tags:

views:

35

answers:

2
Q: 

Concatenation awk outputs

I'm using regex to parse NMAP output. I want the ip addresses which are up with the corresponding ports open. Now I've a very naive method of doing that:

awk '/^Scanning .....................ports]/ {print substr ($2,1,15);}' results.txt
awk '/^[0-9][0-9]/ {print substr($1,1,4);}' results.txt | awk -f awkcode.awk

where awkcode.awk contains the code to extract numbers out of the substring. The first line prints all the ips that are up and 2nd gives me the ports. My problem is that I want them mapped to each other. Is there any way to do that? Even sed script would do.

+1  A: 

You will probably find using the "Grepable" output format to be easier to parse:

nmap -oG - -v -A 192.168.0.1-254

Sample output:

Host: 192.168.1.1 (foo) Status: Up Host: 192.168.1.1 (foo) Ports: 22/open/tcp//ssh//OpenSSH 5.1p1 Debian 6ubuntu2 (protocol 2.0)/, 80/open/tcp//http//Apache httpd 2.2.12 ((Ubuntu))/, 139/open/tcp//netbios-ssn//Samba smbd 3.X (workgroup: BAR)/, 445/open/tcp//netbios-ssn//Samba smbd 3.X (workgroup: BAR)/, 7100/open/tcp//font-service//X.Org X Font Server/ Ignored State: closed (995)

Or if you have an XML parser, use the XML output format:

nmap -oX - -v -A 192.168.0.1-254

Sample output:

<?xml version="1.0" ?>
<?xml-stylesheet href="file:///usr/share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 5.00 scan initiated Sun Jun 13 08:11:32 2010 as: nmap -oX - -v -A 192.168.1.1-254 -->
<nmaprun scanner="nmap" args="nmap -oX - -v -A 192.168.1.1-254" start="1276434692" startstr="Sun Jun 13 08:11:32 2010" version="5.00" xmloutputversion="1.03">
...
...
<host starttime="1276434692" endtime="1276434775"><status state="up" reason="syn-ack"/>
<address addr="192.168.1.1" addrtype="ipv4" />
<hostnames><hostname name="foo" type="PTR" /></hostnames>
<ports><extraports state="closed" count="995">
<extrareasons reason="conn-refused" count="995"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" product="OpenSSH" version="5.1p1 Debian 6ubuntu2" extrainfo="protocol 2.0" ostype="Linux" method="probed" conf="10" /><script id="ssh-hostkey" output="1024 1a:2b:4d:5e:6f:00:f1:e2:d3:c4:b5:a6:e2:f3:fe (DSA)&#xa;2048 fa:eb:dc:cd:be:af:a0:75:65:8a:52:7d:11:22:33:44 (RSA)" /></port>

Dennis Williamson  2010-06-13 13:22:50
A: 

Thanks for your replies. I could make a single line expression to get the IP and port number both (correspondingly). Question closed. :)

Rookie_22  2010-06-13 13:24:09
You should add this as a comment to Dennis' answer. Please also mark his answer as 'correct' by clicking the check mark (or provide your own answer that you mark subsequently), so we can see that this question doesn't need our attention anymore.
Marcel Korpel  2010-06-13 17:05:49

related questions

How do I make bash reverse-search work in Terminal.app without it displaying garbled output?
How to redirect all stderr in bash?
Getting ssh to execute a command in the background on target machine
How do you use ssh in a shell script?
Why doesn't **sort** sort the same on every machine?
Bash reg-exp substitution
RSync only if filesystem is mounted
Is there any way to prevent find from digging down recursively into subdirectories?
How can I set LANG to ascii?
Bash One Liner: copy template_*.txt to foo_*.txt?
Delete all but the most recent X files in bash
Bash Pipe Handling
Why doesn't **find** find anything?
Are there any tools to convert Markdown documents to HTML en masse?
generate a core dump in linux
How do I send a file as an email attachment using Linux command line?
Why shouldn't I "bet the future of the company" on shell scripts?
How do I generate ASCII codes 2 and 3 in a Bash command line?
How to resolve symbolic links in a shell script
showing a message box from a bash script in linux
How do you find the age of a long-running Linux process?
what's in your .bashrc ?
Shell scripting input redirection oddities
Calling Bash Commands From Ruby
What should a longtime Windows user know when starting to use Linux?