Re: Nmap results formatting

• Previous message: ynotssor: "Re: Nmap results formatting"
• In reply to: hadavidi: "Nmap results formatting"
• Next in thread: Nico Coetzee: "Re: Nmap results formatting"
• Reply: Nico Coetzee: "Re: Nmap results formatting"
• Reply: Nico Coetzee: "Re: Nmap results formatting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Nico Coetzee <abuse@mweb.co.za>
Date: Sun, 16 Mar 2003 21:07:06 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Perl is your friend...

Just one note first - to check for UDP ports, you have to be root, so the
following should be run as root:

# nmap -sU -sT -P0 127.0.0.1 | perl -e 'while (<>){ chomp; if (
/^(\d+\/\w+\s+open\s+\w+)/ ) { print "$1\n"; } }'
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
111/udp open sunrpc
443/tcp open https
3306/tcp open mysql
6000/tcp open X11

As you can see the command only prints the open ports on both TCP and UDP
ports.

Now the mysql db - this is my version and you may need to adjust to your
needs:

<DB>
USE TEST;

#
# Table structure for table `hosts`
#

DROP TABLE IF EXISTS `hosts`;
CREATE TABLE `hosts` (
  `ip` varchar(15) NOT NULL default '',
  PRIMARY KEY (`ip`)
) TYPE=MyISAM;

#
# Dumping data for table `hosts`
#

INSERT INTO `hosts` (`ip`) VALUES ('127.0.0.1');
# --------------------------------------------------------

#
# Table structure for table `ports_open`
#

DROP TABLE IF EXISTS `ports_open`;
CREATE TABLE `ports_open` (
  `ip` varchar(15) NOT NULL default '',
  `port` int(11) NOT NULL default '0',
  `type` char(3) NOT NULL default 'TCP'
) TYPE=MyISAM;

#
# Dumping data for table `ports_open`
#

# --------------------------------------------------------
</DB>

Now the perl script to populate the DB:

<PERL>
#!/usr/bin/perl

use DBI;
$dbuser = "root";
$dbpassword = "";
$dbname = "test";

# connect
$dbh1 = DBI->connect("dbi:mysql:database=$dbname;host=localhost", $dbuser,
$dbpa
ssword );
$dbh2 = DBI->connect("dbi:mysql:database=$dbname;host=localhost", $dbuser,
$dbpa
ssword );

# get the hosts to scan:
$sql1 = "SELECT DISTINCT ip FROM hosts";
$sth1 = $dbh1->prepare( $sql1 );
$rv1 = $sth1->execute();
if ( $rv1 =~ /^0E0/ ) {

        # error - die
        print STDERR "err: no hosts were returned by the SQL query.\n";
        exit;
        
} else {

        while ( ( $ip ) = $sth1->fetchrow_array() ) {
        
                @lines = ();
                @lines = `nmap -sU -sT -P0 $ip | perl -e 'while (<>){ chomp;
if
( /^(\\d+\\/\\w+\\s+open\\s+\\w+)/ ) { print "\$1\\n"; } }'`;

                # each line returned will look smething like this:
                # 22/tcp open ssh
                foreach $line ( @lines ) {
                
                        chomp( $line );
                        ( $f1, $f2, $f3 ) = split( /\s+/, $line );
                        ( $port, $type ) = split( /\//, $f1 );

                        $sql2 = "INSERT INTO ports_open ( ip, port, type )
VALUES ( '$ip', $port, '$type' )";
                        $dbh2->do( $sql2 );

                }

        }
        
}

# disconnect
$dbh1->disconnect();
$dbh2->disconnect();

exit;
</PERL>

You can save this file as test.pl or something and chmod it to make it
executable.

When you run the script, it collects IP addresses from the 'hosts' table in
the MySQL DB, and runs the nmap command against each IP. The results are
then inserted into the 'ports_open' table. In my example I run against the
localhost ( 127.0.0.1 ). After the script completes, I get the following in
MySQL:

mysql> SELECT * FROM ports_open;
+-----------+------+------+
| ip | port | type |
+-----------+------+------+
| 127.0.0.1 | 22 | tcp |
| 127.0.0.1 | 25 | tcp |
| 127.0.0.1 | 80 | tcp |
| 127.0.0.1 | 111 | tcp |
| 127.0.0.1 | 111 | udp |
| 127.0.0.1 | 443 | tcp |
| 127.0.0.1 | 3306 | tcp |
| 127.0.0.1 | 6000 | tcp |
+-----------+------+------+
8 rows in set (0.00 sec)

Hope that gives you some ideas...

Cheers

hadavidi wrote:

> Hi
>
> We have recently started using nmap to map our internal networks. With
> my limited knowledge, currently all the results are stored in txt file
> format. I am pretty sure that is not efficient and there must be a
> better way to store the scan results for future reference. I am
> wondering how does one send the results of the scan into a database
> (mySQL/Access/SQL Server). Does one have to write a script to parse
> through the txt file or are there any other work arounds that you
> gurus out there can help me with?
>
> Thanks
> Hadavidi.

- --
Nico Coetzee
http://www.itfirms.co.za/
http://forums.databasejournal.com/forumdisplay.php?s=788736705b517e504187ebd083a6dcd7&forumid=9

Do not reply to the e-mail address. It is intended for spammers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+dMtbZUkXcZNANSsRApUzAJ9py3KejvTXi89eSbRO1j1+iRajGQCg73Hf
3oXzjQF5jxBxqafm1zk49CA=
=TzkX
-----END PGP SIGNATURE-----

• Previous message: ynotssor: "Re: Nmap results formatting"
• In reply to: hadavidi: "Nmap results formatting"
• Next in thread: Nico Coetzee: "Re: Nmap results formatting"
• Reply: Nico Coetzee: "Re: Nmap results formatting"
• Reply: Nico Coetzee: "Re: Nmap results formatting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]