Nov 062009
 

As an auditor I liked to quickly analyze my Nmap scan results by parsing the XML output produced and loading it into my favorite spreadsheet application.
From there I could sort by host, port, service, or operating system for analysis. The parsed results are a lot easier to add to reports and workpapers. Just remember to keep the original Nmap results.
I’ve developed a LAMP framework to parse and load Nmap results into a database for reporting and analysis. However if you are just looking to quickly parse the results of individual scans I’ve got a Perl script for you!

First a quick blurb on getting installing Perl and and Nmap-Parser module.

Windows

Download ActivePerl from the Active State website: https://www.activestate.com/activeperl/downloads/
Once ActivePerl is installed you will need to install the Nmap Parser written by Anthony Persaud.
From the Command Prompt enter the following command:

C:\>ppm install nmap-parser
Downloading Nmap-Parser-1.19...done
Downloading XML-Twig-3.32...done
Unpacking Nmap-Parser-1.19...done
Unpacking XML-Twig-3.32...done
Generating HTML for Nmap-Parser-1.19...done
Generating HTML for XML-Twig-3.32...done
Updating files in site area...done
21 files installed

Linux

For Ubuntu/Debian you can install the package.
#apt-get install libnmap-parser-perl

For every Linux distro you can install the package via CPAN.
#perl -MCPAN -e 'install Nmap::Parser'

Copy the following Perl code below and save it as nmap_parse.pl.


#!/usr/bin/perl
use Nmap::Parser;

my $np = new Nmap::Parser;
my $infile = @ARGV[0];

$np->parsefile($infile);

#GETTING SCAN INFORMATION

print "Scan Information:\n";
my $si = $np->get_session();
print
'Number of services scanned: '.$si->numservices()."\n",
'Start Time: '.$si->start_str()."\n",
'Finish Time: '.$si->time_str()."\n",
'Scan Arguments: '.$si->scan_args()."\n";

print "Host Name,Ip Address,MAC Address,OS Name,OS Family,OS Generation,OS Accuracy,Port,Service Name,Service Product,Service Version,Service Confidence\n";
for my $host ($np->all_hosts()){
    for my $port ($host->tcp_ports()){
        my $service = $host->tcp_service($port);
        my $os = $host->os_sig;
        print $host->hostname().",".$host->ipv4_addr().",".$host->mac_addr().",".$os->name.",".$os->family.",".$os->osgen().",".$os->name_accuracy().",".$port.",".$service->name.",".$service->product.",".$service->version.",".$service->confidence()."\n";
        }
}

Save the above code and run it from the command line as follows:

C:\>nmap_parse.pl nmap_scan_output.xml >> results.csv

Additional Information

ppm – Perl Package Manager, version 4
http://docs.activestate.com/activeperl/5.10/bin/ppm.html

ActiveState CPAN PPM Repository
http://ppm4.activestate.com/

Nmap Parser
http://search.cpan.org/dist/Nmap-Parser/Parser.pm

  4 Responses to “Using Perl to Parse Nmap XML”

  1. 3/22/2011: Updated when I noticed WordPress encoded the greater than symbol.

  2. I used the Perl script during my audit work. Thanks, Jozef.

  3. http://www.nmap-parser.org/ it could be useful.

  4. I modified the script, so it’s able to use warnings, which is recommended.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)