1

Linux を使用して、XP のみに一致するマシンのデータをフィルターで除外し、連続して削除する "nmap scan report for " 行を探しています。

Nmap scan report for 13.93.27.138
445/tcp open  microsoft-ds Microsoft Windows XP microsoft-ds
|   OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.139
Nmap scan report for 13.93.27.140
Nmap scan report for 13.93.27.141
Nmap scan report for 13.93.27.143
445/tcp   open  microsoft-ds Microsoft Windows XP microsoft-ds
Aggressive OS guesses: Microsoft Windows 2003 Small Business Server SP1 (91%), Microsoft Windows Server 2003 SP2 (91%), Microsoft Windows Server 2003 SP1 or SP2 (86%), Microsoft Windows XP Professional SP2 (French) (85%)
|   OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.144
Nmap scan report for 13.93.27.147
445/tcp   open  microsoft-ds Microsoft Windows XP microsoft-ds
Aggressive OS guesses: Microsoft Windows 2003 Small Business Server SP1 (91%), Microsoft Windows Server 2003 SP2 (90%), Microsoft Windows XP Professional SP2 (French) (85%), Microsoft Windows Server 2003 SP1 or SP2 (85%)
|   OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.148
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.191
445/tcp   open  microsoft-ds Microsoft Windows XP microsoft-ds
Aggressive OS guesses: Microsoft Windows 2003 Small Business Server SP1 (91%), Microsoft Windows Server 2003 SP2 (91%), Microsoft Windows Server 2003 SP1 or SP2 (86%), Microsoft Windows XP Professional SP2 (French) (85%)
|   OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.192
OS details: Microsoft Windows 2000 SP2 - SP4, Windows XP SP2 - SP3, or Windows Server 2003 SP0 - SP2

以下のみを示すレポートを探しています。

Nmap scan report for 13.93.27.138
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.147
OS: Windows XP (Windows 2000 LAN Manager)

私のアイデアは、awk、grep、sed、または perl: m/^Nmap を使用することでした。\n. !(^Nmap).*/m Nmap で始まる行を探し、改行の後に "OS: Windows XP" など、Nmap で始まらない次の行をコピーします。その後、もう一度開始します...

お手伝いありがとう :-)

4

3 に答える 3

3

使用するawk

awk -F "OS: " '/^Nmap/ {a=$0} /OS:/ {print a"\n"FS$2}' file
Nmap scan report for 13.93.27.138
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.143
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.147
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.148
OS: Windows XP (Windows 2000 LAN Manager)
Nmap scan report for 13.93.27.191
OS: Windows XP (Windows 2000 LAN Manager)
于 2013-09-21T07:04:30.257 に答える
1

When the problem is searching Nmap output, the answer is always, "Use the XML output format." This is because Nmap's regular output can change between versions and is not structured for machine input. zyou can get Nmap to emit XML with the -oX or -oA options.

You've already filtered the output down a lot, but I can tell from the "|" at the beginning of the lines that the output you want comes from a NSE script instead of the OS detection engine. Specifically, that is the output of the smb-os-discovery script. Knowing this, we can use an XML parser to look for each element //script[@id='smb-os-discovery'] whose output attribute contains the string "OS: Windows XP". Here's how to do that with xmlstarlet:

xmlstarlet sel -t -m "//script[@id='smb-os-discovery' and contains(@output, 'OS: Windows XP')" -v "ancestor::host/address[@addrtype='ipv4']/@addr" -n scan-output.xml

You can do similar things with the many XML parsing libraries in every language. Python, Perl, and Ruby all have good parsers specifically designed for Nmap's XML output.

EDIT: Since you only want the OS as detected by smb-os-detection, you could save time scanning by only running this script and skipping the OS fingerprinting step. Here's an example of a fast scan like this:

nmap -p 445 --script smb-os-detection -oA smb-scan-%y%m%d 192.0.2.0/24
于 2013-09-21T13:41:56.297 に答える
0

これでうまくいくはずです:

 perl -ne 'if (/nmap/i) { $nmap = $_ }; if (/(OS:.*XP.*)/) { print $nmap,$1,"\n"; }' report
于 2013-09-21T01:26:29.833 に答える