Parmap: Parsing and Utilizing Nmap Data

For the longest time, I relied on awk and grep to deal with Nmap output. While this is still a go-to method, being the lazy pentester I am, decided to automate some of the repetitive parsing tasks. Thus parmap was born. Using the wonderful ruby-nmap gem this script gives you a few options for displaying and outputting the information from an Nmap XML file. All you need to make it work is the thor and ruby-nmap gem installed.

 parmap csv FILE OUTF_F       # create a csv of the output
 parmap help [COMMAND]        # Describe available commands or one specific command
 parmap hosts FILE            # print a list of Up hosts in the file
 parmap nse FILE              # parse the NSE script data from an nmap scan
 parmap parse FILE            # parse the FILE and output the results to the screen
 parmap ports FILE PORT       # create a file with a list of hosts where the port was open

This was actually one of the first tools I ever wrote with the intention of sharing with other people. I revisit it every few years to clean up the code and maybe add a few things. So why write a blog post about an old Nmap parsing script? I decided to add some significant functionality to it.

As I lean more heavily on other methods of host and service enumeration on internal pentest such as masscan or maybe something more stealthy like LDAP queries I have used Nmap a bit less. However, I still find much of the functionality very beneficial. What my goal is with this addition to my script is to add an interactive shell that will let me parse data from a scan and perform targeted actions against a subset of hosts or services based on that data. A practical example of this might be to run user enumeration against all SMB services, but Nmap’s powerful scripting engine means that the true possibilities can be far more complex and useful than that. In the end, this should be a lightweight and flexible way to streamline one of my major pentest processes. I’ve noticed that in many cases a big improvement in efficiency helps me find things that I may have otherwise been missing. If you have any ideas that might help with the implementation or functionality please take a look at what I have and let me know!

401 Words

2016-10-14 17:04 -0700