如何从Nmap输出扫描中省略某些行?

时间:2018-10-26 15:04:13

标签: python linux bash nmap

我正在运行命令nmap -v --script ssl-cert paypal.com -T4

我得到了巨大的输出,其中包含很多我不需要的信息。

这是完整的输出(我已经裁剪了生成实际证书密钥的部分):

Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 10:50 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 10:50
Completed NSE at 10:50, 0.00s elapsed
Initiating Ping Scan at 10:50
Scanning paypal.com (64.4.250.37) [4 ports]
Completed Ping Scan at 10:50, 0.15s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:50
Completed Parallel DNS resolution of 1 host. at 10:50, 0.05s elapsed
Initiating SYN Stealth Scan at 10:50
Scanning paypal.com (64.4.250.37) [1000 ports]
Discovered open port 110/tcp on 64.4.250.37
Discovered open port 135/tcp on 64.4.250.37
Discovered open port 143/tcp on 64.4.250.37
Discovered open port 80/tcp on 64.4.250.37
Discovered open port 25/tcp on 64.4.250.37
Discovered open port 443/tcp on 64.4.250.37
Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 2.07% done; ETC: 10:55 (0:04:44 remaining)
Discovered open port 21/tcp on 64.4.250.37
Discovered open port 8008/tcp on 64.4.250.37
Discovered open port 8010/tcp on 64.4.250.37
Completed SYN Stealth Scan at 10:51, 19.20s elapsed (1000 total ports)
NSE: Script scanning 64.4.250.37.
Initiating NSE at 10:51
Completed NSE at 10:51, 29.66s elapsed
Nmap scan report for paypal.com (64.4.250.37)
Host is up (0.12s latency).
Other addresses for paypal.com (not scanned): 64.4.250.36
Not shown: 536 filtered ports, 455 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
135/tcp  open  msrpc
143/tcp  open  imap
443/tcp  open  https
| ssl-cert: Subject: commonName=paypal.com/organizationName=PayPal, Inc./stateOrProvinceName=California/countryName=US/localityName=San Jose/organizationalUnitName=PayPal Production
| Subject Alternative Name: DNS:paypal.com
| Issuer: commonName=DigiCert SHA2 High Assurance Server CA/organizationName=DigiCert Inc/countryName=US/organizationalUnitName=www.digicert.com
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2018-10-22T00:00:00
| Not valid after:  2020-11-18T12:00:00
| MD5:   7705 9f8d cc8d d8a0 0835 e9ff cd9e 644f
| SHA-1: 595b 7897 7448 af87 cd2a 3bb9 5469 72e1 7e4e 7cec
| -----BEGIN CERTIFICATE-----
 *clipped data*
|_-----END CERTIFICATE-----
8008/tcp open  http
8010/tcp open  xmpp

NSE: Script Post-scanning.
Initiating NSE at 10:51
Completed NSE at 10:51, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 49.41 seconds
           Raw packets sent: 2621 (115.300KB) | Rcvd: 482 (19.420KB)

如您所见,这里有很多东西。我只需要443------BEGIN CERTIFICATE-------字段之间的行。

是否可以忽略其余的检索数据?

我尝试了一种效率不高的方法。我们可以看到在此扫描中总共只需要10行:从ssl-cert: Subject:SHA-1

到目前为止,我所做的基本上是一个从nmap -v --script ssl-cert T4 | grep '*keyword from each line here*'开始运行nmap命令的python脚本...

所以我的扫描大约需要20分钟,因为我要运行10次。

感谢您的帮助

2 个答案:

答案 0 :(得分:0)

... |  sed -n '/^443/,/BEGIN CERTIFICATE/p'

如果存在误报,您可能需要微调匹配的模式...

答案 1 :(得分:0)

nmap -v --script ssl-cert paypal.com -T4 | sed -En '/(^\|\s[a-zA-Z]+)/p'
  • -E激活扩展的正则表达式,因此我们可以使用()+
  • -n禁止打印图案空间
  • (^\|\s[a-zA-Z]+)搜索以^字符开始(|的流(需要正确处理它的“ \|”))和后跟一个空格({ {1}}),然后跟字母bweteen az和AZ(大写和小写)(\s)1次或多次([a-zA-Z]
  • +模式参数中的\...\p用于将匹配项打印在p
相关问题
最新问题