Nmap - Output Options

February 23, 2021

Any security tool is only as useful as the output it generates. Given the number of ways Nmap is used by people and other software, no single format can please everyone. So Nmap offers several formats, including the interactive mode for humans to read directly and XML for easy parsing by software.
Alert: Use Nmap as a root user. If you do not have root access, type sudo before every Nmap command. 
First things first, you can use the help command for Nmap by typing nmap -h

Normal Output (-oN <filespec>)

  • Requests that normal output is directed to the given filename.
  • Similar to interactive except that it displays less runtime information and warnings since it is expected to be analyzed after the scan completes rather than interactively.

XML Output (-oX <filespec>)

  • Requests that XML output is directed to the given filename.
  • The XML output references an XSL stylesheet which can be used to format the results as HTML.
  • By default, this will only work on the machine you ran Nmap on or a similarly configured one due to the hard-coded nmap.xsl filesystem path.
  • Use the --webxml (provides an online version nmap.xsl) or --stylesheet <location> (you can define any stylesheet here) options to create portable XML files that render as HTML on any web-connected machine. Example:--stylesheet https://nmap.org/svn/docs/nmap.xsl (this is similar to defining --webxml)

Script Kidde Output (-oS <filespec>)

  • Script kiddie output is like interactive output
  • Except that it is post-processed to better suit the l33t (Leet speak) HaXXorZ (Hacker Style).

Grepable Output (-oG <filespec>)

  • This output format is covered last because it is deprecated. The XML output format is far more powerful and is nearly as convenient for experienced users.
  • If you save the file in this format you can search the file using grep command using CLI. Example: (suppose file name is grep.file) 
cat grep.file | grep <search/display keywords>

Output all formats (-oA <basename>)

  • Stores scan results in normal, XML, and grepable formats at once. They are stored in <basename>.nmap, <basename>.xml, and <basename>.gnmap, respectively.
If you want to know what is going on during the scan. Add the -v command, which is for verbosity. It has three levels: -v, -vv, -vvv. More v's means more verbose. If you chose one level of verbose you can press in the middle of the scan to increase the verbosity.

Similarly, -d command, is for debugging. It has 9 levels and can be defined as -d1 till -d9. That is the highest effective level and will produce thousands of lines unless you run a very simple scan with very few ports and targets.

To know the percentage of completion, you can press any key in the middle of the scan and it will display the percentage.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)