As we have already seen a couple of report formats and some useful options of nmap in the Part 1, we will continue Part 2 with the same energy.
Report in Grepable format
Each host is listed in a straightforward format that can be easily searched and parsed using common Unix tools like grep, awk, cut, sed, diff, and Perl.
It only requires a straightforward grep command to identify all the hosts that are running Solaris or that have the SSH port open, which can then be piped to an awk or cut command to print the required fields.
nmap -oG <filename> <ip>
I am using a different machine now; that’s why my IP has changed from the Part 1.
We can see in the following snapshot that the result is not in representative format, as all the information is mixed and is in a single line.
So we used the awk option to get the desired result from the output. The awk command is a Linux tool and programming language that allows users to process and manipulate data and produce formatted reports.
We change the values and try to interpret the information in the desired way.
You can also change the value and see the result according to your needs.
Repot in alias format
If you want to save all formats generated with extensions at once, then you can use the Alias format. These formats have extensions .nmap, .xml, and .grep.
nmap -oA <filespec> <ip>
After using nmap, we check for generated folders using
ls
and the report is successfully saved in all three formats. Now lets open it,
Appending the output
Nmap, by default, overwrites the logfiles using any input option. If you want to add the result to the file instead of overwriting it, you can use the append option. I scan for services and scripts running on a target and add the result to an existing file.
nmap -oN <filename> -sC -sV --append-output <ip>
As we already have a file named alias.nmap, I used it and added the result to the same.
Our script and service results have been successfully added to the existing file.
Some important options during Penetration testing
During penetration testing, you have to ignore overflowing of information as it creates confusion lot of times, Reporting only the required information can sometimes be a wiser choice. That’s why nmap have options like-
–reason : (Host and port state reasons)
nmap -oN <filename> --reason <ip>
–packet-trace : (Trace packets and data sent and received.)
nmap -oN <filename> --packet-trace <ip>
–open : (Show only open (or possibly open) ports.)
nmap -oN <filename> --open <ip>
You can try remaining options by your own, as I only mentioned important options You can refer for other options at – https://nmap.org/book/man-output.html
ScRipT KIdd|3 oUTpuT format
It is a kind of funny output, as this option makes fun of the script. You can use it for a fun or interactive report format.
nmap -oS <filename> <ip>