Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/leonjza/awesome-nmap-grep
Awesome Nmap Grep
https://github.com/leonjza/awesome-nmap-grep
List: awesome-nmap-grep
bash grep nmap pentesting scan
Last synced: 15 days ago
JSON representation
Awesome Nmap Grep
- Host: GitHub
- URL: https://github.com/leonjza/awesome-nmap-grep
- Owner: leonjza
- Created: 2016-06-28T07:45:37.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2019-11-17T15:54:56.000Z (almost 5 years ago)
- Last Synced: 2024-05-22T04:15:15.592Z (6 months ago)
- Topics: bash, grep, nmap, pentesting, scan
- Homepage:
- Size: 8.79 KB
- Stars: 309
- Watchers: 14
- Forks: 45
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **150**ζ
README
# awesome-nmap-grep π₯
A collection of awesome, _grep-like_ commands for the `nmap` greppable output
(`-oG`) format. This repository aims to serve as a quick reference to modify the
output into readable formats.
All of the below commands assume the output was saved to a file called
`output.grep`. The example command to produce this file as well as the sample
outputs was: `nmap -v --reason 127.0.0.1 -sV -oG output.grep -p-`.
Finally, the `NMAP_FILE` variable is set to contain `output.grep`.
## commands
* [Count Number of Open Ports](#count-number-of-open-ports)
* [Top 10 Open Ports](#print-the-top-10-ports)
* [Top Service Identifiers](#top-service-identifiers)
* [Top Service Names](#top-service-names)
* [Hosts and Open Ports](#hosts-and-open-ports)
* [Banner Grab](#banner-grab)
## count number of open ports
### command
```bash
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
sed -n -e 's/Ignored.*//p' | \
awk -F, '{split($0,a," "); printf "Host: %-20s Ports Open: %d\n" , a[1], NF}' \
| sort -k 5 -g
```
### output
```bash
Host: 127.0.0.1 Ports Open: 16
```
### explained
```bash
$ NMAP_FILE=output.grep
$ egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
# | ββββββββ¬βββββββ | | ββ Select the rest of
# | | | | the fields which
# | | | | will be the open
# | | | | ports.
# | | | |
# | | | ββ Select the second field
# | | | to print which will
# | | | be IP Address
# | | |
# | | ββ The file containing the grepable output.
# | |
# | ββ Ignore lines that start with a # or contain the string
# | 'Status: Up'
# |
# ββ Inverse the pattern match
sed -n -e 's/Ignored.*//p' | \
# | | ββββββββ¬ββββββββ
# | | ββ Remove text from the string 'Ignored' onwards.
# | |
# | ββ Specify the script to execute.
# |
# ββ Be quiet on errors.
awk -F, '{split($0,a," "); printf "Host: %-20s Ports Open: %d\n" , a[1], NF}' | \
# | ββββββββ¬βββββββ βββ¬ββ βββ¬ββ |
# | | | Use the second element β |
# | | | in array a defined by |
# | | | the previous split(). |
# | | | |
# | | | The total columns ββββββ
# | | | extracted.
# | | |
# | | ββ Pad the string to 20 spaces.
# | |
# | ββ Split the item in the first column again by space,
# | storing the resultant array into a.
# |
# ββ Print a string from a format string
sort -k 5 -g
```
## print the top 10 ports
### command
```bash
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f4- | \
sed -n -e 's/Ignored.*//p' | tr ',' '\n' | sed -e 's/^[ \t]*//' | \
sort -n | uniq -c | sort -k 1 -r | head -n 10
```
### output
```bash
1 9001/open/tcp//tor-orport?///
1 9000/open/tcp//cslistener?///
1 8080/open/tcp//http-proxy///
1 80/open/tcp//http//Caddy/
1 6379/open/tcp//redis//Redis key-value store/
1 631/open/tcp//ipp//CUPS 2.1/
1 6234/open/tcp/////
1 58377/filtered/tcp/////
1 53/open/tcp//domain//dnsmasq 2.76/
1 49153/open/tcp//mountd//1-3/
```
### explained
```bash
$ NMAP_FILE=output.grep
$ egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f4- | \
# | ββββββββ¬βββββββ | ββ Select only the fields
# | | | with the port details.
# | | |
# | | ββ The file containing the grepable output.
# | |
# | ββ Ignore lines that start with a # or contain the string
# | 'Status: Up'
# |
# ββ Inverse the pattern match
sed -n -e 's/Ignored.*//p' | tr ',' '\n' | sed -e 's/^[ \t]*//' | \
# | | ββββββββ¬ββββββββ ββ¬β βββ¬β βββββββ¬ββββββ
# | | | | | ββ Remove tabs and
# | | | | | spaces.
# | | | | ββ ... with newlines.
# | | | |
# | | | ββ Replace commas ...
# | | |
# | | ββ Remove text from the string 'Ignored' onwards.
# | |
# | ββ Specify the script to execute.
# |
# ββ Be quiet on errors.
sort -n | uniq -c | sort -k 1 -r | head -n 10
# | | | ββ Print the first 10 lines.
# | | |
# | | ββ Output result in reverse
# | |
# | ββ Count occurrences
# |
# ββ Sort numerically.
```
## top service identifiers
### command
```bash
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d ' ' -f4- | tr ',' '\n' | \
sed -e 's/^[ \t]*//' | awk -F '/' '{print $7}' | grep -v "^$" | sort | uniq -c \
| sort -k 1 -nr
```
### output
```bash
2 Caddy
2 1-3 (RPC 100005)
1 dnsmasq 2.76
1 Redis key-value store
1 OpenSSH 6.9 (protocol 2.0)
1 MySQL 5.5.5-10.1.14-MariaDB
1 CUPS 2.1
```
## top service names
### command
```bash
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d ' ' -f4- | tr ',' '\n' | \
sed -e 's/^[ \t]*//' | awk -F '/' '{print $5}' | grep -v "^$" | sort | uniq -c \
| sort -k 1 -nr
```
### output
```bash
2 mountd
2 http
1 unknown
1 tor-orport?
1 ssl|https
1 ssh
1 redis
1 mysql
1 ipp
1 http-proxy
1 domain
1 cslistener?
```
## hosts and open ports
### command
```bash
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
sed -n -e 's/Ignored.*//p' | \
awk '{print "Host: " $1 " Ports: " NF-1; $1=""; for(i=2; i<=NF; i++) { a=a" "$i; }; split(a,s,","); for(e in s) { split(s[e],v,"/"); printf "%-8s %s/%-7s %s\n" , v[2], v[3], v[1], v[5]}; a="" }'
```
### output
```bash
Host: 127.0.0.1 Ports: 16
open tcp/22 ssh
open tcp/53 domain
open tcp/80 http
open tcp/443 https
open tcp/631 ipp
open tcp/3306 mysql
open tcp/4767 unknown
open tcp/6379
open tcp/8080 http-proxy
open tcp/8081 blackice-icecap
open tcp/9000 cslistener
open tcp/9001 tor-orport
open tcp/49152 unknown
open tcp/49153 unknown
filtered tcp/54695
filtered tcp/58369
```
## banner grab
### command
```bash
NMAP_FILE=output.grep
egrep -v "^#|Status: Up" $NMAP_FILE | cut -d' ' -f2,4- | \
awk -F, '{split($1,a," "); split(a[2],b,"/"); print a[1] " " b[1]; for(i=2; i<=NF; i++) { split($i,c,"/"); print a[1] c[1] }}' \
| xargs -L1 nc -v -w1
```
### output
*Sample*
```bash
found 0 associations
found 1 connections:
1: flags=82
outif lo0
src 127.0.0.1 port 52224
dst 127.0.0.1 port 3306
rank info not available
TCP aux info available
Connection to 127.0.0.1 port 3306 [tcp/mysql] succeeded!
Y
5.5.5-10.1.14-MariaDBοΏ½uds9^MIfοΏ½οΏ½!?οΏ½EgVZ>iv7KTD7mysql_native_passwordfound 0 associations
nc: connectx to 127.0.0.1 port 54695 (tcp) failed: Connection refused
nc: connectx to 127.0.0.1 port 58369 (tcp) failed: Connection refused
```