主页 / unix / 问题 / 684046
Accepted
Bryon
Asked: 2021-12-28 02:26:08 +0800 CST

用于提取命令输出的最佳工具

  • 772

我想以编程方式处理 nmap 输出的结果,但无法弄清楚如何获取输出并仅提取下面两个输出中显示的协议或端口表的详细信息。

我非常有信心我可以使用 awk 来处理表数据 - 但我不能从输出中提取它......可以使用哪些工具组合来做到这一点?

$ sudo nmap --open -sO 10.100.0.14
Starting Nmap 7.70 ( https://nmap.org ) at 2021-12-27 19:15 AEDT
Warning: 10.100.0.14 giving up on port because retransmission cap hit (10).
Nmap scan report for teichos.mydomain.net (10.100.0.14)
Host is up (0.00030s latency).
Not shown: 250 filtered protocols, 1 closed protocol
PROTOCOL STATE         SERVICE
1        open          icmp
33       open|filtered dccp
80       open|filtered iso-ip
117      open|filtered iatp
136      open|filtered udplite
MAC Address: 6A:3A:ED:33:9E:00 (Unknown)

输出 2:

$ sudo nmap -sS 10.100.0.14 -p-
Starting Nmap 7.70 ( https://nmap.org ) at 2021-12-27 19:30 AEDT
Nmap scan report for teichos.mydomain.net (10.100.0.14)
Host is up (0.00024s latency).
Not shown: 65533 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
9090/tcp open  zeus-admin
MAC Address: 6A:3A:ED:33:9E:00 (Unknown)

我正在寻找的输出如下(标题不是必需的):

PROTOCOL STATE         SERVICE
1        open          icmp
33       open|filtered dccp
80       open|filtered iso-ip
117      open|filtered iatp
136      open|filtered udplite


PORT     STATE SERVICE
22/tcp   open  ssh
9090/tcp open  zeus-admin
bash text-processing

3 个回答

  1. 使用您显示的特定输出,我们可以简单地选择所有以数字或大写字母开头的行P(对于标题):

    sudo nmap ... | grep -E '^([0-9]|P)'

    我创建了两个文本文件,nmap1nmap2使用您问题的两个输出进行测试,并获得:

    $ grep -E '^([0-9]|P)' nmap1 
PROTOCOL STATE         SERVICE
1        open          icmp
33       open|filtered dccp
80       open|filtered iso-ip
117      open|filtered iatp
136      open|filtered udplite

$ grep -E '^([0-9]|P)' nmap2
PORT     STATE SERVICE
22/tcp   open  ssh
9090/tcp open  zeus-admin

    awk如果您愿意,也可以这样做:

    sudo nmap ... | awk '/^([0-9]|P)/'
    • 2
  2. Best Answer

    如果给定选项,该nmap实用程序允许输出易于解析的 XML -oX,这意味着您可以根据需要重新创建表,或从中提取所需的任何信息。

    下面的管道用于xmlstarlet从生成的 XML 文档中提取信息,并重新创建在普通nmap输出中找到的表,并插入一个额外的列,其中包含给定“状态”的“原因”。

    的输出由nmap解析xmlstarlet,它为列分隔符插入#字符(我们不希望成为输出的一部分的任意字符),并column用于创建最终的对齐表。

    sudo nmap -oX - --open -sO localhost |
xmlstarlet sel -t -m /nmaprun/host/ports/port \
    -v @portid -o '#' \
    -v state/@state -o '#' \
    -v state/@reason -o '#' \
    -v service/@name -nl |
column -s '#' -t

    示例输出:

    1    open           echo-reply      icmp
4    open|filtered  no-response     ipv4
6    open           proto-response  tcp
17   open           port-unreach    udp
41   open|filtered  no-response     ipv6
50   open|filtered  no-response     esp
51   open|filtered  no-response     ah
97   open|filtered  no-response     etherip
112  open|filtered  no-response     vrrp
137  open|filtered  no-response     mpls-in-ip
240  open|filtered  no-response
255  open|filtered  no-response

    同样,但只提取“过滤”的响应:

    sudo nmap -oX - --open -sO localhost |
xmlstarlet sel -t -m '/nmaprun/host/ports/port[contains(state/@state,"filtered")]'  \
    -v @portid -o '#' \
    -v state/@state -o '#' \
    -v state/@reason -o '#' \
    -v service/@name -nl |
column -s '#' -t

    示例输出:

    4    open|filtered  no-response  ipv4
41   open|filtered  no-response  ipv6
50   open|filtered  no-response  esp
51   open|filtered  no-response  ah
97   open|filtered  no-response  etherip
112  open|filtered  no-response  vrrp
137  open|filtered  no-response  mpls-in-ip
240  open|filtered  no-response
255  open|filtered  no-response
    • 2 
  3. $ awk '/^(PROTOCOL|PORT)/{f=1} /^MAC/{f=0} f' file
PROTOCOL STATE         SERVICE
1        open          icmp
33       open|filtered dccp
80       open|filtered iso-ip
117      open|filtered iatp
136      open|filtered udplite

$ awk '/^(PROTOCOL|PORT)/{f=1} /^MAC/{f=0} f' file
PORT     STATE SERVICE
22/tcp   open  ssh
9090/tcp open  zeus-admin
    • 1

相关问题