Nmap Output Format Scan for Ethical Hackers – Part 1

nmap src tryhackme

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Introduction

One tool that is very important for every pentester or ethical hacker, if we talk about network and port scanning, is Nmap, also known as Network Mapper. While scanning a large network, it shows too many ports, services, versions, and so on open or available, and saving all the results for documentation and reporting is also an important aspect of a pentester or ethical hacker.

The Nmap has the capability to prepare scan results in various formats, like Normal (.txt), XML (.xml), Grepable, and Alias. For demonstration, I used two machines one is Kali Linux, and the other is Metasploitable. Here is the IP of my Metasploitable machine –

I scan a metasploitable machine because it has too many ports open, so for demonstration purposes, it will be more efficient to prepare a complete report.

Report in normal format

This is the normal format of a report, which shows only the open ports, states, and services. Using the following command.

 nmap -oN <filename> <ip>

After running the command, we search for a saved file by using a command ls 

We have successfully saved the report in a normal format and now we will open the file using command cat result.txt

All the open ports, their state and the services running on them have been successfully saved.

Report in XML Format

XML stands for Extensible Markup Language; this format of report contains more information than normal format, like host, port, states, timestamps, run statistics, debugging and more. It is a tree-structured file format supported by nmap. 

nmap -oX <filename> <ip>

As this result is not in a structured format, it looks very messed up and disorganized. That’s why most of the pentesters prefer getting an HTML style sheet as their report, as it gives a much more organized report.

xsltproc <filename> -o <outputfilename>
firefox <outputfilename>

Executing this command will automatically open the firefox browser

Executing this command will automatically open the firefox browser

Report in both XML and Normal format

We can save both file formats at the same time, and the pentester can use both of them according to their needs. 

nmap -oN <filename> -oX <filename> <ip>

Both files are saved separately and have the same report as above in normal and XML format, which you can open and check on your own. I am not attaching that snapshot.

Verbosity mode in Normal format

You can use verbosity mode, and by increasing it, you can print more information about the scan; details include open ports, the estimated time of completion, and much more.

nmap -vv -oN <filename> <ip>

By going through the file, we can see the report of the verbose scan.

Debugging Mode in Normal Format

When verbose mode doesn’t provide too much information about the target, then we can use debug mode and save the report in the normal format, and we can also increase the level of debug by specifying its numbers.

nmap -d2 -oN <filename> <ip>

Scanning for the specific ports-

If you don’t want extra ports and too much information in your report, then you can also specify the port number options you want to configure and save the result using the command:

nmap -p 22,80 -sV  -oX <filename> <ip>

Here I saved a result in XML format, but you can save it in any desired format of your choice.

Here we see the result only for specific ports provided by me, not any other port. This option is very useful when numerous ports are open but you want results for a specific port.

Continued in Part 2