Generating Scan Reports Using Nmap (Output Scan)

Hello friends, several times you might have used NMAP to performing Network scanning for enumerating active Port services of target machine but there are sometimes where we want to save the nmap scan. Nmap output scan is used to save the result of nmap scan in different formats.

Let’s Begin


Attacker: Kali Linux

Target’s IP:

Normal Output Format

-oN <filespec> (normal output)

Nmap supports different formats for saving scan results. Depending on your needs, you can choose between a normal, XML, and grepable output. Normal mode saves the output as you see it on your screen, minus the runtime debugging information. This mode presents the findings in a well structured and easy-to-understand manner.

Now the scan is saved on desktop and we can access it using cat or text editor.

cat Desktop/nmap

XML Output Format

-oX <filespec> (XML output)

XML stands for Extensible Markup Language is a usually known, tree-structured file format supported by Nmap.To save the scan results to a file in the XML format; add the option -oX <filename>, as shown in the following command:

Nmap also consist of additional debugging information when you save the scan results in this format.

An XML file, when generated, will contain the following information:

  • Host and port states
  • Services
  • Timestamps
  • Executed command
  • Nmap Scripting Engine output
  • Run statistics and debugging information

You can view the output in Gedit, It will look as shown below

We can also convert the Nmap scan which we saved in the xml format earlier to a portable html format using the given command:

xsltproc Desktop/nmap.xml –o nmap.html

Now open the nmap.html file in your favourite browser. Here is a screenshot depicting the converted html report. As you can see that it is very simply formatted and Easy to Read and Understand.

Script kiddie output

 -oS <filespec> (ScRipT KIdd|3 oUTpuT)

Script kiddie output is like interactive output, except that it is post-processed to better suit the l33t HaXXorZ, this option was made to make fun of script kiddies.

Now we can see that the file is saved on desktop which is as similar as normal scan output result.

cat Desktop/nmap

Grepable Output Format

 -oG <filespec> (grepable output)

 The grepable format was included to help users extract information from logs without having to write a parser, as this format is meant to be read/parsed with standard UNIX tools. To save the scan results to a file in the grepable format, add the option -oG <filename>, as shown in the following command:

In grepable mode, each host is placed on the same line with the format <field name>:

<value>,and each field is separated by tabs (\t). The number of fields depends on what

Nmap options were used for the scan.

There are eight possible output fields:

  • Host: This field is always included, and it consists of the IP address and reverse DNS name if available
  • Status: This field has three possible values—Up, Down, or Unknown
  • Ports: In this field, port entries are separated by a comma and a space character, and each entry is divided into seven fields by forward slash characters (/)
  • Protocols: This field is shown when an IP protocol (-sO) scan is used
  • Ignored: This field shows the number of port states that were ignored
  • OS: This field is only shown if OS detection (-O) was used
  • Seq Index: This field is only shown if OS detection (-O) was used
  • IP ID Seq: This field is only shown if OS detection (-O) was used

cat Desktop/nmap

Saving Output in ALL Format

 -oA <basename> (Output to all formats)

Nmap supports the alias option -oA <basename>, which saves the scan results in all of the available formats—normal, XML, and grepable. The different files will be generated with the extensions .nmap, .xml, and .gnmap

Now we check the directory and find all the 3 types of file available to us.

Author: Sayantan Bera is a technical writer at hacking articles and cyber security enthusiast. Contact Here

1 Comment Generating Scan Reports Using Nmap (Output Scan)

  1. Samuel

    can u write a artice like how to exploit web vulnerable pls, because i cant find any about how to exploit web vulnerable in website , like http-cross-domain-policy , ssl-ccs-injection , iis-shortname or more 🙁 sorry for my bad english


Leave a Reply

Your email address will not be published. Required fields are marked *