{"id":220,"date":"2009-11-06T12:28:09","date_gmt":"2009-11-06T18:28:09","guid":{"rendered":"http:\/\/www.jedge.com\/wordpress\/?p=220"},"modified":"2012-07-05T22:41:44","modified_gmt":"2012-07-06T04:41:44","slug":"using-perl-to-parse-nmap-xml","status":"publish","type":"post","link":"https:\/\/www.jedge.com\/wordpress\/2009\/11\/using-perl-to-parse-nmap-xml\/","title":{"rendered":"Using Perl to Parse Nmap XML"},"content":{"rendered":"

As an auditor I liked to quickly analyze my Nmap<\/a> scan results by parsing the XML output produced and loading it into my favorite spreadsheet application.
\nFrom there I could sort by host, port, service, or operating system for analysis. The parsed results are a lot easier to add to reports and workpapers. Just remember to keep the original Nmap results.
\nI’ve developed a LAMP framework<\/a> to parse and load Nmap results into a database for reporting and analysis. However if you are just looking to quickly parse the results of individual scans I’ve got a Perl script for you!
\n
\nFirst a quick blurb on getting installing Perl and and Nmap-Parser module.<\/p>\n

Windows<\/strong><\/p>\n

Download ActivePerl from the Active State website: https:\/\/www.activestate.com\/activeperl\/downloads\/
\nOnce ActivePerl is installed you will need to install the Nmap Parser<\/a> written by Anthony Persaud<\/a>.
\nFrom the Command Prompt enter the following command:
\n
\nC:\\>ppm install nmap-parser
\nDownloading Nmap-Parser-1.19...done
\nDownloading XML-Twig-3.32...done
\nUnpacking Nmap-Parser-1.19...done
\nUnpacking XML-Twig-3.32...done
\nGenerating HTML for Nmap-Parser-1.19...done
\nGenerating HTML for XML-Twig-3.32...done
\nUpdating files in site area...done
\n21 files installed
\n<\/kbd><\/p>\n

Linux<\/strong><\/p>\n

For Ubuntu\/Debian you can install the package.
\n#apt-get install libnmap-parser-perl<\/kbd><\/p>\n

For every Linux distro you can install the package via CPAN<\/a>.
\n#perl -MCPAN -e 'install Nmap::Parser'<\/kbd><\/p>\n

Copy the following Perl code below and save it as nmap_parse.pl.
\n

\n#!\/usr\/bin\/perl\nuse Nmap::Parser;\n\nmy $np = new Nmap::Parser;\nmy $infile = @ARGV[0];\n\n$np->parsefile($infile);\n\n#GETTING SCAN INFORMATION\n\nprint "Scan Information:\\n";\nmy $si = $np->get_session();\nprint\n'Number of services scanned: '.$si->numservices()."\\n",\n'Start Time: '.$si->start_str()."\\n",\n'Finish Time: '.$si->time_str()."\\n",\n'Scan Arguments: '.$si->scan_args()."\\n";\n\nprint "Host Name,Ip Address,MAC Address,OS Name,OS Family,OS Generation,OS Accuracy,Port,Service Name,Service Product,Service Version,Service Confidence\\n";\nfor my $host ($np->all_hosts()){\n    for my $port ($host->tcp_ports()){\n        my $service = $host->tcp_service($port);\n        my $os = $host->os_sig;\n        print $host->hostname().",".$host->ipv4_addr().",".$host->mac_addr().",".$os->name.",".$os->family.",".$os->osgen().",".$os->name_accuracy().",".$port.",".$service->name.",".$service->product.",".$service->version.",".$service->confidence()."\\n";\n        }\n}\n\n<\/code><\/pre><\/p>\n
Save the above code and run it from the command line as follows:<\/p>\n
C:\\>nmap_parse.pl nmap_scan_output.xml >> results.csv<\/kbd><\/p>\n
Additional Information<\/p>\n
ppm – Perl Package Manager, version 4
\nhttp:\/\/docs.activestate.com\/activeperl\/5.10\/bin\/ppm.html<\/p>\n
ActiveState CPAN PPM Repository
\nhttp:\/\/ppm4.activestate.com\/<\/p>\n
Nmap Parser
\nhttp:\/\/search.cpan.org\/dist\/Nmap-Parser\/Parser.pm<\/p>\n","protected":false},"excerpt":{"rendered":"
As an auditor I liked to quickly analyze my Nmap scan results by parsing the XML output produced and loading it into my favorite spreadsheet application. From there I could sort by host, port, service, or operating system for analysis. The parsed results are a lot easier to add to reports and workpapers. Just remember […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[7],"tags":[21,77,33,78],"class_list":["post-220","post","type-post","status-publish","format-standard","hentry","category-scripts","tag-nmap","tag-parse","tag-perl","tag-xml"],"_links":{"self":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/comments?post=220"}],"version-history":[{"count":15,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/220\/revisions"}],"predecessor-version":[{"id":581,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/220\/revisions\/581"}],"wp:attachment":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/media?parent=220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/categories?post=220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/tags?post=220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}