filter out ports + state

r0t3n · Post by **r0t3n** » Tue Feb 27, 2007 10:08 am

Im using nmap to do portscan's.

I use:

set result "[exec nmap -sT -P0 -p <port1,port2,port3,etc> <host/ip>]"

The return result from nmap is:

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-02-27 08:53 EST
Interesting ports on <resolved.hostname> (0.0.0.0):
PORT STATE SERVICE
1080/tcp closed socks
8080/tcp closed http-proxy
????/??? open/closed ????

Nmap finished: 1 IP address (1 host up) scanned in 0.018 seconds

I need to filter out the:
resolved.hostname (0.0.0.0)
and the port, state, and service name for each port

How can i do this, a simple regexp or a few lrange's or something?

Thanks in advance!

Post by **user** » Tue Feb 27, 2007 11:54 am

Code: Select all

regexp -line {^Interesting ports on <([^>]+)> \(([^)]+)\)} $result x name ip

r0t3n · Post by **r0t3n** » Wed Feb 28, 2007 7:06 am

Thanks user, that filters out the <resolved.hostmask> (0.0.0.0) bit, but how can i get the port state and service into a list.

I tried a regexp,
It works, but it just returns the first match, i need to filter out all the ports into a list like:

set portlist {
"xxxx/tcp open/closed/filtered ????"
"iiii/tcl open/closed/filtered oooo"
}

So then i can use a foreach loop on portlist

Thanks in advance!

rosc2112 · Post by **rosc2112** » Wed Feb 28, 2007 9:16 am

Using regexp:

Code: Select all

foreach line [split $result \n] {
   if {[regexp {(\d/.*?\n)} $result match port]} {
           lappend ports $port
    }
}

Someone else can prolly give a better regex but that should grab the data you want. Then you'll have all of the data in the $ports var.

r0t3n · Post by **r0t3n** » Wed Feb 28, 2007 11:55 am

Thanks guys

It works now

:)