从nmap中提取特定模式

时间:2014-06-15 07:40:09

标签: bash awk sed grep cut

想象一下,我有这样的nmap结果:

# Nmap 6.40 scan initiated Sat Jun 14 10:14:35 2014 as: nmap ...
Nmap scan report for x.x.x.x.
Host is up (0.21s latency).
PORT   STATE SERVICE
23/tcp open  telnet
| telnet-brute: 
|_  No accounts found

Nmap scan report for y.y.y.y
Host is up (0.24s latency).
PORT   STATE SERVICE
23/tcp open  telnet

Nmap scan report for z.z.z.z
Host is up (0.22s latency).
PORT   STATE SERVICE
23/tcp open  telnet
|_telnet-brute: var1 - <blank>

Nmap scan report for w.w.w.w
Host is up (0.36s latency).
PORT   STATE SERVICE
23/tcp open  telnet
|_telnet-brute: var2 - var3

Nmap scan report for h.h.h.h
Host is up (0.22s latency).
PORT   STATE SERVICE
23/tcp open  telnet
| telnet-brute: 
|_  No accounts found

Nmap scan report for f.f.f.f
Host is up (0.22s latency).
PORT   STATE SERVICE
23/tcp open  telnet
|_telnet-brute: var4 - <blank>

Nmap scan report for b.b.b.b
Host is up (0.23s latency).
PORT   STATE SERVICE
23/tcp open  telnet
| telnet-brute: 
|_  No accounts found


    .
    .
    .

Nmap scan report for a.a.a.a
Host is up (0.22s latency).
PORT   STATE SERVICE
23/tcp open  telnet

# Nmap done at Sun Jun 15 10:20:45 2014 -- 262144 IP addresses (91295 hosts up) scanned in 86769.85 seconds

我怎样才能得到如下结果:

z.z.z.z  var1  
w.w.w.w  var2  var3
f.f.f.f  var4

如果没有显示,我想要。 (最好使用sed

更新

我尝试的是:

sed -nr '/^Nmap.* /{s///;h};/|_telnet-brute/{n;H;g;s/\n\|\s*/ /;/:/p}' file

谢谢

3 个答案:

答案 0 :(得分:2)

grep选项的Perl-regex之一,

$ grep -oP "\w\.\w\.\w\.\w|(?<=brute:).*" file | paste - -
x.x.x.x  var1 - <blank>
y.y.y.y  var2 - var3
z.z.z.z

<强>更新 

$ awk -v RS="" '{print $5,$18,$20}' file | awk '$2~/var/ {print}'
z.z.z.z var1 <blank>
w.w.w.w var2 var3
f.f.f.f var4 <blank>

如果您想再删除<blank> dtring,请运行

$ awk -v RS="" '{print $5,$18,$20}' file | awk '$2~/var/ {gsub (/<blank>/,""); print}'
z.z.z.z var1 
w.w.w.w var2 var3
f.f.f.f var4

OR

您可以在单个awk命令中执行此操作,

$ awk -v RS="" '$18~/var/ {gsub (/<blank>/,""); print $5,$18,$20}' file
z.z.z.z var1 
w.w.w.w var2 var3
f.f.f.f var4

答案 1 :(得分:1)

您的数据不一致(您有|_telnet| telnet),但这可能会给您一些:

nmap ..... | awk -v RS="" '{print $5,$18,$20}'

但正如其他人所说,在进行更多处理之前调整输出。

答案 2 :(得分:1)

我会在Perl中这样做:

$ perl -lne '/for (.+)/; $i=$1; (@f = /var./g) && print "$i @f"' file 
z.z.z.z var1
w.w.w.w var2 var3
f.f.f.f var4

解释

  • perl -lne-ne表示&#34;逐行读取输入文件&#34; (-n)&#34;并应用以-e&#34;给出的脚本。 -l为每个print调用添加换行符(并删除尾随换行符)。
  • /for (.+)/; $i=$1;:匹配单词for后跟空格并捕捉(括号所做的)所有内容到行尾。捕获的模式($1)保存为$i
  • @f = /var./g:保存var的所有匹配项以及数组@f中的另一个字符。如果var后面有> 1个字符,请将其更改为@f = /var\w*/g
  • && print "$i @f":如果上一场比赛成功,请打印$i(IP)和@f的内容。
相关问题
最新问题