Tag Archives: nmap scan

NMAP 2 XML | Generate NMAP Reports

12 Jun

I was looking a technique outside of Metasploit’s db_nmap command, which stores NMAP results in a database for later analysis, that enables me to generate some kind of reporting on scanned hosts.

Enter NMAP’s -oX switch. This switch coupled with the default style sheet of http://insecure.org/nmap/data/nmap.xsl generates this :

nmap -A -oX --stylesheet http://insecure.org/nmap/data/nmap.xsl scanreport.xml http://www.example.com

 

  • xsltproc is the first external example. It applies different type of XSLT to the NMAP results in the following way: xsltproc nmap-output.xml -o nmap-output.html
  • Saxon a similart xslt processor. You can try in the following way: java -jar saxon9.jar -s:nmap-output.xml -o:nmap-output.html
  • xalan-java which is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. You can try it in the following way: java -jar xalan.jar -IN nmap-output.xml -OUT nmap-output.html
  • PowerShellScript . This script converts an XML file into a .NET object within properties. Perfect if you need to write a software that keeps as input the NMAP xml output format. For example if you are building your own report software or a NMAP wrapper.
  • NMAP-XML Flat File converts NMAP xml file format into a HTML or EXCEL table. It’s written in java and it’s pretty “download ‘n run”. java XMLNMAPReader nmap-output.xmll > OutputFile.[html/xls]
  • PBNJ. Well it does much more that parsing NMAP XML, but for this post it is able to save NMAP xml file into a database.
  • NMAP2DB is a great tool for popolating SQLite databases with NMAP results
  • Ruby Nmap Parser Library. Great library for rubyans providing Ruby interface to Nmap’s scan data. It can run Nmap and parse its XML output directly from the scan, parse a file containing the XML data from a separate scan, parse a String of XML data from a scan, or parse XML data from an object via its read() method.