我有一个看起来像这样的文本文件
Nmap scan report for 192.168.2.1
Host is up (0.023s latency).
PORT STATE SERVICE
5001/tcp closed commplex-link
MAC Address: EC:1A:59:A2:84:80 (Belkin International)
Nmap scan report for 192.168.2.2
Host is up (0.053s latency).
PORT STATE SERVICE
5001/tcp closed commplex-link
MAC Address: 94:35:0A:F0:47:C2 (Samsung Electronics Co.)
Nmap scan report for 192.168.2.3
Host is up (0.18s latency).
PORT STATE SERVICE
5001/tcp filtered commplex-link
MAC Address: 00:13:CE:C0:E5:F3 (Intel Corporate)
Nmap scan report for 192.168.2.6
Host is up (0.062s latency).
PORT STATE SERVICE
5001/tcp closed commplex-link
MAC Address: 90:21:55:7D:53:4F (HTC)
我想找到端口5001已关闭(未过滤)的所有IP。我尝试使用以下逻辑来查找所有此类IP
fp = open('nmap_op.txt').read()
ip = re.compile('([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(.*)closed',re.S)
matched = ip.findall(fp)
for item in matched:
print item
我期待输出
192.168.2.1
192.168.2.2
192.168.2.6
但我没有得到理想的输出。输出只是一个项目,如下所示:
(' 192.168.2.1',' \ n主机已启动(延迟0.023秒)。\ nPORT STATE SERVICE \ n5001 / tcp已关闭commplex-link \ nMAC地址:EC:1A: 59:A2:84:80(Belkin International)\ n \ nN地图扫描报告为192.168.2.2 \ n主机已启动(延迟时间为0.053秒)。\ nPORT STATE SERVICE \ n5001 / tcp已关闭commplex-link \ nMAC地址:94:35 :0A:F0:47:C2(三星电子公司)\ n \ nN地图扫描报告为192.168.2.3 \ n主机已启动(延迟0.18秒)。\ nPORT STATE SERVICE \ n5001 / tcp filtered commplex-link \ nMAC地址: 00:13:CE:C0:E5:F3(英特尔公司)\ n \ nN地图扫描报告为192.168.2.6 \ n主机已启动(延迟时间为0.062秒)。\ nPORT STATE SERVICE \ n5001 / tcp)
我哪里错了?
解决方案: 以下逻辑对我有用。如果有人有更好的答案,请告诉我。
fp = open('nmap_op.txt').read()
entries = re.split('\n\n',fp)
ip = re.compile('([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*?closed',re.S)
matched = []
for item in entries:
if ip.search(item):
matched.append(ip.search(item).group(1))
答案 0 :(得分:5)
你在这里不需要re.S
。 s
修饰符更改点元字符(.
)的含义来自" 匹配所有除了换行符&#34 ; to" 匹配所有包括换行符"。你不需要这个。
也不需要第二个捕获组。你可以删除它只返回IP:
>>> matched = re.findall('([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*closed', fp)
>>> matched
['192.168.2.1', '192.168.2.2', '192.168.2.6']
答案 1 :(得分:1)
由于行格式似乎总是相同(ip从偏移21开始到下一个空格结束),你可以用另一种方式尝试这种方式而不用正则表达式:
for block in data.split("\n\n"):
if block.find('5001/tcp closed')>0:
print block[21:block.find('\n', 27)]
答案 2 :(得分:0)
你可以这样做:
>>> re.findall(r'^Nmap.*?(\d+\.\d+\.\d+\.\d+).*?5001\/tcp closed', fp, re.M)
# ['192.168.2.1', '192.168.2.2', '192.168.2.6']
答案 3 :(得分:0)
解决方案:以下逻辑对我有用。
fp = open('nmap_op.txt').read()
entries = re.split('\n\n',fp)
ip = re.compile('([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*?closed',re.S)
matched = []
for item in entries:
if ip.search(item):
matched.append(ip.search(item).group(1))