Avatar Avatar

Home

Menu: Blog
  • Blog
  • Tags
  • Search

    • nmapextractor - A nmap parser

     Tags:  | enumerator | red | nmap |
    Read this in "about 4 minutes".

    General Information

    nmapextractor is a small project written in Ruby with the purposes of:

    • Inspecting alive hosts from either nmap files or nmap stream utilizing ipextractor.
    • Parsing opened ports of an alive host from either nmap files or nmap stream utilizing pextractor.

    Download here.

    Let’s us demonstrate some feasibilities of the tools ipextractor and pextractor.


    1. ipextractor - IP Extractor

    General information

    ipextractor is employed to inspect alive hosts, it supports all nmap file types and nmap stream.

    • Help menu
    $ ipextractor
ipextractor - A nmap parsing tool

It is used to extract alive hosts in a nmap file.

Usage: ipextractor <File Type> <Nmap File>|<Nmap Stream>

FILE TYPES:
 -oX is xml nmap output. 
 -oN is nmap output. 
 -oG is grepable nmap output.
    
NOTE: 
[FILE TYPE] is NOT required when file has 
 .nmap | .xml | .gnmap extension


EXAMPLES:
 ipextractor hosts.nmap
 ipextractor -oX nmap_xml
 ipextractor -oN nmap_scan.nmap
 nmap -PE -sn -n 192.168.0.0/24 -oG - | ipextractor -oG

    Example

    • Read nmap grepable file.
      $ ipextractor nmap/scan.gnmap 
172.16.10.1
172.16.10.11
172.16.10.19
172.16.10.20
172.16.10.37

    Similarly, we can also parse .nmap and .xml file:

    $ ipextractor nmap/scan.xml
172.16.10.1
172.16.10.11
172.16.10.19
172.16.10.20
172.16.10.37


    • Read nmap from stream.
      $ sudo nmap -PE -sn -n 172.16.10.0/24 -oN - | ipextractor -oN
172.16.10.1
172.16.10.11
172.16.10.19
172.16.10.20
172.16.10.37

    The switch -oN is an example, we can adjust it to be compatibe with other nmap file types, i.e. -oX or -oG.

    For instance:

    $ sudo nmap -PE -sn -n 172.16.10.0/24 -oG - | ipextractor -oG
172.16.10.1
172.16.10.11
172.16.10.19
172.16.10.20
172.16.10.37


    2. pextractor - Port Extractor.

    Assuming that we employ ipextractor to retain a list of target hosts. pextractor is used to extract ports of a host.

    • Help menu:
    $ pextractor
pextractor - A nmap parsing tool

It is used to extract [open | closed | filtered] ports in a nmap file.

Usage: pextractor <IP> <Port State> <File Type> <Nmap File>

PORT STATES:
 -open      is opened ports of a host (default).
 -closed    is closed ports of a host.
 -filtered  is filtered ports of a host.

FILE TYPES:
 -oX is xml nmap output. 
 -oN is nmap output. 
 -oG is grepable nmap output.
           
NOTE: 
 [FILE TYPE] is NOT required when file has 
 .nmap | .xml | .gnmap extension


EXAMPLES:
 pextractor 192.168.0.20 ports.nmap
 pextractor 192.168.0.20 -oX ports.xml
 pextractor 192.168.0.20 -filtered nmap_scan.gnmap
 nmap -sS 192.168.0.0/24 -oG - | pextractor 192.16.0.20 -oG

    Example

    • Read ports of a host from a nmap file.

    The default port state is open.

    $ pextractor 172.16.10.20 nmap/scan.nmap 
23
135
139
445
2869
3389

    As we can imagine, it is possible to also read .gnmap and .xml.

    $ pextractor 172.16.10.37 nmap/scan.xml 
135
139
1027


    • Read ports of a nmap stream.

    It’s feasible to parse result from a nmap stream with pextractor.

    $ sudo nmap -sS -p80,445,139,135,1027,443,53 -iL alive_hosts -oN - | pextractor 172.16.10.37 -oN 
135
139
1027

    Besides -oN stream, we can read other streams i.e. -oG and -oX.

    $ sudo nmap -sS -p80,445,139,135,1027,443,53 -iL alive_hosts -oG - | pextractor 172.16.10.37 -closed -oG
53
80
443
445

    The above command executes with a -closed switch, this tells pextractor to extract only the ports with a closed state.

    That’s primarily everything about the tools and the project - a simple and relaxed project that helps to boost up the enumeration phase.

    Infomation Security © 2021-2024 • All right reserved.
    Simplicity is fashionable.
    Made with Jekyll using Typing Theme.