tssci security

nmaparse.py -- Parsing grepable Nmap output to insert into MySQL

Last week, Richard Bejtlich reviewed "Nmap in the Enterprise," and for the most part, was largely disappointed with it's lack of enterprise context. My last script, tissynbe.py, parsed Nessus results in nbe format and inserted them into a MySQL database. Today, I'm making available nmaparse.py, a script that will parse grepable nmap output (*.gnmap, used with -oG or -oA flags) and insert the results into a database. My intention is for anyone to be able to take these scripts and use them for whatever purpose necessary -- be it personal or in the enterprise. Loading various tools' output into a database makes analysis both easy and super powerful, so I'd be interested in seeing what others are doing.

To use it, all you have to do is call the script and point it at some gnmap files. The script breaks up the results by host, port, protocol, state, service, version, os, Seq Index, IPID Seq, scan date, and scan flags, and passes them onto the database (nmapdb.sql schema provided).

$ ./nmaparse.py *.gnmap Number of rows inserted: 76 results

See the nmaparse.py project page for more details. Again, comments and critiques are welcome.

Posted by Marcin on Sunday, June 15, 2008 in Code and Security.

blog comments powered by Disqus
blog comments powered by Disqus