From: Kim.Sassaman@cox.com
Date: Tue Jun 15 2004 - 12:53:52 EDT
Here is the source code of the 2 files that generated that report.
# more db.php
<?php
/******************************************************************************
* Provide valid DB Result Object
* DB Connectivity
/******************************************************************************/
require_once('DB.php');
$dbUserName = 'xxx'; //mySQL username -u
$dbPassword = 'xxx'; //mySQL password -p
$dbHost = 'localhost'; //host default = 'localhost'
$dbName = 'nmapout'; //name of database
$db = DB::connect( "mysql://$dbUserName:$dbPassword@$dbHost/$dbName" );
if (DB::isError($db)) { die ($db->getMessage());}
//ini_set("session.bug_compat_42", 0);
?>
# more index.php
<?php
require_once 'db.php'; # db connection library
// edit the date_format string format parameters to your liking:
// http://dev.mysql.com/doc/mysql/en/Date_and_time_functions.html
$sql = "SELECT Address, Portid, Service, PortState, HostState, DATE_FORMAT(Updated, '%W %M %Y %H:%i:%s') AS Updated FROM test";
$items = $db->getAll($sql, DB_FETCHMODE_ASSOC);
$bgcolor = "#C0C0C0";
?>
<table width="100%" border="0" cellspacing="0" style="border: 1px solid #000000">
<tr bgcolor="#CCCCCC">
<td bgcolor="#CCCCCC"><strong>Address</strong></td>
<td><strong>PortID</strong></td>
<td bgcolor="#CCCCCC"><strong>Service</strong></td>
<td bgcolor="#CCCCCC"><strong>Port State </strong></td>
<td bgcolor="#CCCCCC"><strong>Host State </strong></td>
<td bgcolor="#CCCCCC"><strong>Updated</strong></td>
</tr>
<?php foreach($items as $row): ?>
<?php $bgcolor = ($bgcolor == "") ? "#F2F2F2" : "" ?>
<tr bgcolor="<?= $bgcolor ?>">
<td><?= $row['Address'] ?></td>
<td><?= $row['Portid'] ?></td>
<td><?= $row['Service'] ?></td>
<td><?= $row['PortState'] ?></td>
<td><?= $row['HostState'] ?></td>
<td><?= $row['Updated'] ?></td>
</tr>
<?php endforeach; ?>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>
#
Kim Sassaman
CISSP - CCNP
"Research is what I'm doing when I don't know what I'm doing." - Wernher Von Braun (1912-1977)
-----Original Message-----
From: Sassaman, Kim (CCI-Phoenix)
Sent: Tuesday, June 15, 2004 9:49 AM
To: 'Bill Z.'; Jerry Shenk
Cc: pen-test@securityfocus.com
Subject: RE: Nmap results in spreadsheet format
http://www.securimind.com/temp/
Worked up a little something to display the output in a web format. The scan is dumped to XML then converted to CSV and imported into MySql then coughed back out into a web format. Going to create a little app where you can enter your devices and have them setup to scan at whatever time intervals you want.. daily, weekly, etc... and a reporting function to see what services were running on what devices. Also contemplating implementing alerting for certain ports like 111 :)
Kim Sassaman
CISSP - CCNP
"Research is what I'm doing when I don't know what I'm doing." - Wernher Von Braun (1912-1977)
-----Original Message-----
From: Bill Z. [mailto:bgk@hotunix.com]
Sent: Monday, June 14, 2004 11:22 AM
To: Jerry Shenk
Cc: pen-test@securityfocus.com
Subject: Re: Nmap results in spreadsheet format
This is a simple task - here's my quick and dirty way of converting the
plain-text nmap output (e.g., nmap-out) into an Excel file with html tags:
echo "<table>" ; grep "^[0-9*]" nmap-out | awk '{print "<tr><td>" $1 \
"<td>" $2 "<td>" $3}'; echo "</table>" > nmap-out.xls
Enjoy :)
-- What do you call a failed pentest? - VA. http://hotunix.com/tools/ On Fri, 11 Jun 2004, Jerry Shenk wrote: > I once saw a mention of a utility (probably a perl script) that would > take the information from an nmap scan and kick it out in a spreadsheet > format. I am working with a guy right now that really needs to take > inventory of what machines exist on the network and what ports are open > on them. There are over 100 web servers, numerous servers with terminal > server, vnc and dameware, snmp on way too many and the list goes on. > Instead of having raw nmap output to wade through, it would be nice to > scan down a column and say, "Which of these web servers do you really > need? Shut the rest down." > > If somebody can point me to a link for that, I'd appreciate it. > >
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:56 EDT