Nmap Output Formatting

This post concentrates on assembling and presenting various types of outputs that Nmap provides. Sometimes, Nmap output is difficult to read, especially when scanning large networks with large amount of hosts. Nmap output options ensure, that the output is easily interpreted, organised and readable by different penetration testers working on the same project. The output formats also ensure that the output can be utilised in harmony with other required pieces of software, such as Metasploit. The output examples presented in this post are a result of a private network scan. This post does not explain the utilisation of various Nmap scan options as that’s beyond the scope of this post.
 

Normal Output (-oN)

Normal output is very similar to output that Nmap provides without writing any formatting commands, however adding -oN option enables the opportunity to output the standard output into a specified text file and also strips down information that are relevant only during the scan, such as “Discovered open port 80/tcp on 10.208.42.40” or “Initiating SYN Stealth Scan at 14:52”. Such messages are only outputted in verbose modes -v and -vv.

 
The Command Utilised

nmap -O -v -sV --reason --open -oN scan.nmap.txt 10.208.42.0/24

-oN —initiates Normal Output mode

scan.nmap.txt —specifies the file for the scan output to be saved

 

Normal Output in Nano

For this particular network, the text file contains 424 lines of information, which could create problems if you want to find a particular host. Normal output is suitable for single hosts or very small networks.
 

Grepable Output (-oG)

Greapable output formats the standard text output to be easily utilised by other Linux/Unix tools such as grep awk cut or diff. Each scanned host, its port and OS information is listed in a new line separated by the tab, slash and comma characters which define boundaries for such commands.

 
The Command Utilised

nmap -O -v -sV --reason --open -oG scan.nmap.txt 10.208.42.0/24

-oG —initiates Grepable Output mode

scan.nmap.txt —specifies the file for the scan output to be saved

 

Greapable Output in Nano

grep "Host: 10.208.42.52" scan.nmap.txt —displays all the information about the host 10.208.42.52 from the grepable output.

There are more commands that are able to process information from the Greapable Output more clearly and precisely, however that’s beyond the scope of this post.

 

XML Output (-oX)

XML Output is my favourite output option as it is the most flexible. XML files can be opened in web browsers and also implement in Metasploit to populate workgroups very easily. XML output requires Extensible Stylesheet Language (XSL) file to be specified in order to transform and render XML into HTML. In Kali, a XSL stylesheet is provided in Nmap directory /usr/share/nmap/nmap.xsl. If the entire path is specified in the Nmap command, the conversion does not work. The conversion works only if nmap.xsl resides within /root/ directory.

 
The Command Utilised

nmap -O -sV --reason --open -oX scan.nmap.xml --stylesheet=nmap.xsl 10.208.42.0/24

-oX —initiates XML Output mode

scan.nmap.txt —specifies the file for the scan output to be saved

--stylesheet=nmap.xsl —specifies the desired XSL stylesheet

 

XML Output in Iceweasel

 

 
Full Path Command (Doesn’t Work)

nmap -O -sV --reason --open -oX scan.nmap.xml --stylesheet=/usr/share/nmap/nmap.xsl 10.208.42.0/24

-oX —initiates XML Output mode

scan.nmap.txt —specifies the file for the scan output to be saved

--stylesheet=/usr/share/nmap/nmap.xsl —specifies the desired XSL stylesheet

 

XSL From Online Source (Doesn’t Work)

nmap -O -sV --reason --open -oX scan.nmap.xml --stylesheet=http://nmap.org/data/nmap.xsl 10.208.42.0/24

-oX —initiates XML Output mode

scan.nmap.txt —specifies the file for the scan output to be saved

--stylesheet=http://nmap.org/data/nmap.xsl —specifies the desired XSL stylesheet online

 

Creating Portable HTML Reports
XML output option has one drawback. It cannot be utilised on workstations with a different path to the XSL stylesheet or a workstation where the XSL stylesheet doesn’t exist, as it is required every time the XML file is executed. However, there is an option to convert XML files into HTML files permanently. There are few pieces of software that can be utilised for the conversion, however I personally find xsltproc the easiest to use, and it’s included in Kali by default!

 
The Command Utilised

xsltproc scan.nmap.xml -o scan.html

scan.nmap.xml —defines the location and the name of XML file that needs to be converted

-o —defines direct output into a given file

scan.html —defines the location and the name of HTML file