LabEx
Log InJoin Free

Convert Output Formats in Nmap

NmapBeginner
Practice Now

Introduction

In this lab, you will learn how to convert Nmap scan results into different output formats for easier analysis and reporting. The lab covers saving scan results as XML using nmap -oX, then transforming the XML output into HTML using xsltproc for browser viewing.

You will also explore saving scan results in a grepable format using nmap -oG, and then extracting specific information, such as IP addresses, using grep and saving them to a text file for further review. This allows for efficient data extraction and manipulation from Nmap scan outputs.

Save scan as XML with nmap -oX scan.xml 192.168.1.1

In this step, you will learn how to use Nmap to perform a scan and save the results in XML format. XML (Extensible Markup Language) is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. Saving Nmap scan results in XML format allows for easy parsing and analysis by other tools and scripts.

First, let's understand the command:

nmap -oX scan.xml 192.168.1.1

  • nmap: This is the command to run the Nmap scanner.
  • -oX scan.xml: This option tells Nmap to save the scan results in XML format to a file named scan.xml. The -oX option specifies the XML output format.
  • 192.168.1.1: This is the target IP address that Nmap will scan. Replace this with the actual IP address you want to scan if needed. For this lab, we will use 192.168.1.1.

Now, let's execute the command in the LabEx VM. Open your Xfce terminal and navigate to the ~/project directory. This is your default working directory.

cd ~/project

Next, run the Nmap command to scan the target IP address and save the results to scan.xml:

sudo nmap -oX scan.xml 192.168.1.1

You will see Nmap running the scan and displaying the progress in the terminal. The output will show the different stages of the scan, such as host discovery and port scanning.

After the scan is complete, you can verify that the scan.xml file has been created in your ~/project directory. You can use the ls command to list the files in the directory:

ls -l

You should see scan.xml in the list of files.

You can also view the contents of the scan.xml file using the cat command or a text editor like nano:

cat scan.xml

or

nano scan.xml

The output will be a large XML document containing the details of the Nmap scan, including the target IP address, open ports, and other information.

Convert XML to HTML with xsltproc /usr/share/nmap/nmap.xsl scan.xml -o scan.html

In this step, you will learn how to convert the XML output from the previous Nmap scan into an HTML format using xsltproc. xsltproc is a command-line tool for applying XSLT (Extensible Stylesheet Language Transformations) stylesheets to XML documents. This allows you to transform the XML data into a more human-readable format, such as HTML.

Let's break down the command:

xsltproc /usr/share/nmap/nmap.xsl scan.xml -o scan.html

  • xsltproc: This is the command to run the XSLT processor.
  • /usr/share/nmap/nmap.xsl: This is the path to the XSLT stylesheet provided by Nmap. This stylesheet defines how the XML data should be transformed into HTML.
  • scan.xml: This is the input XML file that you created in the previous step.
  • -o scan.html: This option specifies the output file name for the transformed HTML document. The -o option stands for output.

Now, let's execute the command in the LabEx VM. Ensure you are in the ~/project directory. If not, navigate to it using:

cd ~/project

Next, run the xsltproc command to convert the scan.xml file to scan.html:

xsltproc /usr/share/nmap/nmap.xsl scan.xml -o scan.html

This command will read the scan.xml file, apply the nmap.xsl stylesheet, and generate an HTML file named scan.html in the same directory.

After the command is complete, you can verify that the scan.html file has been created in your ~/project directory. You can use the ls command to list the files in the directory:

ls -l

You should see scan.html in the list of files.

You can also view the contents of the scan.html file using the cat command or a text editor like nano:

cat scan.html

or

nano scan.html

The output will be an HTML document containing the formatted Nmap scan results.

Open HTML file in Xfce browser

In this step, you will open the scan.html file that you created in the previous step using the Xfce web browser. This will allow you to view the Nmap scan results in a visually appealing and easy-to-navigate format.

To open the HTML file in the Xfce browser, you can use the xdg-open command. This command is a desktop-independent way to open files with their associated applications.

First, ensure you are in the ~/project directory. If not, navigate to it using:

cd ~/project

Next, run the following command to open the scan.html file in the Xfce browser:

xdg-open scan.html

This command will launch the default web browser in Xfce and display the contents of the scan.html file. You should see a formatted report of the Nmap scan results, including information about the target IP address, open ports, and other details.

You can now review the scan results in the browser. The HTML format makes it easier to read and understand the information compared to the raw XML output.

Save grepable output with nmap -oG scan.grep 127.0.0.1

In this step, you will perform another Nmap scan, but this time you will save the output in a "grepable" format. This format is specifically designed to be easily parsed by tools like grep, making it simple to extract specific information from the scan results.

The -oG option in the Nmap command specifies that the output should be saved in grepable format.

Let's break down the command:

nmap -oG scan.grep 127.0.0.1

  • nmap: This is the command to run the Nmap scanner.
  • -oG scan.grep: This option tells Nmap to save the output in grepable format to a file named scan.grep.
  • 127.0.0.1: This is the target IP address for the scan. 127.0.0.1 is the loopback address, which refers to the local machine.

Now, let's execute the command in the LabEx VM. Ensure you are in the ~/project directory. If not, navigate to it using:

cd ~/project

Next, run the Nmap command to save the grepable output:

nmap -oG scan.grep 127.0.0.1

This command will scan the loopback address (127.0.0.1) and save the results in a grepable format to the scan.grep file.

After the command is complete, you can verify that the scan.grep file has been created in your ~/project directory. You can use the ls command to list the files in the directory:

ls -l

You should see scan.grep in the list of files.

You can also view the contents of the scan.grep file using the cat command or a text editor like nano:

cat scan.grep

or

nano scan.grep

The output will be a text file containing the Nmap scan results in a format that is easy to parse with grep.

Extract IPs with grep "Host" scan.grep > hosts.txt

In this step, you will use the grep command to extract the lines containing the word "Host" from the scan.grep file that you created in the previous step. These lines contain the IP addresses of the scanned hosts. You will then save the extracted lines to a new file named hosts.txt.

The grep command is a powerful tool for searching text files for specific patterns. In this case, you are using it to find lines that contain the word "Host".

The > symbol is used for output redirection. It takes the output of the grep command and saves it to the specified file (hosts.txt). If the file already exists, it will be overwritten.

Let's break down the command:

grep "Host" scan.grep > hosts.txt

  • grep: This is the command to search for a pattern in a file.
  • "Host": This is the pattern that you are searching for. In this case, you are searching for lines that contain the word "Host".
  • scan.grep: This is the file that you are searching in.
  • >: This is the output redirection operator. It takes the output of the grep command and saves it to the specified file.
  • hosts.txt: This is the file that you are saving the output to.

Now, let's execute the command in the LabEx VM. Ensure you are in the ~/project directory. If not, navigate to it using:

cd ~/project

Next, run the grep command to extract the IP addresses and save them to the hosts.txt file:

grep "Host" scan.grep > hosts.txt

This command will search the scan.grep file for lines containing "Host" and save those lines to a new file named hosts.txt.

After the command is complete, you can verify that the hosts.txt file has been created in your ~/project directory. You can use the ls command to list the files in the directory:

ls -l

You should see hosts.txt in the list of files.

You can also view the contents of the hosts.txt file using the cat command or a text editor like nano:

cat hosts.txt

or

nano hosts.txt

The output will be a text file containing the lines from scan.grep that include the word "Host". These lines will contain the IP address of the scanned host.

Review extracted data in Xfce terminal

In this step, you will review the extracted data in the hosts.txt file using the Xfce terminal. This allows you to see the IP addresses that were identified during the Nmap scan.

You can use the cat command to display the contents of the hosts.txt file directly in the terminal. Alternatively, you can use a text editor like nano to open the file and review the data.

First, ensure you are in the ~/project directory. If not, navigate to it using:

cd ~/project

To view the contents of the hosts.txt file using the cat command, run the following command:

cat hosts.txt

This will display the contents of the hosts.txt file in the terminal. You should see lines that start with "Host:" followed by the IP address and other information.

Alternatively, to open the hosts.txt file using the nano text editor, run the following command:

nano hosts.txt

This will open the hosts.txt file in the nano editor. You can then scroll through the file and review the extracted data. To exit nano, press Ctrl+X, then Y to save (if you made any changes), and then Enter.

By reviewing the extracted data, you can confirm that the grep command successfully extracted the lines containing the IP addresses from the scan.grep file.

Summary

In this lab, you learned how to use Nmap to save scan results in different formats. First, you performed an Nmap scan and saved the output in XML format using the -oX option, creating a file named scan.xml. This allows for easy parsing and analysis by other tools.

Next, the lab guides you through converting the XML output to HTML using xsltproc and the nmap.xsl stylesheet, creating a human-readable scan.html file. Finally, you will learn how to save the output in grepable format and extract specific information, such as IP addresses, using grep.

Related Nmap Courses
Nmap for Beginners

Nmap for Beginners

cybersecuritynmaplinux
Hands-On Network Scanning with Nmap on Linux

Hands-On Network Scanning with Nmap on Linux

cybersecuritynmaplinux
Nmap Scanning and Telnet Access

Nmap Scanning and Telnet Access

cybersecuritynmaplinux