#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2005
    Posts
    19
    Rep Power
    0

    Grabbing IP Addresses From Nmap Output


    Hey guys,

    I'm trying to grab IP addresses from Nmap output that I've gathered, and I am having trouble using the regex functionality in Python. Here's the output I'm trying to get an IP out of:

    Code:
    Interesting ports on the.host (54.23.45.67):
    (The 1661 ports scanned but not shown below are in state: filtered)
    PORT   STATE SERVICE
    21/tcp open  ftp
    53/tcp open  domain
    ...and here's the code I have so far:

    Code:
    #!/usr/bin/python
    
    import sys
    import re
    
    infile = open("/root/output.nmap", "r")
    for line in infile.readlines():
        ip = re.compile('([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})\\s-\\s-\\s\\[([^\\]]+)\\]')
        if ip.match(line) > 0:
            print line
    Basically, there are a ton of these host entries like the one above, and I'm trying to produce a single text file with nothing but IPs in it. So I want to scan a range with Nmap, find all the hosts that are open, and create a file with nothing but those IPs in it.

    Any ideas? With my current code I can only capture content that <em>starts</em> the line -- not lives within it. Anyway, any thoughts would be helpful.
  2. #2
  3. Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Dec 2004
    Location
    Meriden, Connecticut
    Posts
    1,797
    Rep Power
    154
    I don't have the answer, but instead of doing:
    Code:
    infile = open("/root/output.nmap", "r")
    for line in infile.readlines():
    You should do:
    Code:
    for line in file('/root/output.nmap'):
    This is simply for better coding practice.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2005
    Posts
    19
    Rep Power
    0
    Still interested if you guys have something cool, but I just figured out the EASY way.

    nmap -oG produces greppable output, which can then be captured like so:

    Code:
    cat output.gnmap | cut -d" " -f2 | ^[0-9]
    LOL
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2005
    Posts
    19
    Rep Power
    0
    Originally Posted by †Yegg†
    I don't have the answer, but instead of doing:
    Code:
    infile = open("/root/output.nmap", "r")
    for line in infile.readlines():
    You should do:
    Code:
    for line in file('/root/output.nmap'):
    This is simply for better coding practice.
    Ah, yes...far more elegant. Thanks for the tip.
  8. #5
  9. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2005
    Posts
    616
    Rep Power
    65

    Red face


    Originally Posted by †Yegg†
    You should do:
    Code:
    for line in file('/root/output.nmap'):
    This is simply for better coding practice.
    Makes me wonder, is the file being closed after all that elegance?
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2005
    Posts
    19
    Rep Power
    0
    I believe Python closes files for you by default; doing so manually is just a good habit, as far as I know.
  12. #7
  13. Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Dec 2004
    Location
    Meriden, Connecticut
    Posts
    1,797
    Rep Power
    154
    If you do the following, the file will not automatically close:
    Code:
    file = open('filename.txt', 'w');
    file.write('text\n');
    However if you did that and added in the following line:
    Code:
    file.close();
    The file would close. Python only automatically closed files when doing for loops, etc.
    If you are writing to a file, simply do:
    Code:
    open('filename.txt', 'w').write('text\n');
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Feb 2004
    Location
    London, England
    Posts
    1,585
    Rep Power
    1373
    The file will be closed when the file object is destroyed, usually when it goes out of scope. If it is in the global scope then it will be closed when the program ends.

    As for parsing nmap output, nmap has an option to output the scan results in XML, so you could use one of the numerous XML libraries in python to parse it. However since you just want a list of IP addresses this is probably overkill.

    The problem with your original code is that you are using re.match, which only matches at the start of the string. You need to use re.search, which will match the regex anywhere in the string. Alternatively you could put ".*" at the start of the regex to match everything up until the IP address.

    Your regex can also be greatly simplified:

    1) use raw strings so you do not have to double up all the backslashes. This will change your regex from:

    '([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})\\s-\\s-\\s\\[([^\\]]+)\\]'

    to

    r'([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s-\s-\s\[([^\]]+)\]'

    2) use "\d" to match a single digit instead of [0-9]. This will change the regex to:

    r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s-\s-\s\[([^\]]+)\]'

    3) You could use the {n} directive to remove the repetition of the IP address bytes, i.e.

    r'(\d{1,3}(\.\d{1,3}){3})\s-\s-\s\[([^\]]+)\]'

    it is debatable whether this is more or less readable though.

    4) I am not sure what the last part of the regex is supposed to match, since there is nothing in your sample data that matches it. However it could be simplified by using a non-greedy match instead of matching on non-] characters. i.e. change

    r'\[([^\]]+)\]'

    to

    r'\[(.+?)\]'



    Dave - The Developers' Coach

    Comments on this post

    • netytan agrees
  16. #9
  17. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    Ignoring the last part of the regular expression you can make it more readable with a little reshuffling, it also ends up two characters shorter. No great difference but in the cryptic world of regular expressions every little counts .

    (\d{1,3}\.\d{1,3}){3}

    On the subject of the automatic closing of file() objects I believe that the file will also be destroyed, and thus closed when it isn't referenced by any other variables.

    Take care,

    Mark.
    programming language development: www.netytan.com Hula

  18. #10
  19. Mini me.
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2003
    Location
    Cambridge, UK
    Posts
    783
    Rep Power
    13
    Only Pythons knowledge of its existance is destroyed The physical file is not destroyed - just closed.

    You can open and close a file as often as you like as long as you keep a reference to it.

    grim
    Last edited by Grim Archon; June 3rd, 2005 at 06:28 AM.
  20. #11
  21. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    Originally Posted by Grim Archon
    Only Pythons knowledge of its existance is destroyed The physical file is not destroyed - just closed.

    You can open and close a file as often as you like as long as you keep a reference to it.

    grim
    I guess I didn't term that very well, what I actually meant to say was that the file() object will be closed and destroyed by the garbage collector when there aren't any more references to it . Not the actual file .

    Thanks Grim,

    Mark.
    programming language development: www.netytan.com Hula


IMN logo majestic logo threadwatch logo seochat tools logo