Re: Nmap results formatting

From: Nico Coetzee (abuse@mweb.co.za)
Date: 03/16/03 

From: Nico Coetzee <abuse@mweb.co.za>
Date: Sun, 16 Mar 2003 21:07:06 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Perl is your friend...

Just one note first - to check for UDP ports, you have to be root, so the
following should be run as root:

# nmap -sU -sT -P0 127.0.0.1 | perl -e 'while (<>){ chomp; if (
/^(\d+\/\w+\s+open\s+\w+)/ ) { print "$1\n"; } }'
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
111/udp open sunrpc
443/tcp open https
3306/tcp open mysql
6000/tcp open X11

As you can see the command only prints the open ports on both TCP and UDP
ports.

Now the mysql db - this is my version and you may need to adjust to your
needs:

<DB>
USE TEST;

#
# Table structure for table `hosts`
#

DROP TABLE IF EXISTS `hosts`;
CREATE TABLE `hosts` (
  `ip` varchar(15) NOT NULL default '',
  PRIMARY KEY (`ip`)
) TYPE=MyISAM;

#
# Dumping data for table `hosts`
#

INSERT INTO `hosts` (`ip`) VALUES ('127.0.0.1');
# --------------------------------------------------------

#
# Table structure for table `ports_open`
#

DROP TABLE IF EXISTS `ports_open`;
CREATE TABLE `ports_open` (
  `ip` varchar(15) NOT NULL default '',
  `port` int(11) NOT NULL default '0',
  `type` char(3) NOT NULL default 'TCP'
) TYPE=MyISAM;

#
# Dumping data for table `ports_open`
#

# --------------------------------------------------------
</DB>

Now the perl script to populate the DB:

<PERL>
#!/usr/bin/perl

use DBI;
$dbuser = "root";
$dbpassword = "";
$dbname = "test";

# connect
$dbh1 = DBI->connect("dbi:mysql:database=$dbname;host=localhost", $dbuser,
$dbpa
ssword );
$dbh2 = DBI->connect("dbi:mysql:database=$dbname;host=localhost", $dbuser,
$dbpa
ssword );

# get the hosts to scan:
$sql1 = "SELECT DISTINCT ip FROM hosts";
$sth1 = $dbh1->prepare( $sql1 );
$rv1 = $sth1->execute();
if ( $rv1 =~ /^0E0/ ) {

        # error - die
        print STDERR "err: no hosts were returned by the SQL query.\n";
        exit;
        
} else {

        while ( ( $ip ) = $sth1->fetchrow_array() ) {
        
                @lines = ();
                @lines = `nmap -sU -sT -P0 $ip | perl -e 'while (<>){ chomp;
if
( /^(\\d+\\/\\w+\\s+open\\s+\\w+)/ ) { print "\$1\\n"; } }'`;

                # each line returned will look smething like this:
                # 22/tcp open ssh
                foreach $line ( @lines ) {
                
                        chomp( $line );
                        ( $f1, $f2, $f3 ) = split( /\s+/, $line );
                        ( $port, $type ) = split( /\//, $f1 );

                        $sql2 = "INSERT INTO ports_open ( ip, port, type )
VALUES ( '$ip', $port, '$type' )";
                        $dbh2->do( $sql2 );

                }

        }
        
}

# disconnect
$dbh1->disconnect();
$dbh2->disconnect();

exit;
</PERL>

You can save this file as test.pl or something and chmod it to make it
executable.

When you run the script, it collects IP addresses from the 'hosts' table in
the MySQL DB, and runs the nmap command against each IP. The results are
then inserted into the 'ports_open' table. In my example I run against the
localhost ( 127.0.0.1 ). After the script completes, I get the following in
MySQL:

mysql> SELECT * FROM ports_open;
+-----------+------+------+
| ip | port | type |
+-----------+------+------+
| 127.0.0.1 | 22 | tcp |
| 127.0.0.1 | 25 | tcp |
| 127.0.0.1 | 80 | tcp |
| 127.0.0.1 | 111 | tcp |
| 127.0.0.1 | 111 | udp |
| 127.0.0.1 | 443 | tcp |
| 127.0.0.1 | 3306 | tcp |
| 127.0.0.1 | 6000 | tcp |
+-----------+------+------+
8 rows in set (0.00 sec)

Hope that gives you some ideas...

Cheers

hadavidi wrote:

> Hi
>
> We have recently started using nmap to map our internal networks. With
> my limited knowledge, currently all the results are stored in txt file
> format. I am pretty sure that is not efficient and there must be a
> better way to store the scan results for future reference. I am
> wondering how does one send the results of the scan into a database
> (mySQL/Access/SQL Server). Does one have to write a script to parse
> through the txt file or are there any other work arounds that you
> gurus out there can help me with?
>
> Thanks
> Hadavidi.

- --
Nico Coetzee
http://www.itfirms.co.za/
http://forums.databasejournal.com/forumdisplay.php?s=788736705b517e504187ebd083a6dcd7&forumid=9

Do not reply to the e-mail address. It is intended for spammers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+dMtbZUkXcZNANSsRApUzAJ9py3KejvTXi89eSbRO1j1+iRajGQCg73Hf
3oXzjQF5jxBxqafm1zk49CA=
=TzkX
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Nmap results formatting
    ... Just one note first - to check for UDP ports, you have to be root, so the ... As you can see the command only prints the open ports on both TCP and UDP ... DROP TABLE IF EXISTS `hosts`; ... Now the perl script to populate the DB: ...
    (comp.security.unix)
  • Re: how to build Spamassassin
    ... The ports collection is great for certain things. ... it for spam assassin on 4.9 Stable. ... Install Perl 5.8.2 from ports ... Install Spam assassin from ports ...
    (freebsd-questions)
  • Re: Can anyone program perl and fix a script?
    ... you would find lots of perl code to look at for examples of a perl commands. ... that is a huge list of ports and services. ... grep torrent /etc/services and see what you can see. ... Sounds like you need a filter rule in iptables to throttle torrent connection. ...
    (alt.os.linux)
  • Re: HWS error
    ... BizTalk supports two kinds of hosts: ... Assuming you are still facing the same HWS error, here are a few things to do. ... Create physical ports and bind them to the orchestration as described here: http://msdn.microsoft.com/library/en - ...
    (microsoft.public.biztalk.general)
  • Re: devel/imake-4 errors out on mkhtmlindex
    ... I just stumbled over the same problem, it turned out to be a perl problem. ... After installing perl from the ports one should do something like ... installing man pages in config/pswrap... ...
    (freebsd-questions)