提取命令输出的最佳工具
我想以编程方式处理nmap输出的结果,但无法解决如何获取输出并仅提取下面两个输出中显示的协议或端口表的详细信息。
我很有信心我可以使用awk来处理表数据--但我不能从输出中提取.什么组合的工具可以用来做这件事?
$ sudo nmap --open -sO 10.100.0.14
Starting Nmap 7.70 ( https://nmap.org ) at 2021-12-27 19:15 AEDT
Warning: 10.100.0.14 giving up on port because retransmission cap hit (10).
Nmap scan report for teichos.mydomain.net (10.100.0.14)
Host is up (0.00030s latency).
Not shown: 250 filtered protocols, 1 closed protocol
PROTOCOL STATE SERVICE
1 open icmp
33 open|filtered dccp
80 open|filtered iso-ip
117 open|filtered iatp
136 open|filtered udplite
MAC Address: 6A:3A:ED:33:9E:00 (Unknown)产出2:
$ sudo nmap -sS 10.100.0.14 -p-
Starting Nmap 7.70 ( https://nmap.org ) at 2021-12-27 19:30 AEDT
Nmap scan report for teichos.mydomain.net (10.100.0.14)
Host is up (0.00024s latency).
Not shown: 65533 filtered ports
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-admin
MAC Address: 6A:3A:ED:33:9E:00 (Unknown)我正在寻找的输出如下(标题并不重要):
PROTOCOL STATE SERVICE
1 open icmp
33 open|filtered dccp
80 open|filtered iso-ip
117 open|filtered iatp
136 open|filtered udplite和
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-admin回答 3
Unix & Linux用户
发布于 2021-12-27 12:56:24
nmap实用程序允许在给定-oX选项的情况下轻松地输出可解析的D1,这意味着您可以根据需要重新创建表,或者从表中提取所需的任何信息。
下面的管道使用xmlstarlet从生成的XML文档中提取信息,并重新创建在普通nmap输出中找到的表,并为给定的“状态”插入一个额外的列以“原因”。
nmap的输出由xmlstarlet解析,它为列分隔符插入#字符(我们不希望它是输出的一部分),column用于创建最终对齐表。
sudo nmap -oX - --open -sO localhost |
xmlstarlet sel -t -m /nmaprun/host/ports/port \
-v @portid -o '#' \
-v state/@state -o '#' \
-v state/@reason -o '#' \
-v service/@name -nl |
column -s '#' -t示例输出:
1 open echo-reply icmp
4 open|filtered no-response ipv4
6 open proto-response tcp
17 open port-unreach udp
41 open|filtered no-response ipv6
50 open|filtered no-response esp
51 open|filtered no-response ah
97 open|filtered no-response etherip
112 open|filtered no-response vrrp
137 open|filtered no-response mpls-in-ip
240 open|filtered no-response
255 open|filtered no-response同样,但只提取“过滤”响应:
sudo nmap -oX - --open -sO localhost |
xmlstarlet sel -t -m '/nmaprun/host/ports/port[contains(state/@state,"filtered")]' \
-v @portid -o '#' \
-v state/@state -o '#' \
-v state/@reason -o '#' \
-v service/@name -nl |
column -s '#' -t示例输出:
4 open|filtered no-response ipv4
41 open|filtered no-response ipv6
50 open|filtered no-response esp
51 open|filtered no-response ah
97 open|filtered no-response etherip
112 open|filtered no-response vrrp
137 open|filtered no-response mpls-in-ip
240 open|filtered no-response
255 open|filtered no-responseUnix & Linux用户
发布于 2021-12-27 12:22:07
对于您显示的特定输出,我们只需选择以数字开头或以大写P开头的所有行(对于标头):
sudo nmap ... | grep -E '^([0-9]|P)'我创建了两个文本文件,nmap1和nmap2,其中包含要测试的问题中的两个输出,并获得:
$ grep -E '^([0-9]|P)' nmap1
PROTOCOL STATE SERVICE
1 open icmp
33 open|filtered dccp
80 open|filtered iso-ip
117 open|filtered iatp
136 open|filtered udplite
$ grep -E '^([0-9]|P)' nmap2
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-admin如果您愿意的话,也可以在awk中这样做:
sudo nmap ... | awk '/^([0-9]|P)/' Unix & Linux用户
发布于 2021-12-27 16:40:27
$ awk '/^(PROTOCOL|PORT)/{f=1} /^MAC/{f=0} f' file
PROTOCOL STATE SERVICE
1 open icmp
33 open|filtered dccp
80 open|filtered iso-ip
117 open|filtered iatp
136 open|filtered udplite
$ awk '/^(PROTOCOL|PORT)/{f=1} /^MAC/{f=0} f' file
PORT STATE SERVICE
22/tcp open ssh
9090/tcp open zeus-adminhttps://unix.stackexchange.com/questions/684046
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号