I was looking a technique outside of Metasploit’s db_nmap command, which stores NMAP results in a database for later analysis, that enables me to generate some kind of reporting on scanned hosts.
Enter NMAP’s -oX switch. This switch coupled with the default style sheet of http://insecure.org/nmap/data/nmap.xsl generates this :
- xsltproc is the first external example. It applies different type of XSLT to the NMAP results in the following way: xsltproc nmap-output.xml -o nmap-output.html
- Saxon a similart xslt processor. You can try in the following way: java -jar saxon9.jar -s:nmap-output.xml -o:nmap-output.html
- xalan-java which is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. You can try it in the following way: java -jar xalan.jar -IN nmap-output.xml -OUT nmap-output.html
- PowerShellScript . This script converts an XML file into a .NET object within properties. Perfect if you need to write a software that keeps as input the NMAP xml output format. For example if you are building your own report software or a NMAP wrapper.
- NMAP-XML Flat File converts NMAP xml file format into a HTML or EXCEL table. It’s written in java and it’s pretty “download ‘n run”. java XMLNMAPReader nmap-output.xmll > OutputFile.[html/xls]
- NMAP Python XML-Parser it translates xml results into .csv file.
- PBNJ. Well it does much more that parsing NMAP XML, but for this post it is able to save NMAP xml file into a database.
- NMAP2DB is a great tool for popolating SQLite databases with NMAP results
- Ruby Nmap Parser Library. Great library for rubyans providing Ruby interface to Nmap’s scan data. It can run Nmap and parse its XML output directly from the scan, parse a file containing the XML data from a separate scan, parse a String of XML data from a scan, or parse XML data from an object via its read() method.