nmap loop on shell script cannot run - loops

i have loop to use Nmap command
for subnet in `cat list_subnet.tmp`
do
echo ${subnet}
nmap -sL -n ${subnet}
done
and nmap cannot list. this is output.
./abc.sh
10.159.18.1/27
Starting Nmap 7.70 ( https://nmap.org ) at 2022-11-03 09:06 +07
"nable to split netmask from target expression: "10.159.18.1/27
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.00 seco
but when i run normal. it is ok
/usr/bin/nmap -sL -n 10.159.18.1/27
Starting Nmap 7.70 ( https://nmap.org ) at 2022-11-03 09:06 +07
Nmap scan report for 10.159.18.0
Nmap scan report for 10.159.18.1
Nmap scan report for 10.159.18.2
Nmap scan report for 10.159.18.3
Nmap scan report for 10.159.18.4
Nmap scan report for 10.159.18.5
Nmap scan report for 10.159.18.6
Nmap scan report for 10.159.18.7
i think have problem with bask. and it not cannot run in loop. any ideal to fix that.

Related

nMap scan ssl cipher list fail if argument -sV added

To All,
I am writing a service running HTTPS protocol that accept secure connection using Openssl.
After that, I tested SSL connection using nmap with the following command:
nmap --script ssl-enum-ciphers -p 443 192.168.2.1
Nmap scan report for 192.168.2.1
Host is up (0.0029s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256k1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256k1) - A
| compressors:
| NULL
| cipher preference: client
|_ least strength: A
However, if the the argument -sV is added, then it displays following
nmap --script ssl-enum-ciphers -sV -p 443 192.168.2.1
Starting Nmap 7.01 ( https://nmap.org ) at 2021-05-25 09:15 CST
Nmap scan report for 192.168.2.1
Host is up (0.0030s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/https?
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.79 seconds
the -sV is used to probe service/version info, I am wondering is it because I am using ECHDE only?
Anyway, here's how I setup my SSL connection (Remove error checking for easy reading).
SSL_library_init();
SSL_load_error_strings();
CTX = SSL_CTX_new(TLSv1_2_server_method());
SL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384");
SSL_CTX_ctrl((CTX),SSL_CTRL_SET_ECDH_AUTO,1,NULL);
SSL_CTX_use_certificate_file(CTX, pem, SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(CTX, pem, SSL_FILETYPE_PEM);
SSL_CTX_use_certificate_chain_file(CTX, chain);
I am suspecting the ciphers ECDHE, because if I use Cipher list "AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384", everything seems to work fine.
Any help is appreciated, thanks.

nmap output Failed to open normal output file n for writing

when I execute using zenmap command, I get the error, Failed to open normal output file n for writing QUITTING!
How can I write the scan result to a file?
nmap -oN n "c:\\temp\\scan1.txt" 192.168.1.2
According to this quote from the manual:
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
It appears that the file designation should be placed immediately following the oN (ie, without the intervening n).
Make sure your directory and folder names are correct. This happens when you try to save the output file and path you gave does not exist or match.
try to first go to the directory on command line, then run the command with just name of the text like in the following;
nmap -oN scan.txt scanme.nmap.org
Just place a " - " before writing an target IP address
command:-sudo nmap -oG 192.168.18.0/24 -vv
result:-Failed to open machine output file 192.168.18.0/24 for writing
QUITTING!
after placing " - " before writing IP address
command:-sudo nmap -oG - 192.168.18.0/24 -vv
result:-# Nmap 7.91 scan initiated Wed Aug 25 15:22:58 2021 as: nmap -oG - -vv 192.168.18.0/24
#Ports scanned: TCP(1000;1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121.............................................................................................................................

Nmap port scanning array

I am doing a nmap bash script, and I am just wondering if there is any possibility to use array list for my port commands. For example:
port=[23,45,75,65]
for i in 21 do
nmap -p x,y 192.168.1.$i
done
e.g. At the x,y place I want to use the number 23,45
I'm not sure if that's what you want, but you can try this:
ports="23,45,75,65"
for i in 21 do
nmap -p "$ports" 192.168.1.$i
done
You can also do:
ports="23,45,75,65"
targets="1-25"
nmap -p "$ports" "192.168.1.$targets"
Scanning an array of ports is already built in to nmap. See http://nmap.org/book/man-port-specification.html for more details on the syntax, but here's an excerpt that may give you what you need:
For example, the argument -p U:53,111,137,T:21-25,80,139,8080 would scan UDP ports 53, 111,and 137, as well as the listed TCP ports.

Nmap , host discovery

How can I find all hosts that are up, and display only
Nman scan report for xxxx.xxxx.xxxx (ip address)
Host is up(latency)
MAC Address -mac adress-(company)
Assuming your targets are directly connected:
nmap -n -sn <targets>
(no rDNS, ping scan)

search a file containg an nmap scan with a block of 5 lines and only if 2 of the lines meet the requirements

any one know how to grep a file and look for 2 lines of information and only output those lines. I'm performing an nmap scan on our network 10.1.1.x - 10.1.254.x and i'm looking for all IPs with port 22 open. Nmap creates my file but it contains entries with the following 3 types of entries
Nmap scan report for 10.1.0.1
<br>Host is up 93.1s latency).
<br>Scanned at (Date) (Time)
<br>Port State Service
<br>22/tcp filtered ssh
Nmap scan report for 10.1.0.2
<br>Host is up 93.1s latency).
<br>Scanned at (Date) (Time)
<br>Port State Service
<br>22/tcp open ssh
Nmap scan report for 10.1.0.3
<br>Host is up 93.1s latency).
<br>Scanned at (Date) (Time)
<br>Port State Service
<br>22/tcp open ssh
Nmap scan report for 10.1.0.4
<br>Host is up 93.1s latency).
<br>Scanned at (Date) (Time)
<br>Port State Service
<br>22/tcp filtered ssh
I am looking to grep the file and return lines 1 and 5, and only if line 5 contains open.
I've tried: grep -e '10.1' -e 'open' file.txt
This nets what I want but returns every line 1 and also lines 1 and 5
I've tried: sed -e '/10.1./,/open/!d' file.txt
but this returns the same as using: cat file.txt
Also tried awk '/10/ && /open/' file.txt
but doesn't return anything
Any suggestions
$ awk 'BEGIN{RS="";FS=OFS="\n"} $5~/open/{ print $1, $5 }' file
Nmap scan report for 10.1.0.2
<br>22/tcp open ssh
Nmap scan report for 10.1.0.3
<br>22/tcp open ssh
or if you prefer:
$ awk 'BEGIN{RS="";ORS="\n\n";FS=OFS="\n"} $5~/open/{ print $1, $5 }' file
Nmap scan report for 10.1.0.2
<br>22/tcp open ssh
Nmap scan report for 10.1.0.3
<br>22/tcp open ssh
Using gnu awk, you can do this
awk '/10\.1/ && /open/' RS="\n\n" file
Nmap scan report for 10.1.0.2
<br>Host is up 93.1s latency).
<br>Scanned at (Date) (Time)
<br>Port State Service
<br>22/tcp open ssh
Nmap scan report for 10.1.0.3
<br>Host is up 93.1s latency).
<br>Scanned at (Date) (Time)
<br>Port State Service
<br>22/tcp open ssh
This change the Record size from one line to one section. Then you can get what you want. You need also to escape the . or else it means any character and not .
To also search for port you can add it like this:
awk '/10\.1/ && /open/ && /22\/tcp/' RS="\n\n" file
Here is an version that will work with most awk version
awk '/10\.1/ {p=1} p {s=s"\n"$0} /filtered/ {p=0;s=""} /open/ {print s,$0;p=0;s=""}' file
you can try gnu awk
you can using awk '/10\.1\./ && /open/' RS="" file if every 5 lines split by blank line

Resources