On Tue, Feb 05, 2002 at 09:38:45PM +0100, Lodin, Steven {GZ-Q~Mannheim} wrote:> Someone else mentioned Perl and gave a small code example. If this > is interesting to you, check out ndiff (Nmap diff). I don't have > the URL, but if I remember correctly, I found it from one of the > nmap mailing list archives on www.insecure.org. Ndiff was written by James Levine and is available at http://www.vinecorp.com/ndiff/ . Also, it sounds like the original poster had very simple needs, such as obtaining a list of ftp or web servers. The Nmap "grepable" output mode may be sufficient. The syntax is "-oG <filename>" and it puts the most critical info about a host on a line like this: Host: 127.0.0.1 (felix.insecure.org) Ports: 22/open/tcp//ssh///, 53/open/tcp//domain///, 515/open/tcp//printer///, 6000/open/tcp//X11/// Ignored State: closed (1548) OS: Linux Kernel 2.4.0 - 2.4.17 (X86) Seq Index: 3696008 IPID Seq: All zeros You can easily grep the file for ports like "/dtspc/" and OS strings like "Solaris". If there are a lot of results, you can obtain just the IPs by piping them to standard shell commands like 'cut "-d " -f2'. All this being said, I recommend the XML output mode (-oX) for more involved analysis and feeding results to other nontrivial programs. The XML also contains some info that I haven't found a place for in the normal (or grepable) output formats. Cheers, Fyodor http://www.insecure.org/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
