Warm tip: This article is reproduced from serverfault.com, please click
awk bash nmap

awk if not matched print "unknown", multiple matches

发布于 2020-11-29 20:08:10

I am getting an nmap result and I am trying to process various (host up or down) results using awk.

I am passing an ip address and I am trying to get the following: status (up or down), host name, OS.
GOAL: I need to have an access to every field to be able to update the database with its value. Also I am trying to accomplish that in as simple as possible way, maybe there is any way to save field in a variable so then I can use it, check if it's empty etc.?

More into details:

  1. if Host is down host_name="unknown", and OS="unknown"
  2. if Host up grab the host_name and check OS -> two possibilities here, either /Running:/ or /OS guesses/ both of them will give us the OS, but we will have either one or another.

Expected output of host that is up:

                     $ip              $status     $host_name    $os
when host up:        134.99.120.2     host_up     HostName      Linux
when host down:      134.99.120.2     host_down   unknown       unknown

I came up with this one liner here:
sudo nmap -O -R -p 22 -oN -T4 134.99.120.2 | awk '/down/{print$5}/Nmap scan report/{print$5}/Running:/{print$2}/OS guess/{print$4}'
But that does not provide any control over the output.

Raw Outputs from nmap:
When Host up:

 
> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 14:58 EST
> Nmap scan report for HostName (134.99.120.2) Host is up (0.00067s
> latency). PORT   STATE SERVICE 22/tcp open  ssh Warning: OSScan
> results may be unreliable because we could not find at least 1 open
> and 1 closed port Device type: general purpose Running: Linux OS CPE:
> xx:/o:xxx:xxxxxos:9.10 OS details: Linux Network Distance: 7 hops OS
> detection performed. Please report any incorrect results at
> http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned
> in 2.58 seconds

When host down:

> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 15:00 EST
> Note: Host seems down. If it is really up, but blocking our ping
> probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.64
> seconds
Questioner
dwt.bar
Viewed
0
分享
markp-fuso 2020-11-30 06:46:50

NOTE Looks like Raman was a bit faster on the 'Post Your Answer' button ...

Assumptions:

  • nmap output will always be like one of the two examples provided by OP
  • nmap output will always have the Hostname and OS name in the same fields (ie, don't have to worry about nmap wrapping lines at different words due to variable lengths of data)
  • while the OP shows OS guess in their sample awk, the sample nmap data shows OS details (answer - below - is based on OS details; OP can modify per what their nmap call actually returns)
  • nmap data does in fact include a > in the first column of every line of output (as displayed in OPs sample inputs); this means OPs awk field references may need to shift +/- accordingly (OP can adjust answer - below - based on whether or not a line starts with >)

Sample inputs (in lieu of running nmap on my host):

$ cat nmap.up.dat
> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 14:58 EST
> Nmap scan report for HostName (134.99.120.2) Host is up (0.00067s
> latency). PORT   STATE SERVICE 22/tcp open  ssh Warning: OSScan
> results may be unreliable because we could not find at least 1 open
> and 1 closed port Device type: general purpose Running: Linux OS CPE:
> xx:/o:xxx:xxxxxos:9.10 OS details: Linux Network Distance: 7 hops OS
> detection performed. Please report any incorrect results at
> http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned
> in 2.58 seconds

$ cat nmap.down.dat
> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 15:00 EST
> Note: Host seems down. If it is really up, but blocking our ping
> probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.64
> seconds

One awk solution, though I'm assuming OP won't actually have 2 sets of nmap output for a single ip address (???) ...

ipaddr='134.99.120.2'

awk -v ip="${ipaddr}" '                                # pass ip addr in as awk variable "ip"
FNR==1            { hstat="host_up"                    # reset defaults for status ...
                    hname=hos="unknown"                # hostname and host OS
                  }
/down/            { hstat="host_down" ; next }         # reset status
/scan report for/ { hname=$6          ; next }         # reset hostname
/OS details/      { hos=$5            ; next }         # reset host OS

ENDFILE           { fmt="%-18s%-12s%-15s%s\n"          # re-usable format
                    if ( NR==FNR )                     # for first file print a header:
                       { printf fmt, "$ip", "$status", "$host_name", "$os" }

                    printf fmt, ip, hstat, hname, hos  # otherwise print results
                  }
' nmap.up.dat nmap.down.dat

NOTE: ENDFILE requires GNU awk (per Ed Morton's comment)

The above generates:

$ip               $status     $host_name     $os
134.99.120.2      host_up     HostName       Linux
134.99.120.2      host_down   unknown        unknown
dwt.bar 2020-11-29 21:57:33

"One awk solution, though I'm assuming OP won't actually have 2 sets of nmap output for a single ip address (???) ..." - that's correct. This is an awesome solution!

Ed Morton 2020-11-29 22:27:01

You should mention that requires GNU awk for ENDFILE.

热门帖子

1
求推荐硬路由(1000 内)
2
学英语的朋友们可以来看看 https://langplayground.top/
3
华中科大的计算机技术的在职硕士,职场认可度如何?
4
十兆宽带 100 块钱一个月我是活在 80 年代吗?
5
关于高质量 屏幕共享的问题
6
我是真的受不了打小报告的三八了!
7
怎么管理自己的文件体系
8
[开发者自荐] AirBattery: 在 Mac 端获取所有设备的电量并显示在 Dock 或状态栏上
9
南京移动 IPV6 被停
10
WireGuard 跨国组网失败后,一个新工具的诞生

热门github

1
Implementation of paper - YOLOv9: Learning What You Want to Learn Using Programmable Gradient Information
2
A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
3
Get up and running with Llama 2, Mistral, Gemma, and other large language models.
4
该项目可以让你通过订阅的方式使用Cloudflare WARP+,自动获取流量。This project enables you to use Cloudflare WARP+ through subscription, automatically acquiring traffic.
5
Multi functional app to find duplicates, empty folders, similar images etc.
6
Xray panel supporting multi-protocol multi-user expire day & traffic & ip limit (Vmess & Vless & Trojan & ShadowSocks & Wireguard)
7
The Free Software Media System
8
lightweight, standalone C++ inference engine for Google's Gemma models.
9
📚 Freely available programming books
10
A collective list of free APIs
11
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
12
🎓 Path to a free self-taught education in Computer Science!
13
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
14
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
15
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.