Python – Parse through an XML file generated by Nmap.

The script below uses two different modules. The ElementTree and the NmapParser. The former module is used to manipulate XML files. The latter module is used specifically to manipulate XML files generated by the Nmap port scanner. In both cases both modules will need to read the actual XML file. This script is better suited for an environment that has Linux and Windows servers.

The Nmap command used to generate the capture is

1
nmap -T4 -A -v 10.0.0.29 -oX file.xml

Sample of output

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
HostName:                desktop.sfentona.lol
Operating System Guess:  Linux 3.7 - 3.9 - Accuracy Detection 98
-----------------------------------------------------------------------------
Port: 22    State: open  Protocol: tcp Product: None            Version: None       ExtrInfo: protocol 2.0
Port: 80    State: open  Protocol: tcp Product: nginx           Version: 1.4.6      ExtrInfo: Ubuntu    
Port: 139   State: open  Protocol: tcp Product: Samba smbd      Version: 3.X        ExtrInfo: workgroup: DESKTOP
Port: 445   State: open  Protocol: tcp Product: Samba smbd      Version: 3.X        ExtrInfo: workgroup: DESKTOP



HostName:                    ad1.sfentona.lol
Operating System Guess:  Microsoft Windows 7 or Windows Server 2012 - Accuracy Detection 100
-----------------------------------------------------------------------------
Port: 53    State: open  Protocol: tcp Product: Microsoft DNS                       Version: None                 ExtrInfo: None      
Port: 88    State: open  Protocol: tcp Product: Windows 2003 Kerberos               Version: None                 ExtrInfo: server time: 2014-12-28 03:22:28Z
Port: 135   State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 139   State: open  Protocol: tcp Product: None                                Version: None                 ExtrInfo: None      
Port: 389   State: open  Protocol: tcp Product: None                                Version: None                 ExtrInfo: None      
Port: 445   State: open  Protocol: tcp Product: None                                Version: None                 ExtrInfo: None      
Port: 464   State: open  Protocol: tcp Product: None                                Version: None                 ExtrInfo: None      
Port: 593   State: open  Protocol: tcp Product: Microsoft Windows RPC over HTTP     Version: 1.0                  ExtrInfo: None      
Port: 636   State: open  Protocol: tcp Product: None                                Version: None                 ExtrInfo: None      
Port: 3268  State: open  Protocol: tcp Product: None                                Version: None                 ExtrInfo: None      
Port: 3269  State: open  Protocol: tcp Product: None                                Version: None                 ExtrInfo: None      
Port: 3389  State: open  Protocol: tcp Product: Microsoft Terminal Service          Version: None                 ExtrInfo: None      
Port: 49152 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 49153 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 49154 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 49155 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 49156 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 49158 State: open  Protocol: tcp Product: Microsoft Windows RPC over HTTP     Version: 1.0                  ExtrInfo: None      
Port: 49159 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 49167 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None      
Port: 49175 State: open  Protocol: tcp Product: Microsoft Windows RPC               Version: None                 ExtrInfo: None

 

#!/usr/bin/python
from xml.etree import ElementTree
from libnmap.parser import NmapParser
import re


#with open ('Linux_int.xml', 'rt') as file: #ElementTree module is opening the XML file
with open ('Linux_int.xml', 'rt') as file: #ElementTree module is opening the XML file
    tree = ElementTree.parse(file)

'''
#Additional information which can be printed if this section is activated
for node_1 in tree.iter('hostname'):
    host_name =   node_1.attrib.get('name')
    dns_type = node_1.attrib.get('type')
    print "Hostname: ",host_name, "Type:", dns_type

for node_2 in tree.iter('address'):
    ip_add =   node_2.attrib.get('addr')
    mac_type = node_2.attrib.get('vendor')
    print "IP Info: ",ip_add, mac_type

for node_3 in tree.iter('port'):
    port =  node_3.attrib.get('portid')
    proto =  node_3.attrib.get('protocol')
    print "Port", port, proto
'''

rep = NmapParser.parse_fromfile('Linux_int.xml') #NmapParse module is opening the XML file
#For loop used by NmapParser to print the hostname and the IP
for _host in rep.hosts:
    host = ', '.join(_host.hostnames)
    ip = (_host.address)
    print "----------------------------------------------------------------------------- "
    print "HostName: "'{0: >35}'.format(host,"--", ip)


#Lists in order to store Additional information, Product and version next to the port information.
list_product=[]
list_version=[]
list_extrainf=[]
for node_4 in tree.iter('service'): #ElementTree manipulation. Service Element which included the sub-elements product, version, extrainfo
    product = node_4.attrib.get('product')
    version = node_4.attrib.get('version')
    extrainf = node_4.attrib.get('extrainfo')
    list_product.append(product)
    list_version.append(version)
    list_extrainf.append(extrainf)

for osmatch in _host.os.osmatches: #NmapParser manipulation to detect OS and accuracy of detection.
    os = osmatch.name
    accuracy = osmatch.accuracy
    print "Operating System Guess: ", os, "- Accuracy Detection", accuracy
    break
print "----------------------------------------------------------------------------- "

if 'Microsoft' in os:
    counter = 0
    for services in _host.services: #NmapParser manipulation to list services, their ports and their state. The list elements defined above are printed next to each line.
        #print "Port: "'{0: <5}'.format(services.port), "Product: "'{0: <15}'.format(list_product[counter],list_version[counter],list_extrainf[counter]), "State: "'{0: <5}'.format(services.state), "Protocol: "'{0: <5}'.format(services.protocol)
        print "Port: "'{0: <5}'.format(services.port), "State: "'{0: <5}'.format(services.state), "Protocol: "'{0: <2}'.format(services.protocol),"Product: "'{0: <35}'.format(list_product[counter]),"Version: "'{0: <20}'.format(list_version[counter]),"ExtrInfo: "'{0: <10}'.format(list_extrainf[counter])
        #,,,
        counter = counter + 1

if 'Linux' in os:
    counter = 0
    for services in _host.services: #NmapParser manipulation to list services, their ports and their state. The list elements defined above are printed next to each line.
        #print "Port: "'{0: <5}'.format(services.port), "Product: "'{0: <15}'.format(list_product[counter],list_version[counter],list_extrainf[counter]), "State: "'{0: <5}'.format(services.state), "Protocol: "'{0: <5}'.format(services.protocol)
        print "Port: "'{0: <5}'.format(services.port), "State: "'{0: <5}'.format(services.state), "Protocol: "'{0: <2}'.format(services.protocol),"Product: "'{0: <15}'.format(list_product[counter]),"Version: "'{0: <10}'.format(list_version[counter]),"ExtrInfo: "'{0: <10}'.format(list_extrainf[counter])
        #,,,
        counter = counter + 1



Share Button

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload the CAPTCHA.