Local $oWorkbook = _Excel_BookNew($oExcel)
If @error Then Exit MsgBox($MB_SYSTEMMODAL, "", "Error creating the new workbook.")

Local $row = 1, $i = 0, $port
While $i < Ubound ($aRes)
  _Excel_RangeWrite($oWorkbook, $oWorkbook.Activesheet, $aRes[$i], "A" & $row)
  $port = ""
  $i += 1
  Do
    If $aRes[$i] <> "" Then $port &= $aRes[$i] & ","
    $i += 1
    If $i = Ubound ($aRes) Then ExitLoop
  Until StringInStr ($aRes[$i],".")
  _Excel_RangeWrite($oWorkbook, $oWorkbook.Activesheet, StringTrimRight ($port,1), "B" & $row)
  $row += 1
WEnd

that will write directly to Excel like you first wanted...but with this example, you could make it to a csv if you prefer

Share this post


Link to post
Share on other sites
Posted (edited)

I'm having issues with this.  I need to read each file then add it to a csv.

 

#include<AutoItConstants.au3>
#include<FileConstants.au3>
#include<Array.au3>
#include<File.au3>

Global $Files = _FileListToArray(@ScriptDir & "\ScanResults\", "*", 1, True), $Results = @ScriptDir & "Results.csv", $Array

;_ArrayDisplay($Files) ;Debug


For $i = 0 To UBound($Files) -1
    Local $sFile = FileRead($Files[$i])
    Local $aRes = StringRegExp ($sFile, "Nmap scan report for \K.*|\d+(?=/tcp)", $STR_REGEXPARRAYGLOBALMATCH)
    ;_ArrayDisplay($aRes)
Next
Exit

 

Edited by antmar904

Share this post


Link to post
Share on other sites

@antmar904

First of all, start your For...Next loop from 1, since the 0th element in the array contains the number of files obtained from _FileListToArray().

Then, explain as clearer as you can what kind of result are your expecting from your script, and finally attach or post a sample file, so we can take a look.


Click here to see my signature:

Spoiler

Thoughts:

  • I will always thank you for the time you spent for me.
    I'm here to ask, and from your response, I'd like to learn.
    By my knowledge, I can help someone else, and "that someone" could help in turn another, and so on.

/*--------------------------------------------------------------------------------------------------------------------------------------------------------------------------*/

ALWAYS GOOD TO READ:

 

Share this post


Link to post
Share on other sites

@FrancescoDiMuro Ok, I think I got it.

 

#include<AutoItConstants.au3>
#include<FileConstants.au3>
#include<Array.au3>
#include<File.au3>

Global $Files = _FileListToArray(@ScriptDir & "\ScanResults\", "*", 1, True)

Local $OutputFile = @ScriptDir & "\Results.txt"
Local $hFile = FileOpen($OutputFile, 1)
For $x = 1 to UBound ($Files) -1
    Local $File = FileRead($Files[$x])
    Local $aRes = StringRegExp ($File, "Nmap scan report for \K.*|\d+(?=/tcp)", $STR_REGEXPARRAYGLOBALMATCH)
    _FileWriteFromArray($hFile, $aRes)
Next
FileClose($Output)
Exit

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...