nmaparse.py
nmaparse.py is a Python script that parses Nmap’s “grepable” output (.gnmap files) and then inserts them into a MySQL database. If a host has multiple ports open, it expands the results into multiple lines — one port per line into the following fields:
- Host
- Port
- OS
- Seq Index
- IPID Seq
- Scan date
- Scan flags
The script then splits up the port information into the following subfields:
- Port
- Protocol
- State
- Service
- Version
Together, the aforementioned fields make up each result. This allows you to load the results up into a database and perform all sorts of analysis, network device monitoring, etc. The script requires the Python MySQLdb module, and has been tested using Python 2.5.2. It uses this database schema (nmapdb.sql), though nothing stops you from using your own.
To use the script, it’s as simple as:
$ ./nmaparse.py results.gnmap
Number of rows inserted: 35 results
$ ./nmaparse.py *.gnmap
Number of rows inserted: 1520 results
You can also download nmaparse.py directly.
I get the following results. Any ideas?
sudo python nmapparse.py nmap-20090218.gnmap
Traceback (most recent call last):
File “nmapparse.py”, line 123, in
main()
File “nmapparse.py”, line 113, in main
results += parse_gnmap(infile)
File “nmapparse.py”, line 74, in parse_gnmap
line = delete_labels(line)
File “nmapparse.py”, line 35, in delete_labels
line[2] = line[2].replace(’OS: ‘, ”)
IndexError: list index out of range
Hey Eric, funny you mention that. I stumbled into the same issue with a couple scans I ran the other day. To fix this, I’m re-writing the script to parse an XML file instead, since gnmap is a bit of a hack.
Thanks Marcin. I can’t wait to try it out.
I receive the following errors relating to time stamp validation, (using output from Nmap 4.85BETA3) -
C:\>python nmaparse.py scan2.gnmap
Traceback (most recent call last):
File “nmaparse.py”, line 123, in
main()
File “nmaparse.py”, line 113, in main
results += parse_gnmap(infile)
File “nmaparse.py”, line 67, in parse_gnmap
date = strftime(”%Y-%m-%d %H:%M:%S”, strptime(infile[0].strip()[27:51]))
File “C:\Python25\lib\_strptime.py”, line 330, in strptime
(data_string, format))
ValueError: time data did not match format: data=ated Sat Feb 21 22:31:15 fmt=%a %b %d %H:%M:%S %Y
@Jayoshi, just comment (#) out line 67:
date = strftime(”%Y-%m-%d %H:%M:%S”, strptime(infile[0].strip()[27:51]))
By the way, I’m working on an XML -> CSV|Database parser for Nmap I hope to release this week.
Any progress on parsing the nmap xml files? Inquiring minds want to know.
Dude, would also like to see the nmap xml parser, even a rough and ready version
Alright, since you guys asked…
http://tssci-security.com/upload/nmapxmlparser.py
I will be refactoring it and hope to publish a real version soon.