Effortlessly Extract Open Ports from Nmap Scans with This One-Liner Bash Script

nmap bash shell awk grep sed

Effortlessly Extract Open Ports from Nmap Scans with This One-Liner Bash Script

Outdated

Speed up your port scanning with this simple one-liner script! In this blog post, we'll show you how to extract all the open ports from an nmap scan and format them into a single line separated by commas. This can save you a lot of time when conducting service or version checks on hosts with multiple open ports. No more manual copying and pasting required!.

Effortlessly Extract Open Ports from Nmap Scans with This One-Liner Bash Script

If you’re a network or security engineer, you’re probably familiar with Nmap, the popular network scanner that can be used for a variety of tasks, including port scanning, host discovery, and service and version detection.

When performing a port scan with Nmap, you typically get a list of open, closed, and filtered ports, along with some additional information about each port, such as the protocol and service name. But what if you want to extract only the open ports from the scan output, so you can perform service and version checks on them? Doing this manually can be time-consuming and error-prone, especially if you’re dealing with a large number of open ports.

Luckily, there’s a simple one-liner Bash script that can extract all the open ports from your Nmap scan output and present them in one line, separated by commas.

Say you have below output

And we want to get to below Output

sudo nmap -sC -sV -p 53,80,88,135,139,389,445,464,593,636,3268,3269,5985,9389,47001,49664,49665,49666,49667,49673,49674,49675,49679,49685,49704,49708,50480

Imagine doing this manually, how many errors are you prone to make. Don’t worry, I just made your work easier :)

Here’s the script:

cat nmap/allports.nmap | grep '^[0-9]' | awk '{print $1}' | cut -d '/' -f1 | tr '\n' ',' | sed 's/,$//'

Let’s break down each part of the script:

cat nmap/allports.nmap: This command reads the contents of the file nmap/allports.nmap, which contains the Nmap scan output.

grep ‘^[0-9]’: This command filters out only the lines that start with a digit, which correspond to open ports. The ^ symbol denotes the start of a line, and [0-9] matches any digit.

awk ‘{print $1}’: This command selects only the first field of each line, which corresponds to the port number. The fields are separated by whitespace, and $1 denotes the first field.

cut -d ‘/’ -f1: This command removes the slash and the protocol (TCP/UDP) that follows the port number. It uses the cut command to split each line using the / character as the delimiter and selects only the first field (-f1).

tr ‘\n’ ‘,’: This command replaces all the newline characters (\n) with commas (,). It uses the tr command to perform the substitution.

sed ‘s/,$//’: This command removes the trailing comma at the end of the line. It uses the sed command to perform the substitution: the pattern ,$ matches the comma at the end of the line, and the empty replacement removes it.

The final output is a comma-separated list of the open port numbers, which you can easily copy and paste into another command, such as a service or version detection tool.

Using this script can save you a lot of time and effort, especially if you’re dealing with a large number of open ports. You can also customize the script to extract other information from the Nmap scan output, such as the service names or version numbers, by changing the commands or adding new ones.

In conclusion, if you’re working with Nmap scans and need to extract specific information from them, consider using Bash scripts like the one we’ve discussed here. They can make your work more efficient, productive, and enjoyable!