如何使用grepping文件来提取IP地址以放入另一个文件?
此命令在bash中有效,但我正在尝试将其移植到ruby:
grep "\b22/open" "/results/nmap_tcp_service_scan.gnmap" | awk '{print $2}' > /results/service_ssh
包含我正在抓取并放入service_ssh的内容的文件如下所示:
Host: 10.10.10.1 (DD-WRT) Ports: 22/open/tcp//ssh//Dropbear sshd 0.52 (protocol 2.0)/, 53/open/tcp//domain//dnsmasq 2.45/, 80/open/tcp//http//DD-WRT milli_httpd/, 443/open/tcp//ssl|https?/// Ignored State: closed (996) OS: DD-WRT v24-sp2 (Linux 2.6.24) Seq Index: 204 IP ID Seq: All zeros
Host: 10.10.10.135 (Harmony) Ports: 5222/open/tcp//xmpp-client//Openfire/, 8088/open/tcp//radan-http?///, 8222/open/tcp//unknown/// Ignored State: closed (997) OS: Linux 2.6.17 - 2.6.36 Seq Index: 203 IP ID Seq: All zeros
Host: 10.10.10.144 (time-capsule) Ports: 139/open/tcp//netbios-ssn?///, 445/open/tcp//microsoft-ds///, 548/open/tcp//afp//Apple Time Capsule AFP (name: justins-time-capsule; protocol 3.3)/, 5009/open/tcp//airport-admin//Apple AirPort or Time Capsule admin/, 10000/open/tcp//snet-sensor-mgmt?/// Ignored State: closed (995) OS: Apple AirPort Extreme WAP or Time Capsule NAS device (NetBSD 4.99), or QNX 6.5.0 Seq Index: 210 IP ID Seq: Incremental
在ruby中执行此操作会找到正确的行并创建一个数组:
open('nmap_tcp_service_scan.gnmap').grep(/\b22\/open/)
结果:
=> ["Host: 10.10.10.1 (DD-WRT)\tPorts: 22/open/tcp//ssh//Dropbear sshd 0.52 (protocol 2.0)/, 53/open/tcp//domain//dnsmasq 2.45/, 80/open/tcp//http//DD-WRT milli_httpd/, 443/open/tcp//ssl|https?///\tIgnored State: closed (996)\tOS: DD-WRT v24-sp2 (Linux 2.6.24)\tSeq Index: 204\tIP ID Seq: All zeros\n", "Host: 10.10.10.111 (changeme)\tPorts: 22/open/tcp//ssh//OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)/, 10000/open/tcp//http//MiniServ 1.760 (Webmin httpd)/\tIgnored State: closed (998)\tOS: Linux 3.2 - 4.0\tSeq Index: 261\tIP ID Seq: All zeros\n"]
但是,现在我需要提取IP地址并将其放入最终看起来像的文件中:
10.10.10.1
10.10.10.2
10.10.10.3
...etc
答案 0 :(得分:2)
从结果数组(比如说r):
=> ["Host: 10.10.10.1 (DD-WRT)\tPorts: 22/open/tcp//ssh//Dropbear sshd 0.52 (protocol 2.0)/, 53/open/tcp//domain//dnsmasq 2.45/, 80/open/tcp//http//DD-WRT milli_httpd/, 443/open/tcp//ssl|https?///\tIgnored State: closed (996)\tOS: DD-WRT v24-sp2 (Linux 2.6.24)\tSeq Index: 204\tIP ID Seq: All zeros\n", "Host: 10.10.10.111 (changeme)\tPorts: 22/open/tcp//ssh//OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)/, 10000/open/tcp//http//MiniServ 1.760 (Webmin httpd)/\tIgnored State: closed (998)\tOS: Linux 3.2 - 4.0\tSeq Index: 261\tIP ID Seq: All zeros\n"]
使用正则表达式从此数组中的每个字符串中提取ip地址。做类似的事情:
arr_of_ip = []
r = ["Host: 10.10.10.1 (DD-WRT)\tPorts: 22/open/tcp//ssh//Dropbear sshd 0.52 (protocol 2.0)/, 53/open/tcp//domain//dnsmasq 2.45/, 80/open/tcp//http//DD-WRT milli_httpd/, 443/open/tcp//ssl|https?///\tIgnored State: closed (996)\tOS: DD-WRT v24-sp2 (Linux 2.6.24)\tSeq Index: 204\tIP ID Seq: All zeros\n", "Host: 10.10.10.111 (changeme)\tPorts: 22/open/tcp//ssh//OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)/, 10000/open/tcp//http//MiniServ 1.760 (Webmin httpd)/\tIgnored State: closed (998)\tOS: Linux 3.2 - 4.0\tSeq Index: 261\tIP ID Seq: All zeros\n"]
pattern = "Host:\s([^\s]+)"
re = Regexp.new(pattern)
r.each do |s|
arr_of_ip << s.scan(re)
end
arr_of_ip.flatten!
产生输出:
["10.10.10.1", "10.10.10.111"]