Home

Awesome

nmap-parse

nmap-parse is a python3 command line nmap XML parser. The default use of the tool accepts a list of nmap XML files and/or directories (containing nmap XML files). The '-r' flag can be used to recurse all sub-directories in search of additional nmap files.

Main Features

Prerequisites

All prerequisites can be installed by running the following command:

pip3 install -r requirements.txt

This script requires python3 and the following modules:

Quick Start

Launch interactive mode against a directory of nmap files:

./nmap-parse.py -i /tmp/nmap-files-directory/

Use the help command or the Wiki to see what commands are available

Help Output

Help output for nmap-parse:

> nmap-parse --help
Usage: nmap-parse.py [options] [list of nmap xml files or directories containing xml files]

Options:
-h, --help            show this help message and exit
-p PORTS, --port=PORTS
		    Optional port filter argument e.g. 80 or 80,443
--service=SVCFILTER   Optional service filter argument e.g. http or ntp,http
		    (only used in conjunction with -s)
-e CMD, --exec=CMD    Script or tool to run on each IP remaining after port
		    filter is applied. IP will be appended to end of
		    script command line
-l, --iplist          Print plain list of matching IPs
-a, --alive-hosts     Print plain list of all alive IPs
-s, --service-list     Also print list of unique services with names
-S, --host-summary    Show summary of scanned/alive hosts
-v, --verbose         Verbose service list
-u, --unique-ports     Print list of unique open ports
-R, --raw             Only print raw output (no headers)
-r, --recurse         Recurse subdirectories if directory provided for nmap
		    files
-i, --interactive     Enter interactive shell
-c COMBINE, --combine=COMBINE
		    Combine all input files into single nmap-parse
		    compatible xml file
-V, --version         Print version info

Default usage

By default the script outputs a summary of open ports for each host as well as a unique port list (accross all hosts).

The following example uses the nmap XML found at: https://nmap.org/book/output-formats-xml-output.html

Command:

> nmap-parse /tmp/example.xml 

Output:

Loading [1 of 1] /tmp/example.xml
Successfully loaded 1 files

IP and port list
----------------

74.207.244.221[scanme.nmap.org] [22, 80]

Unique open port list
---------------------
TCP:
----
22,80

UDP:
----


Combined:
---------
22,80

Summary
-------
Total hosts: 1
Alive hosts: 1

Flags

Below are additional details regarding the flags available

Interactive Mode

This is the most feature which allows the parsed nmap data to be queried and saved interactivly. All nmap files are parsed during initialisation therefore there is no delay between queries (waiting for the XML to parse) as there is with the command flags.

Usage

> nmap-parse /tmp/example.xml -i

Console output

Loading [1 of 1] /tmp/example.xml
Successfully loaded 1 files
-----------------------------------------------------------

 /$$   /$$                                             
| $$$ | $$                                             
| $$$$| $$ /$$$$$$/$$$$   /$$$$$$   /$$$$$$            
| $$ $$ $$| $$_  $$_  $$ |____  $$ /$$__  $$           
| $$  $$$$| $$ \ $$ \ $$  /$$$$$$$| $$  \ $$           
| $$\  $$$| $$ | $$ | $$ /$$__  $$| $$  | $$           
| $$ \  $$| $$ | $$ | $$|  $$$$$$$| $$$$$$$/           
|__/  \__/|__/ |__/ |__/ \_______/| $$____/            
				  | $$                 
				  | $$                 
				  |__/                 
       /$$$$$$$                                        
      | $$__  $$                                       
      | $$  \ $$ /$$$$$$   /$$$$$$   /$$$$$$$  /$$$$$$ 
      | $$$$$$$/|____  $$ /$$__  $$ /$$_____/ /$$__  $$
      | $$____/  /$$$$$$$| $$  \__/|  $$$$$$ | $$$$$$$$
      | $$      /$$__  $$| $$       \____  $$| $$_____/
      | $$     |  $$$$$$$| $$       /$$$$$$$/|  $$$$$$$
      |__/      \_______/|__/      |_______/  \_______/

-----------------------------------------------------------

Welcome to nmap parse! Type ? to list commands
Tip: You can send output to clipboard using the redirect '>' operator without a filename

np> help

Documented commands (type help <topic>):

Nmap Commands
=============
alive_hosts  list  ports  scanned_hosts  set  show  unset

Other
=====
alias  exit  history  macro  pyscript  shell    
edit   help  load     py     quit      shortcuts


np> 

Available Commands

show options

This lists all available user configurable options:

np> show options

| Setting        | Type   | Value   | Description                                                                       |
|----------------|--------|---------|-----------------------------------------------------------------------------------|
| service_filter | string |         | Comma seperated list of services to show, e.g. "http,ntp"                         |
| port_filter    | string |         | Comma seperated list of ports to show, e.g. "80,123"                              |
| host_filter    | string |         | Comma seperated list of hosts/subnets to show, e.g. "127.0.0.1,10.0.0.0/24"       |
| have_ports     | bool   | True    | When enabled, hosts with no open ports are excluded from output  [ True / False ] |
| include_ports  | bool   | True    | Toggles whether ports are included in 'list/services' output  [ True / False ]    |
| verbose        | bool   | False   | Shows verbose service information  [ True / False ]                               |
| raw            | bool   | False   | Shows raw output (no headings)  [ True / False ]                                  |

set [option] [value]

The set command is used to set an option. Tab completion is supported for service_filter and host_filter. The service_filter attempts to complete from the following files (in order):

Usage:
np> set host_filter 74.207.244.221 
Set [host_filter] ==> '74.207.244.221'  

unset [option]

The unset command is used to unset an option.

Usage:
np> unset host_filter 
Set [host_filter] ==> ''  
    

list

This works in the same way as the "-l / --iplist" flag and prints all hosts that match the specified filters. When service_filter or port_filter is set (and coloured output is supported) the output will colour the affected ports green.

Usage:
np> list

Matched IP list
---------------
74.207.244.221	tcp:[22,80]  udp:[]  

alive_hosts

This works in the same way as the "-a / --alive-hosts" flag and prints all hosts with a status of 'up'.

ports

By default this will list all unique TCP and UDP ports as well as a combined list, e.g.:

np> ports

Unique open port list
---------------------
TCP:
----
22,80

UDP:
----


Combined:
---------
22,80

scanned_hosts

This lists all IP addresses that were part of the nmap scans regardless of their status

Useful Tips

Examples

Get all open ports for subnet 74.207.244.0/24

np> set host_filter 74.207.244.0/24
host_filter - was: 
now: 74.207.244.0/24

np> ports combined 

Unique open port list (combined)
--------------------------------

22,80

Copy ports to clipboard (headings arent copied)

np> ports combined >

List all systems with http running

np> set service_filter http
service_filter - was: 
now: http

np> list

Output filtered by:
-------------------
Service filter: ['http']


Matched IP list
---------------

74.207.244.221	tcp:[22,80]  udp:[]  

List all systems with http running (only IP):

np> set include_ports false
include_ports - was: True
now: False

np> list

Output filtered by:
-------------------
Service filter: ['http']


Matched IP list
---------------

74.207.244.221

Disable headings from console (this is the same output as the above command)

np> set raw true
raw - was: False
now: True

np> list
74.207.244.221