Goal:
From my backup box on my local network, knowing the Wifi MAC address of my laptop, I would like to dynamically identify which ip address is attributed to my laptop.
The aim is to store this ip address in a local variable and that this information is retrieved by another backup script
Problem:
Calling the command nmap, as root user I want to write a script that will extract the ip address from the MAC address of my laptop.
Question:
How would you do that and with which script language?
Shell, perl, python?
Example:
from the result of nmap and with the MAC address X1:X2:3X:X4:X5:Y6, I want to extract:
Code:
Laptop-Fred=192.168.0.10
Code:
# nmap
Starting Nmap 6.45 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2014-10-30 07:05 CET
Nmap scan report for 192.168.0.1
Host is up (0.0047s latency).
MAC Address: XX:XF:0X:X1:XX:YY (Netgear)
Nmap scan report for 192.168.0.10
Host is up (0.074s latency).
MAC Address: X1:X2:3X:X4:X5:Y6 (Netgear)
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 5.61 seconds
Many thanks for any input!
Keep up the good work.
Cheers,
Last edited by Scrutinizer; 10-30-2014 at 05:57 AM..
Reason: code tags
Hi sir,
i want to make such programe which takes MAC(Ethernet) address of any host & give me its IP address.......
but i'm nt getting that how i can pass the MAC address to Frame........
Please give me an idea for making such program...
Thanks & regards
Krishna (3 Replies)
Hi
I need to write a bash shell script. I have two separate text files. One file contains a list of MAC addresses taken from a network scan, the other contains a list of MAC addresses for our currently-managed devices. How can I compare these two files, and output a list of addresses that have... (6 Replies)
Hi everyone.
I'm looking for a way to extract the video card properties (Name, Driver version, amount of vram). I've managed to deal with nVidia cards, but nothing came for ATI/AMD cards and other kind of chipsets. Can someone point a way to do this?
Thanks. (4 Replies)
Hi there
I lost connectivity to one of our remote systems and when I checked the messages log I found the following:
Aug 10 23:42:34 host xntpd: time reset (step) 1.681729 s
Aug 16 13:20:51 host ip: WARNING: node "mac address" is using our IP address x.x.x.x on aggr1
Aug 16 13:20:51 host... (9 Replies)
I'm having trouble getting my WIFI card to work. It's Device ID is :0c:00.0 0280: 14e4:4315 (rev 01). My OS is BT5. The card works with Lucid just fine. I've gone to the Hardware drivers to try and download it but when I try I always get this:
SystemError: installArchives()failedI've gone to... (2 Replies)
I have hp dv6 and dv7 notebook pcs on which I want to upgrade the wifi cards but when I install the new cards and boot them, the they won't even boot to the bios and they both give me the same error: "104-Unsupported wireless network device detected. System Halted. Remove device and restart." When... (1 Reply)
After installing the latest version of Kali on my Lenovo S21E laptop, I cannot access the internet.
wlan0 does not show up in ifconfig and I cannot connect to the internet.
If you need any other additional information, I will provide it. Thank you kindly. (8 Replies)
four interfaces with ifconfig
all interfaces have the same mac. If is not set for unique.
but it still works.
what difference does it make to have all macs the same or different? (4 Replies)
Hy every body,
Unfortunately and without success, i want to write a bash script who maps a known IP addess to a known MAC address using iptables and for the FORWARD chain.
Within the DHCP server, i have assigned a fixed IP address to all clients based on their MAC addresses of their... (11 Replies)
Discussion started by: hermouche
11 Replies
LEARN ABOUT DEBIAN
nmap::parser
Parser(3pm) User Contributed Perl Documentation Parser(3pm)NAME
Nmap::Parser - parse nmap scan data with perl
SYNOPSIS
use Nmap::Parser;
my $np = new Nmap::Parser;
$np->parsescan($nmap_path, $nmap_args, @ips);
#or
$np->parsefile($file_xml);
my $session = $np->get_session();
#a Nmap::Parser::Session object
my $host = $np->get_host($ip_addr);
#a Nmap::Parser::Host object
my $service = $host->tcp_service(80);
#a Nmap::Parser::Host::Service object
my $os = $host->os_sig();
#a Nmap::Parser::Host::OS object
#---------------------------------------
my $np2 = new Nmap::Parser;
$np2->callback(&my_callback);
$np2->parsefile($file_xml);
#or
$np2->parsescan($nmap_path, $nmap_args, @ips);
sub my_callback {
my $host = shift;
#Nmap::Parser::Host object
#.. see documentation for all methods ...
}
For a full listing of methods see the documentation corresponding to each object.
DESCRIPTION
This module implements a interface to the information contained in an nmap scan. It is implemented by parsing the xml scan data that is
generated by nmap. This will enable anyone who utilizes nmap to quickly create fast and robust security scripts that utilize the powerful
port scanning abilities of nmap.
OVERVIEW
This module has an internal framework to make it easy to retrieve the desired information of a scan. Every nmap scan is based on two main
sections of informations: the scan session, and the scan information of all hosts. The session information will be stored as a
Nmap::Parser::Session object. This object will contain its own methods to obtain the desired information. The same is true for any hosts
that were scanned using the Nmap::Parser::Host object. There are two sub objects under Nmap::Parser::Host. One is the
Nmap::Parser::Host::Service object which will be used to obtain information of a given service running on a given port. The second is the
Nmap::Parser::Host::OS object which contains the operating system signature information (OS guessed names, classes, osfamily..etc).
Nmap::Parser -- Core parser
|
+--Nmap::Parser::Session -- Nmap scan session information
|
+--Nmap::Parser::Host -- General host information
| |
| |-Nmap::Parser::Host::Service -- Port service information
| |
| |-Nmap::Parser::Host::OS -- Operating system signature information
METHODS
Nmap::Parser
The main idea behind the core module is, you will first parse the information and then extract data. Therefore, all parse*() methods should
be executed before any get_*() methods.
parse($string)
parse($filehandle)
Parses the nmap scan information in $string. Note that is usually only used if you have the whole xml scan information in $string or if
you are piping the scan information.
parsefile($xml_file)
Parses the nmap scan data in $xml_file. This file can be generated from an nmap scan by using the '-oX filename.xml' option with nmap.
If you get an error or your program dies due to parsing, please check that the xml information is compliant. The file is closed no mat-
ter how "parsefile()" returns.
parsescan($nmap,$args,@ips)
This method runs an nmap scan where $nmap is the path to the nmap executable, $args are the nmap command line parameters, and @ips are
the list of IP addresses to scan. parsescan() will automagically run the nmap scan and parse the information. See section EXAMPLES for
a short tutorial
Note: You cannot have one of the nmap options to be '-oX', '-oN' or '-oG'. Your program will die if you try and pass any of these
options because it decides the type of output nmap will generate. The IP addresses can be nmap-formatted addresses (see nmap(1)
If you get an error or your program dies due to parsing, please check that the xml information is compliant. If you are using parses-
can() or an open filehandle , make sure that the nmap scan that you are performing is successful in returning xml information. (Some-
times using loopback addresses causes nmap to fail).
purge()
Cleans the xml scan data from memory. This is useful if you have a program where you are parsing lots of nmap scan data files with per-
sistent variables.
callback(&code_ref)
Sets the parsing mode to be done using the callback function. It takes the parameter of a code reference or a reference to a function.
If no code reference is given, it resets the mode to normal (no callback).
$np->callback(&my_function); #sets callback, my_function() will be called
$np->callback(); #resets it, no callback function called. Back to normal.
get_session()
Obtains the Nmap::Parser::Session object which contains the session scan information.
get_host($ip_addr)
Obtains the Nmap::Parser::Host object for the given $ip_addr.
del_host($ip_addr)
Deletes the stored Nmap::Parser::Host object whose IP is $ip_addr.
all_hosts()
all_hosts($status)
Returns an array of all the Nmap::Parser::Host objects for the scan. If the optional status is given, it will only return those hosts
that match that status. The status can be any of the following: "(up|down|unknown|skipped)"
get_ips()
get_ips($status)
Returns the list of IP addresses that were scanned in this nmap session. They are sorted using ipv4_sort. If there are IPv6 addresses,
or mixed, it might not be in correct sorted order. If the optional status is given, it will only return those IP addresses that match
that status. The status can be any of the following: "(up|down|unknown|skipped)"
ipv4_sort(@ips)
This function takes a list of IPv4 addresses and returns the correctly sorted version of the list.
Nmap::Parser::Session
This object contains the scan session information of the nmap scan.
finish_time()
Returns the numeric time that the nmap scan finished.
nmap_version()
Returns the version of nmap used for the scan.
numservices()
numservices($type)
If numservices is called without argument, it returns the total number of services that were scanned for all types. If $type is given,
it returns the number of services for that given scan type. See scan_types() for more info.
scan_args()
Returns a string which contains the nmap executed command line used to run the scan.
scan_type_proto($type)
Returns the protocol type of the given scan type (provided by $type). See scan_types() for more info.
scan_types()
Returns the list of scan types that were performed. It can be any of the following: "(syn|ack|bounce|connect|null|xmas|window|mai-
mon|fin|udp|ipproto)".
start_str()
Returns the human readable format of the start time.
start_time()
Returns the numeric form of the time the nmap scan started.
time_str()
Returns the human readable format of the finish time.
xml_version()
Returns the version of nmap xml file.
Nmap::Parser::Host
This object represents the information collected from a scanned host.
status()
Returns the state of the host. It is usually one of these "(up|down|unknown|skipped)".
addr()
Returns the main IP address of the host. This is usually the IPv4 address. If there is no IPv4 address, the IPv6 is returned (hopefully
there is one).
addrtype()
Returns the address type of the address given by addr() .
all_hostnames()
Returns a list of all hostnames found for the given host.
extraports_count()
Returns the number of extraports found.
extraports_state()
Returns the state of all the extraports found.
hostname()
hostname($index)
As a basic call, hostname() returns the first hostname obtained for the given host. If there exists more than one hostname, you can
provide a number, which is used as the location in the array. The index starts at 0;
#in the case that there are only 2 hostnames
hostname() eq hostname(0);
hostname(1); #second hostname found
hostname(400) eq hostname(1) #nothing at 400; return the name at the last index
ipv4_addr()
Explicitly return the IPv4 address.
ipv6_addr()
Explicitly return the IPv6 address.
mac_addr()
Explicitly return the MAC address.
mac_vendor()
Return the vendor information of the MAC.
os_sig()
Returns an Nmap::Parser::Host::OS object that can be used to obtain all the Operating System signature (fingerprint) information. See
Nmap::Parser::Host::OS for more details.
$os = $host->os_sig;
$os->name;
$os->osfamily;
tcpsequence_class()
tcpsequence_index()
tcpsequence_values()
Returns the class, index and values information respectively of the tcp sequence.
ipidsequence_class()
ipidsequence_values()
Returns the class and values information respectively of the ipid sequence.
tcptssequence_class()
tcptssequence_values()
Returns the class and values information respectively of the tcpts sequence.
uptime_lastboot()
Returns the human readable format of the timestamp of when the host had last rebooted.
uptime_seconds()
Returns the number of seconds that have passed since the host's last boot from when the scan was performed.
tcp_ports()
udp_ports()
Returns the sorted list of TCP|UDP ports respectively that were scanned on this host. Optionally a string argument can be given to
these functions to filter the list.
$host->tcp_ports('open') #returns all only 'open' ports (even 'open|filtered')
$host->udp_ports('open|filtered'); #matches exactly ports with 'open|filtered'
Note that if a port state is set to 'open|filtered' (or any combination), it will be counted as an 'open' port as well as a 'filtered'
one.
tcp_port_count()
udp_port_count()
Returns the total of TCP|UDP ports scanned respectively.
tcp_port_state($portid)
udp_port_state($portid)
Returns the state of the given port, provided by the port number in $portid.
tcp_open_ports()
udp_open_ports()
Returns the list of open TCP|UDP ports respectively. Note that if a port state is for example, 'open|filtered', it will appear on this
list as well.
tcp_filtered_ports()
udp_filtered_ports()
Returns the list of filtered TCP|UDP ports respectively. Note that if a port state is for example, 'open|filtered', it will appear on
this list as well.
tcp_closed_ports()
udp_closed_ports()
Returns the list of closed TCP|UDP ports respectively. Note that if a port state is for example, 'closed|filtered', it will appear on
this list as well.
tcp_service($portid)
udp_service($portid)
Returns the Nmap::Parser::Host::Service object of a given service running on port, provided by $portid. See Nmap::Parser::Host::Service
for more info.
$svc = $host->tcp_service(80);
$svc->name;
$svc->proto;
Nmap::Parser::Host::Service
This object represents the service running on a given port in a given host. This object is obtained by using the tcp_service($portid) or
udp_service($portid) method from the Nmap::Parser::Host object. If a portid is given that does not exist on the given host, these functions
will still return an object (so your script doesn't die). Its good to use tcp_ports() or udp_ports() to see what ports were collected.
confidence()
Returns the confidence level in service detection.
extrainfo()
Returns any additional information nmap knows about the service.
method()
Returns the detection method.
name()
Returns the service name.
owner()
Returns the process owner of the given service. (If available)
port()
Returns the port number where the service is running on.
product()
Returns the product information of the service.
proto()
Returns the protocol type of the service.
rpcnum()
Returns the RPC number.
tunnel()
Returns the tunnel value. (If available)
version()
Returns the version of the given product of the running service.
Nmap::Parser::Host::OS
This object represents the Operating System signature (fingerprint) information of the given host. This object is obtained from an
Nmap::Parser::Host object using the "os_sig()" method. One important thing to note is that the order of OS names and classes are sorted by
DECREASING ACCURACY. This is more important than alphabetical ordering. Therefore, a basic call to any of these functions will return the
record with the highest accuracy. (Which is probably the one you want anyways).
all_names()
Returns the list of all the guessed OS names for the given host.
class_accuracy()
class_accuracy($index)
A basic call to class_accuracy() returns the osclass accuracy of the first record. If $index is given, it returns the osclass accuracy
for the given record. The index starts at 0.
class_count()
Returns the total number of OS class records obtained from the nmap scan.
name()
name($index)
names()
names($index)
A basic call to name() returns the OS name of the first record which is the name with the highest accuracy. If $index is given, it
returns the name for the given record. The index starts at 0.
name_accuracy()
name_accuracy($index)
A basic call to name_accuracy() returns the OS name accuracy of the first record. If $index is given, it returns the name for the given
record. The index starts at 0.
name_count()
Returns the total number of OS names (records) for the given host.
osfamily()
osfamily($index)
A basic call to osfamily() returns the OS family information of the first record. If $index is given, it returns the OS family infor-
mation for the given record. The index starts at 0.
osgen()
osgen($index)
A basic call to osgen() returns the OS generation information of the first record. If $index is given, it returns the OS generation
information for the given record. The index starts at 0.
portused_closed()
Returns the closed port number used to help identify the OS signatures. This might not be available for all hosts.
portused_open()
Returns the open port number used to help identify the OS signatures. This might not be available for all hosts.
type()
type($index)
A basic call to type() returns the OS type information of the first record. If $index is given, it returns the OS type information for
the given record. The index starts at 0.
vendor()
vendor($index)
A basic call to vendor() returns the OS vendor information of the first record. If $index is given, it returns the OS vendor informa-
tion for the given record. The index starts at 0.
EXAMPLES
I think some of us best learn from examples. These are a couple of examples to help create custom security audit tools using some of the
nice features of the Nmap::Parser module. Hopefully this can double as a tutorial. More tutorials (articles) can be found at www.nmap-
parser.com
Real-Time Scanning - (no better "time()" like 'now')
You can run a nmap scan and have the parser parse the information automagically. The only constraint is that you cannot use '-oX', '-oN',
or '-oG' as one of your arguments for nmap command line parameters passed to parsescan().
use Nmap::Parser;
my $np = new Nmap::Parser;
my @hosts = @ARGV; #get hosts from cmd line
#runs the nmap command with hosts and parses it automagically
$np->parsescan('/usr/bin/nmap','-sS O -p 1-1023',@hosts);
for my $host ($np->all_hosts()){
print $host->hostname."
";
#do mor stuff...
}
Callbacks - ("not our $normal *69")
This is probably the easiest way to write a script with using Nmap::Parser, if you don't need the general scan session information. During
the parsing process, the parser will obtain information of every host. The callback function (in this case 'booyah()') is called after the
parsing of every host (sequentially). When the callback returns, the parser will delete all information of the host it had sent to the
callback. This callback function is called for every host that the parser encounters. The callback function must be setup before parsing
use Nmap::Parser;
my $np = new Nmap::Parser;
$np->callback( &booyah );
$np->parsefile('nmap_results.xml');
# or use parsescan()
sub booyah {
my $host = shift; #Nmap::Parser::Host object, just parsed
print 'IP: ',$host->addr,"
";
# ... do more stuff with $host ...
#when it returns, host object will be deleted from memory
#(good for processing VERY LARGE files or scans)
}
Multiple Instances - ("no less 'of'; my $self")
Using multiple instances of Nmap::Parser is extremely useful in helping audit/monitor the network Policy (ohh noo! its that 'P' word!). In
this example, we have a set of hosts that had been scanned previously for tcp services where the image was saved in base_image.xml. We now
will scan the same hosts, and compare if any new tcp have been open since then (good way to look for suspicious new services). Easy secu-
rity Compliance detection. (ooh noo! The 'C' word too!).
use Nmap::Parser;
use vars qw($nmap_exe $nmap_args @ips);
my $base = new Nmap::Parser;
my $curr = new Nmap::Parser;
$base->parsefile('base_image.xml'); #load previous state
$curr->parsescan($nmap_exe, $nmap_args, @ips); #scan current hosts
for my $ip ($curr->get_ips )
{
#assume that IPs in base == IPs in curr scan
my $ip_base = $base->get_host($ip);
my $ip_curr = $curr->get_host($ip);
my %port = ();
#find ports that are open that were not open before
#by finding the difference in port lists
my @diff = grep { $port{$_} < 2}
(map {$port{$_}++; $_}
( $ip_curr->tcp_open_ports , $ip_base->tcp_open_ports ));
print "$ip has these new ports open: ".join(',',@diff) if(scalar @diff);
for (@diff){print "$_ seems to be ",$ip_curr->tcp_service($_)->name,"
";}
}
SUPPORT
Discussion Forum
If you have questions about how to use the module, or any of its features, you can post messages to the Nmap::Parser module forum on
CPAN::Forum. <http://www.cpanforum.com/dist/Nmap-Parser>
Bug Reports
Please submit any bugs to: <http://sourceforge.net/tracker/?group_id=97509&atid=618345>
Please make sure that you submit the xml-output file of the scan which you are having trouble. This can be done by running your scan with
the -oX filename.xml nmap switch. Please remove any important IP addresses for security reasons.
SEE ALSO
nmap, XML::Twig
The Nmap::Parser page can be found at: <http://www.nmapparser.com>. It contains the latest developments on the module. The nmap security
scanner homepage can be found at: <http://www.insecure.org/nmap/>.
AUTHOR
Anthony G Persaud <apersaud@gmail.com> <http://www.anthonypersaud.com>
COPYRIGHT
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER-
CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
<http://www.opensource.org/licenses/gpl-license.php>
perl v5.8.8 2005-08-13 Parser(3pm)
10-30-2014
