antmar904 Posted April 2, 2019 Share Posted April 2, 2019 Hi, I have a bunch of nmap.exe scan logs that I would like to get the results from and put into a excel sheet. Attached is an example of the output nmap log. IPs were manually changed. I would like the ip address in column A and any open ports in the next column B. Any help to get me started would be much appreciated. I'm guessing I would have to use "StringRegExp" then output to a csv? #include<AutoItConstants.au3> #include<FileConstants.au3> #include<Array.au3> #include<File.au3> Global $Files = _FileListToArray(@ScriptDir & "\ScanResults\", "*", 1, False), $Results = @ScriptDir & "\Results.csv" ;_ArrayDisplay($Files) ;Debug For $i = 0 To UBound($Files) -1 $a = StringRegExp(FileRead($Files[$i]), " STUCK!! ") Next ExampleResults.txt Link to comment Share on other sites More sharing options...
BigDaddyO Posted April 2, 2019 Share Posted April 2, 2019 (edited) in this instance I would chop up the text into sections and process that way. Threw this together, works with your sample but not sure if it will work with the full file. expandcollapse popup$hFile = FileOpen("C:\Downloads\ExampleResults.txt", 0) $sData = FileRead($hFile) $aSplit = StringSplit($sData, "Nmap scan report for", 1) ConsoleWrite("Segments = " & $aSplit[0] & @CRLF) global $aOutput[$aSplit[0]][2] ;Create an array that will store the info For $i = 2 to $aSplit[0] ;Skipping 1 since it will be the file header stuff $aLines = StringSplit($aSplit[$i], @CRLF) ;Split up each section by line ConsoleWrite("Segment " & $i & " contains " & $aLines[0] & " lines" & @CRLF) If $aLines[0] < 4 then ContinueLoop ;Attempt to skip sections that are not a scan report $aOutput[$i - 2][0] = StringStripWS($aLines[1], 8) ;Save the IP address For $r = 2 to $aLines[0] If StringInStr($aLines[$r], "open") Then If $aOutput[$i - 2][1] <> "" Then $aOutput[$i - 2][1] &= "," & StringLeft($aLines[$r], StringInStr($aLines[$r], "/") - 1) Else $aOutput[$i - 2][1] = StringLeft($aLines[$r], StringInStr($aLines[$r], "/") - 1) EndIf EndIf Next Next ;Use the _Excel functions to write to a spreadsheet For $o = 0 to UBound($aOutput) - 1 ConsoleWrite($aOutput[$o][0] & @TAB & $aOutput[$o][1] & @CRLF) Next Edited April 2, 2019 by BigDaddyO Link to comment Share on other sites More sharing options...
Nine Posted April 2, 2019 Share Posted April 2, 2019 this works with your example Local $sFile = FileRead ("ExampleResults.txt") Local $aRes = StringRegExp ($sFile, "(?s)Nmap scan report for (\d+.\d+.\d+.\d).+?SERVICE\v+(\d+)\N+\v+(\d+)\N+\v+(\d+)\N+\v+(\d+)", $STR_REGEXPARRAYGLOBALMATCH) _ArrayDisplay ($aRes) “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Screen Scraping Multi-Threading Made Easy Link to comment Share on other sites More sharing options...
antmar904 Posted April 2, 2019 Author Share Posted April 2, 2019 @Nine thank you. your script worked however I forgot to add in my sample text that the DNS name COULD should before the ip address. exp: Nmap scan report for smtadfap-1.kretasdfaez.com.ar (1.1.1.1) Host is up (0.18s latency). Not shown: 1091 filtered ports PORT STATE SERVICE 25/tcp open smtp 443/tcp open https The DNS name could contain numbers, letters and special characters. Link to comment Share on other sites More sharing options...
antmar904 Posted April 2, 2019 Author Share Posted April 2, 2019 @BigDaddyO Testing yours now. Link to comment Share on other sites More sharing options...
FrancescoDiMuro Posted April 2, 2019 Share Posted April 2, 2019 @antmar904 The fact is that you could have more than four ports, and so, you should/could extract them in a separate instruction. By the way, the pattern below extracts even the DNS from the string: '(?s)Nmap scan report for (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[-.\w]+\s\([^)]+\)).*?(\d+)\/[^\n]+\n(\d+)\/[^\n]+\n(\d+)\/[^\n]+\n(\d+)\/[^\n]+\n' Click here to see my signature: Spoiler ALWAYS GOOD TO READ: Forum Rules Forum Etiquette Link to comment Share on other sites More sharing options...
Nine Posted April 2, 2019 Share Posted April 2, 2019 1 hour ago, antmar904 said: I forgot to add in my sample text that the DNS name COULD should before the ip address. Could you please create a full range example text file, that we could use for a fully tested script. I must admit it is kind of annoying. FrancescoDiMuro 1 “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Screen Scraping Multi-Threading Made Easy Link to comment Share on other sites More sharing options...
antmar904 Posted April 3, 2019 Author Share Posted April 3, 2019 (edited) @Nine thank you for your help. the nmap output file could have many variations. sorry about that. @FrancescoDiMuro if I run your string on this output file, some ips are missed and not shown in the array. expandcollapse popupUnable to find nmap-services! Resorting to /etc/services # Nmap 7.70 scan initiated Tue Apr 02 10:55:13 2019 as: nmap.exe -oN C:\20.3.170.4-30.txt 20.3.170.4-30 Cannot find nmap-payloads. UDP payloads are disabled. Nmap scan report for ip-20-003-170-005.cooxcvzgpvgg.com.ar (20.3.170.5) Host is up (0.19s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for ip-20-003-170-006.cooxcvzgpvgg.com.ar (20.3.170.6) Host is up (0.19s latency). Not shown: 1090 closed ports PORT STATE SERVICE 53/tcp filtered domain 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for (20.3.170.9) Host is up (0.18s latency). Not shown: 1092 filtered ports PORT STATE SERVICE 3389/tcp open ms-wbt-server Nmap scan report for smtp-1.kressdfg.tz.com.ar (20.3.170.10) Host is up (0.18s latency). Not shown: 1091 filtered ports PORT STATE SERVICE 25/tcp open smtp 443/tcp open https Nmap scan report for ip-20-003-170-012.cooxcvzgpvgg.com.ar (20.3.170.12) Host is up (0.18s latency). Not shown: 1092 filtered ports PORT STATE SERVICE 443/tcp closed https Nmap scan report for ip-20-003-170-014.cooxcvzgpvgg.com.ar (20.3.170.14) Host is up (0.19s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for ip-20-003-170-017.cooxcvzgpvgg.com.ar (20.3.170.17) Host is up (0.17s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for (20.3.170.25) Host is up (0.18s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds # Nmap done at Tue Apr 02 10:57:05 2019 -- 27 IP addresses (8 hosts up) scanned in 112.01 seconds Edited April 3, 2019 by antmar904 Link to comment Share on other sites More sharing options...
Nine Posted April 3, 2019 Share Posted April 3, 2019 (edited) Looks like this one works : Local $aRes = StringRegExp ($sFile, "(?s)Nmap scan report for.*?\((\d+?.\d+?.\d+?.\d+?)|\v+(\d{1,4})\/", $STR_REGEXPARRAYGLOBALMATCH) Edited April 3, 2019 by Nine “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Screen Scraping Multi-Threading Made Easy Link to comment Share on other sites More sharing options...
antmar904 Posted April 3, 2019 Author Share Posted April 3, 2019 "C:\ParseScanResults.au3"(16,6) : error: syntax error (illegal character) Localï ~~~~~^ Link to comment Share on other sites More sharing options...
Nine Posted April 3, 2019 Share Posted April 3, 2019 happens from copy/paste, just delete the char or rewrite it manually “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Screen Scraping Multi-Threading Made Easy Link to comment Share on other sites More sharing options...
antmar904 Posted April 3, 2019 Author Share Posted April 3, 2019 got it thanks. working much better now however there are spaces between the ports but i could probably clean those up in excel. Link to comment Share on other sites More sharing options...
Nine Posted April 3, 2019 Share Posted April 3, 2019 no need to do it in Excel, when you will scan the array before inserting it in Excel, just remove it while you concatenate the ports into a single cell “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Screen Scraping Multi-Threading Made Easy Link to comment Share on other sites More sharing options...
antmar904 Posted April 10, 2019 Author Share Posted April 10, 2019 I'm having issues trying to write the array to csv. i think I keep overwriting the file... I'd like to read all the scan result logs to one csv file: For $i = 0 To UBound($Files) -1 Local $sFile = FileRead($Files[$i]) Local $aRes = StringRegExp ($sFile, "Nmap scan report for \K.*|\d+(?=/tcp)", $STR_REGEXPARRAYGLOBALMATCH) Next _FileWriteFromArray($Results, $aRes, 0) Link to comment Share on other sites More sharing options...
Nine Posted April 10, 2019 Share Posted April 10, 2019 #include <Constants.au3> #include <Array.au3> #include <Excel.au3> Opt ("MustDeclareVars", 1) Local $sFile = FileRead ("ExampleResults2.txt") Local $aRes = StringRegExp ($sFile, "(?s)Nmap scan report for.*?\((\d+\.\d+\.\d+\.\d+)|\v{2}(\d{1,4})\/", $STR_REGEXPARRAYGLOBALMATCH) Local $oExcel = _Excel_Open() If @error Then Exit MsgBox($MB_SYSTEMMODAL, "", "Error creating the Excel application object.") Local $oWorkbook = _Excel_BookNew($oExcel) If @error Then Exit MsgBox($MB_SYSTEMMODAL, "", "Error creating the new workbook.") Local $row = 1, $i = 0, $port While $i < Ubound ($aRes) _Excel_RangeWrite($oWorkbook, $oWorkbook.Activesheet, $aRes[$i], "A" & $row) $port = "" $i += 1 Do If $aRes[$i] <> "" Then $port &= $aRes[$i] & "," $i += 1 If $i = Ubound ($aRes) Then ExitLoop Until StringInStr ($aRes[$i],".") _Excel_RangeWrite($oWorkbook, $oWorkbook.Activesheet, StringTrimRight ($port,1), "B" & $row) $row += 1 WEnd that will write directly to Excel like you first wanted...but with this example, you could make it to a csv if you prefer “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Screen Scraping Multi-Threading Made Easy Link to comment Share on other sites More sharing options...
antmar904 Posted April 15, 2019 Author Share Posted April 15, 2019 (edited) I'm having issues with this. I need to read each file then add it to a csv. #include<AutoItConstants.au3> #include<FileConstants.au3> #include<Array.au3> #include<File.au3> Global $Files = _FileListToArray(@ScriptDir & "\ScanResults\", "*", 1, True), $Results = @ScriptDir & "Results.csv", $Array ;_ArrayDisplay($Files) ;Debug For $i = 0 To UBound($Files) -1 Local $sFile = FileRead($Files[$i]) Local $aRes = StringRegExp ($sFile, "Nmap scan report for \K.*|\d+(?=/tcp)", $STR_REGEXPARRAYGLOBALMATCH) ;_ArrayDisplay($aRes) Next Exit Edited April 15, 2019 by antmar904 Link to comment Share on other sites More sharing options...
FrancescoDiMuro Posted April 15, 2019 Share Posted April 15, 2019 @antmar904 First of all, start your For...Next loop from 1, since the 0th element in the array contains the number of files obtained from _FileListToArray(). Then, explain as clearer as you can what kind of result are your expecting from your script, and finally attach or post a sample file, so we can take a look. Click here to see my signature: Spoiler ALWAYS GOOD TO READ: Forum Rules Forum Etiquette Link to comment Share on other sites More sharing options...
antmar904 Posted April 15, 2019 Author Share Posted April 15, 2019 @FrancescoDiMuro Ok, I think I got it. #include<AutoItConstants.au3> #include<FileConstants.au3> #include<Array.au3> #include<File.au3> Global $Files = _FileListToArray(@ScriptDir & "\ScanResults\", "*", 1, True) Local $OutputFile = @ScriptDir & "\Results.txt" Local $hFile = FileOpen($OutputFile, 1) For $x = 1 to UBound ($Files) -1 Local $File = FileRead($Files[$x]) Local $aRes = StringRegExp ($File, "Nmap scan report for \K.*|\d+(?=/tcp)", $STR_REGEXPARRAYGLOBALMATCH) _FileWriteFromArray($hFile, $aRes) Next FileClose($Output) Exit Link to comment Share on other sites More sharing options...
antmar904 Posted October 10, 2019 Author Share Posted October 10, 2019 Hello all. So I can parse my nmap scan logs and get the port number but now I am required to capture the service running on that port. Some help with regex is needed! Thanks again all. Here is a snippet of the nmap output file: expandcollapse popupUnable to find nmap-services! Resorting to /etc/services # Nmap 7.70 scan initiated Tue Apr 02 10:55:13 2019 as: nmap.exe -oN C:\20.3.170.4-30.txt 20.3.170.4-30 Cannot find nmap-payloads. UDP payloads are disabled. Nmap scan report for ip-20-003-170-005.cooxcvzgpvgg.com.ar (20.3.170.5) Host is up (0.19s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for ip-20-003-170-006.cooxcvzgpvgg.com.ar (20.3.170.6) Host is up (0.19s latency). Not shown: 1090 closed ports PORT STATE SERVICE 53/tcp filtered domain 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for (20.3.170.9) Host is up (0.18s latency). Not shown: 1092 filtered ports PORT STATE SERVICE 3389/tcp open ms-wbt-server Nmap scan report for smtp-1.kressdfg.tz.com.ar (20.3.170.10) Host is up (0.18s latency). Not shown: 1091 filtered ports PORT STATE SERVICE 25/tcp open smtp 443/tcp open https Nmap scan report for ip-20-003-170-012.cooxcvzgpvgg.com.ar (20.3.170.12) Host is up (0.18s latency). Not shown: 1092 filtered ports PORT STATE SERVICE 443/tcp closed https Nmap scan report for ip-20-003-170-014.cooxcvzgpvgg.com.ar (20.3.170.14) Host is up (0.19s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for ip-20-003-170-017.cooxcvzgpvgg.com.ar (20.3.170.17) Host is up (0.17s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds Nmap scan report for (20.3.170.25) Host is up (0.18s latency). Not shown: 1089 closed ports PORT STATE SERVICE 53/tcp filtered domain 79/tcp open finger 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds # Nmap done at Tue Apr 02 10:57:05 2019 -- 27 IP addresses (8 hosts up) scanned in 112.01 seconds Here is what I have to extract the port number, just need help getting the service running on the port. Local $aRes = StringRegExp ($File, "Nmap scan report for \K.*|\d+(?=/tcp)", $STR_REGEXPARRAYGLOBALMATCH) Link to comment Share on other sites More sharing options...
antmar904 Posted October 10, 2019 Author Share Posted October 10, 2019 Local $aRes = StringRegExp ("22/tcp open ssh", "^\d+(?=\/tcp (\S+) (.*))") If @error Then ConsoleWrite("ERROR: " & @error & @CRLF) Else ConsoleWrite("OUTPUT: " & $aRes & @CRLF) EndIf OUTPUT: 0 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now