Hello friends, several times you might have used NMAP to performing Network scanning for enumerating active Port services of target machine but there are sometimes where we want to save the nmap scan. Nmap output scan is used to save the result of nmap scan in different formats.
Attacker: Kali Linux
Target’s IP: 192.168.1.113
Normal Output Format
-oN <filespec> (normal output)
Nmap supports different formats for saving scan results. Depending on your needs, you can choose between a normal, XML, and grepable output. Normal mode saves the output as you see it on your screen, minus the runtime debugging information. This mode presents the findings in a well structured and easy-to-understand manner.
nmap192.168.1.113 -oN /root/Desktop/nmap
Now the scan is saved on desktop and we can access it using cat or text editor.
XML Output Format
-oX <filespec> (XML output)
XML stands for Extensible Markup Language is a usually known, tree-structured file format supported by Nmap.To save the scan results to a file in the XML format; add the option -oX <filename>, as shown in the following command:
nmap –p80 192.168.1.113 -oX ~/Desktop/nmap.xml
Nmap also consist of additional debugging information when you save the scan results in this format.
An XML file, when generated, will contain the following information:
- Host and port states
- Executed command
- Nmap Scripting Engine output
- Run statistics and debugging information
You can view the output in Gedit, It will look as shown below
We can also convert the Nmap scan which we saved in the xml format earlier to a portable html format using the given command:
xsltproc Desktop/nmap.xml –o nmap.html
Now open the nmap.html file in your favourite browser. Here is a screenshot depicting the converted html report. As you can see that it is very simply formatted and Easy to Read and Understand.
Script kiddie output
-oS <filespec> (ScRipT KIdd|3 oUTpuT)
Script kiddie output is like interactive output, except that it is post-processed to better suit the l33t HaXXorZ, this option was made to make fun of script kiddies.
nmap 192.168.1.113 -oS /root/Desktop/nmap
Now we can see that the file is saved on desktop which is as similar as normal scan output result.
Grepable Output Format
-oG <filespec> (grepable output)
The grepable format was included to help users extract information from logs without having to write a parser, as this format is meant to be read/parsed with standard UNIX tools. To save the scan results to a file in the grepable format, add the option -oG <filename>, as shown in the following command:
nmap 192.168.1.113 -oG /root/Desktop/nmap
In grepable mode, each host is placed on the same line with the format <field name>:
<value>,and each field is separated by tabs (\t). The number of fields depends on what
Nmap options were used for the scan.
There are eight possible output fields:
- Host: This field is always included, and it consists of the IP address and reverse DNS name if available
- Status: This field has three possible values—Up, Down, or Unknown
- Ports: In this field, port entries are separated by a comma and a space character, and each entry is divided into seven fields by forward slash characters (/)
- Protocols: This field is shown when an IP protocol (-sO) scan is used
- Ignored: This field shows the number of port states that were ignored
- OS: This field is only shown if OS detection (-O) was used
- Seq Index: This field is only shown if OS detection (-O) was used
- IP ID Seq: This field is only shown if OS detection (-O) was used
Saving Output in ALL Format
-oA <basename> (Output to all formats)
Nmap supports the alias option -oA <basename>, which saves the scan results in all of the available formats—normal, XML, and grepable. The different files will be generated with the extensions .nmap, .xml, and .gnmap
nmap 192.168.1.113 -oA /root/Desktop/nmap
Now we check the directory and find all the 3 types of file available to us.
Author: Sayantan Bera is a technical writer at hacking articles and cyber security enthusiast. Contact Here