How to edit nmap output - nmap

I need to count how many devices has port 80 open with nmap. I tried with "nmap -p80 --open 192.168.153.*" but this does not print what i want.
I want the following output:
"Number of devices with port 80 open: 2"
Does anyone know how to do that?

you can try to use a shell script;
nmap 192.168.1.* -p80 --open | grep report > output;printf "Number of devices with port 80 open: "; cat output| wc -l
Output:
Number of devices with port 80 open: 3

Related

TCPDUMP Syntax filter eth0 traffic to readable file

Attempting to capture traffic but I don't know the write syntax to filter the output to a readable pcap file.
I need to use the syntax
tcpdump -r file.pcap
and to filter eth0 icmp traffic
tcpdump -i eth0 icmp -c 10 > file.pcap
is there a way to do this in one line of command?
Yes, but, if you're writing a pcap file rather than a text file, it doesn't involve the > character.
By default, tcpdump captures traffic from an interface, or reads a capture file, and writes out a human-readable dissection of the packets to the standard output.
You need the -w flag to write out a pcap file, so, in your case, the command is
tcpdump -r file.pcap -w file.pcap ICMP
Your command
tcpdump -i eth0 icmp -c 10 > file.pcap
wouldn't write out a pcap file, it writes out text such as
16:30:59.808885 IP 192.168.1.5 > example.com: ICMP echo request, id 40541, seq 0, length 64
16:30:59.841404 IP example.com > 192.168.1.5: ICMP echo reply, id 40541, seq 0, length 64
If you wanted to write the ICMP traffic to a pcap file, you would do
tcpdump -i eth0 icmp -c 10 -w file.pcap

Starting Point Hackthebox Error "Your port specifications are illegal"

I'm trying to scan the ports on the "Starting Point" CHallenge from Hackthebox.
i downloaded the .ovpn and established the vpn connnection in my Kali VM
typed in:
ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
but when i try
nmap -sC -sV -p$ports 10.10.10.27
I get the error message that my port specifications are illegal.
Happy for every help i can get!
My nmap scans worked on the first try. When I restarted my machine on another day, I had the same issue.
Re-download the connection pack.
This worked for me.

redirect output of editcap to tcpdump

I want filter first 100 packets inside a pcap file and show the result on stdout. for filtering first 100 packet I used below command:
editcap -r test.pcap output.pcap 1-100
for showing result and filtering packet for the further purpose I want to used tcpdump.
tcpdump -tttt tcp and host ip 192.168.1.1 -r inputfile.pcap
i want to redirect output of editcap to tcpdump, like this:
editcap -r test.pcap - | tcpdump -tttt tcp and host ip 192.168.1.1 -r -
but in this command I couldnt filter first 100 packets. Is it possible to do so??
If not is it possible to rediredt output of editcap to RAM and then the tcpdump read from RAM ??
thanks in advanced.
P.S by the way, I don't want to use the below command, because this command read the all Packet inside the file. I need the command read some packets inside he pcap file and shows then was finished the job.
tshark -r ~/test1.pcap -R "frame.number<20 and frame.number>10"
but in this command I couldnt filter first 100 packets
I.e., you don't see any packets?
Try doing
editcap -F pcap -r test.pcap - 1-100 | tcpdump -tttt tcp and host ip 192.168.1.1 -r -
as editcap might be writing out a pcap-ng file and there is a bug in some versions of libpcap when reading pcap-ng files that causes filtering in tcpdump not to work.

passing data to netcat

I'm able to execute the following command with desired output.
echo -n "GET / HTTP/1.0\r\n\r\n" | nc google.com 80
Why can't I achieve the same result by first connecting via nc,
nc google.com 80
and then entering "GET / HTTP/1.0\r\n\r\n" in console?
How do the two scenarios differ?

Nmap scan range output file problem

Okay, I want to have Nmap scan an IP range for computers with a certain port open (port 80 in this case) and have it output all the IP's it finds into a text file, stored in this format:
192.168.0.1
192.168.0.185
192.168.0.192
192.168.0.195
So to output the file, I tried using this command:
nmap -sT -p 80 -ttl 40 192.168.0.0-255 -oG - | grep "80/open" > output.txt
Where "output.txt" is the output file that contains the results. So a line of output.txt looks
like this:
Host: 192.168.0.1 () Ports: 80/open/tcp//http///
So I basically want it only to output the IP address with port 80 open, and nothing else.
I want it to not output the "Host: " or the "()" and "Ports: 80/open/tcp//http///" lines. So is there anyway I can have Nmap not put that stuff into the output file? Or make it only
output the IP addresses? I tried looking at the map page, it was of little help. And I looked all over the Internet and that wasn't very useful either. So does anyone know how I can do this? Thanks
Awk is your friend!
$ nmap -sT -p 80 192.168.0.0/24 -oG - | awk '/ 80\/open/{print $2}' > output.txt
This will find lines with port 80 open (notice the space before 80, if you plan to scan more than the one port!), and print field 2, splitting on whitespace. Another way to do it would be:
$ nmap -sT -p 80 --open 192.168.0.0/24 -oG - | awk '$4=="Ports:"{print $2}' > output.txt
This one uses the --open argument to Nmap to only produce output for hosts with open ports. The awk command checks that this is a "Ports" line, not a "Status" line (which may only show up when using -v, but I'm not positive) before printing the IP address.
Note that it is usually in your best interests to save the scan results to a file, to avoid needing to repeat the scan if you decide to extract some different information. If you choose to do this, I would recommend using the XML output (-oX), since there are lots of analysis tools that have parsers built for it already.
Having nmap produce exactly what you want would indeed be nice. But as a more general solution:
$ nmap ... | grep ... | tr '/' ' ' | awk '{ print $2,$5; }
192.168.0.1 80
Or maybe:
nmap ... | grep ... | tr '/' ' ' | cut -d' ' -f2,8
I found a script called scanreport.sh very useful. Although its not necessary, you could just use awk as suggested, but thought it might be of interest.
It gives the ability to output the nmap results nicely by service or port (with highlighting). It uses the grep-able output from nmap (-oG) after a quick tidy from grep -v ^# nmapoutput.txt > report.txt
Example
nmap -sS 192.168.1.22 -oG /directory/of/choice/results.txt
grep -v ^# results.txt > report.txt
./scanreport.sh -f report.txt
Host: 192.168.1.22 ()
22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)
80 open tcp http Apache httpd 2.2.14 ((Ubuntu))
./scanreport.sh -f report.txt -p 80
Host: 192.168.1.22 ()
80 open tcp http Apache httpd 2.2.14 ((Ubuntu))
./scanreport.sh -f report.txt -s ssh
Host: 192.168.1.22 ()
22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)
Plenty of stuff on google about it but here a link to one ref.
./scanreport.sh