Pentesters widely use Nmap, also known as Network Mapper, as one of the best open-source and handiest tools for security auditing and network scanning. It also offers an additional feature that allows users to record the results of a network scan in various formats.

Table of Contents

• Introduction- Scan Output Formats
• Nmap Scan Report in Normal Format
• Nmap Scan Report in XML Format
• Nmap scan Report in a Grepable Format
• Nmap Scan Report in Alias Format

Introduction- Scan Output Formats

Pentesters sometimes notice that it becomes troublesome to come up with reports in an explicit format where conducting network scans in giant organizations is extremely tedious. Many organizations make a huge mistake by not using the right set of tools to prepare the report for the output that is derived from the scans.

The Nmap tool has the capability to prepare scan results in various formats. It gives the pentester multiple options like generating an HTML page, CSV formats, scripting language etc. So let us explore all the scan output options provided by nmap and look at how useful it can be to any organization depending on their need.

Nmap Scan Report in Normal Format

-oN <filespec>

In this format of the scan output, the system requests that a normal output directs to a particular filename. The pen tester can use this option to combine with any port or host scanning technique as per their needs. The article demonstrates various combinations of the output scans ahead.

Creating a Normal Nmap report in a simple text format:

nmap -oN scan.txt 192.168.1.108

If a pentester wants to create the scan reports in Normal as well as XML form in a combination.:

nmap -oN scan.txt -oX scan.xml 192.168.1.108

Here you see that the port numbers, the state of the ports and the type of the packet that determined the state of the port or the host.

Verbosity mode

To increase the level of verbosity for printing more information about the scan . In this scan details like open ports, estimated time of completion, etc are highlighted.

You can use this mode twice or more for better verbosity: -vv, or you can give a verbosity level directly, like -vv, v2, v3.

nmap -vv -oN  scan.txt 192.168.1.108

Debugging mode

Users generally use debugging mode when verbose mode doesn’t provide enough details about the scan, so it digs deeper into the scanning process. You can increase the level of debug by specifying its number. Here you get details like the flags present in the packets, the time-to-live, etc.

nmap -d2 -oN  scan.txt 192.168.1.108

Another such command:

nmap -dd -oN  scan.txt 192.168.1.108

Nmap Scan Report in XML Format

-oX <filespec> 

It represents Extensible Markup Language, a tree-structured file format that Nmap supports.

You can export the results from the Nmap scan into an XML file and further use it for analysis or another additional task.

When you generate an XML report, it includes information such as the executed command, Host and port states, Nmap Scripting Engine output Services, Timestamps, Run statistics, and debugging information.

nmap -oX scan.xml 192.168.1.108

Sometimes, Pentesters prefer getting an html stylesheet as their report as it gives much-organised scan results:

nmap -oX scan.xml --stylesheet=nmap.xsl 192.168.1.108
xsltproc scan.xml -o scan.html
firefox scan.html

Appending the output

Nmap by default overwrites logfiles by using any output options. We can use the append option to  append the results instead of overwriting them:

nmap --append-output -sV -oN scan.txt 192.168.1.108

Nmap Scan Report in a grepable format

-oG <filespec>

Nmap has different file formats to save the results of a scan. Depending on the needs of the pentester, they can choose from different formats like the normal, grepable, and XML format. Specifically, the developers included the grepable format to help the pentester extract information from logs without needing to write a parser, as standard Unix tools can read/parse this format. Consequently, it helps in finishing up the scan really quickly.

nmap -oG scan.grep 192.168.1.108
cat scan.grep

Nmap Scan Report in Alias format

-oA <filespec>

Nmap scan has the alias option which saves the scan results in all the formats. The files will be generated with the extensions .nmap, .xml, and .grep.

nmap -sV -oA scanme --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl 192.168.1.108

nmap -oA scan 192.168.1.108

To learn more about Nmap. Follow this Link.

Author: Jeenali Kothari is a Digital Forensics enthusiast and enjoys technical content writing. You can reach her on Here