środa, 24 lipca 2024

Reading Nmap Log In Ruby

From time to time during pentests we're using nmap to scan the target host(s). Today we'll try to read nmap's log using Ruby. Below you'll find few details about it. Here we go...

This time we'll start here:


Main goal:
Today our main goal will be:
- read nmap's log using Ruby
- get open port(s) from nmap's log
- get some banners from that open port(s).

Looks simple, so let's move forward.

Preparing the Lab:
Similar to previous posts about pentests this time I used Ubuntu (but you can use Kali as well). Feel free to use any environment where you can find installed Ruby. In my case the version was "ruby 2.7.0p0". At this stage I also installed 'ruby-nmap'.

First results:
For our very first results we'll need a log file with some results of the scan. As an example I used nmap.log generated with:
$ nmap -sV -oX nmap.log target

Example results (from nmap's log) looks like this:

To parse results using ruby-nmap we can use one of the examples available in the documentation. For example:

To make things a bit easier I modified example script and added 'reading nmap.log from argv[1]'. Below you'll find modified code:


Running the script against our example nmap.log file should generate similar results to those presented below:

(Don't worry about the "keyword" in our super code. We'll use it later in another part of this post. ;)) 

So far we should be somewhere here - checking results for nmap's ScanMe host:


We should see results similar to those presented on the screen below:


That's all for this part. ;)


For more posts related to nmap, scanning and ruby - check here.

In case of any questions - you know how to find me.


Cheers




Brak komentarzy:

Prześlij komentarz