info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Extract some ip:port from the nmap's log file.
36 views
Skip to first unread message
Hongyi Zhao
Mar 13, 2015, 7:12:01 AM3/13/15
to
Hi all,
Currently, I have a logfile which is generated by nmap, the content in
this file are something as the following:
_________ begin from here _______________
[snipped]
Nmap scan report for 183.91.86.107
Host is up (0.15s latency).
Not shown: 546 closed ports, 357 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
1080/tcp open socks
| socks-open-proxy:
| status: open
| versions:
|_ socks5
11054/tcp open unknown
18126/tcp open unknown
31917/tcp open unknown
Nmap scan report for 178.63.22.206
Host is up (0.49s latency).
Not shown: 472 closed ports, 408 filtered ports
PORT STATE SERVICE
21134/tcp open unknown
| socks-open-proxy:
| status: open
| versions:
| socks4
| socks5
| socks4
|_ socks5
52905/tcp open unknown
| socks-open-proxy:
| status: open
| versions:
| socks4
|_ socks5
52907/tcp open unknown
| socks-open-proxy:
| status: open
| versions:
| socks4
|_ socks5
[snipped]
_________ end at this point _____________
I want to extract all of the ip:port form of these socks5 proxies based
on the above log file. I.e., for the above logfile, I want to obtain the
following results:
183.91.86.107:1080
178.63.22.206:21134
178.63.22.206:52905
178.63.22.206:52907
Could someone please give me some hints for doing this job with awk?
Regards
--
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.
Currently, I have a logfile which is generated by nmap, the content in
this file are something as the following:
_________ begin from here _______________
[snipped]
Nmap scan report for 183.91.86.107
Host is up (0.15s latency).
Not shown: 546 closed ports, 357 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
1080/tcp open socks
| socks-open-proxy:
| status: open
| versions:
|_ socks5
11054/tcp open unknown
18126/tcp open unknown
31917/tcp open unknown
Nmap scan report for 178.63.22.206
Host is up (0.49s latency).
Not shown: 472 closed ports, 408 filtered ports
PORT STATE SERVICE
21134/tcp open unknown
| socks-open-proxy:
| status: open
| versions:
| socks4
| socks5
| socks4
|_ socks5
52905/tcp open unknown
| socks-open-proxy:
| status: open
| versions:
| socks4
|_ socks5
52907/tcp open unknown
| socks-open-proxy:
| status: open
| versions:
| socks4
|_ socks5
[snipped]
_________ end at this point _____________
I want to extract all of the ip:port form of these socks5 proxies based
on the above log file. I.e., for the above logfile, I want to obtain the
following results:
183.91.86.107:1080
178.63.22.206:21134
178.63.22.206:52905
178.63.22.206:52907
Could someone please give me some hints for doing this job with awk?
Regards
--
.: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :.
pop
Mar 13, 2015, 8:41:48 AM3/13/15
to
# save an ip address
/^Nmap scan report/{ipadr=$NF; next}
# save a port in case needed
/^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
# see if need this one...
/^.*socks-open-proxy:/{print ipadr":"port}
HTH
pop is Mark
Hongyi Zhao
Mar 13, 2015, 9:10:43 AM3/13/15
to
On Fri, 13 Mar 2015 07:41:44 -0500, pop wrote:
> # simple top down solution based on your data # save an ip address
> /^Nmap scan report/{ipadr=$NF; next}
> # save a port in case needed /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
> # see if need this one... /^.*socks-open-proxy:/{print ipadr":"port}
Running your above code on my data, but me encountered the following
> # simple top down solution based on your data # save an ip address
> /^Nmap scan report/{ipadr=$NF; next}
> # save a port in case needed /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
> # see if need this one... /^.*socks-open-proxy:/{print ipadr":"port}
errors:
------------
werner@debian:~$ ./extract-2.awk aaa
awk: ./extract-2.awk:7: /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
awk: ./extract-2.awk:7: ^ syntax error
awk: ./extract-2.awk:7: /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
awk: ./extract-2.awk:7: ^ unterminated regexp
awk: ./extract-2.awk:9: /^.*socks-open-proxy:/{print ipadr":"port}
awk: ./extract-2.awk:9: ^ syntax error
awk: ./extract-2.awk:9: /^.*socks-open-proxy:/{print ipadr":"port}
awk: ./extract-2.awk:9: ^ unterminated regexp
------------
Any hints?
Regards
>
> HTH pop is Mark
Hongyi Zhao
Mar 13, 2015, 9:24:49 AM3/13/15
to
On Fri, 13 Mar 2015 13:10:42 +0000, Hongyi Zhao wrote:
> ------------
> werner@debian:~$ ./extract-2.awk aaa awk: ./extract-2.awk:7:
> /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
> awk: ./extract-2.awk:7: ^ syntax error awk:
> ./extract-2.awk:7: /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
> awk: ./extract-2.awk:7: ^ unterminated
> regexp awk: ./extract-2.awk:9: /^.*socks-open-proxy:/{print
> ipadr":"port}
> awk: ./extract-2.awk:9: ^ syntax error awk:
> ./extract-2.awk:9: /^.*socks-open-proxy:/{print ipadr":"port}
> awk: ./extract-2.awk:9: ^ unterminated regexp
> ------------
>
> Any hints?
The reason for this error is the split function should be written as
> ------------
> werner@debian:~$ ./extract-2.awk aaa awk: ./extract-2.awk:7:
> /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
> awk: ./extract-2.awk:7: ^ syntax error awk:
> ./extract-2.awk:7: /^[0-9]+\/tcp/{ split($1,a,[/]); port=a[1]}
> awk: ./extract-2.awk:7: ^ unterminated
> regexp awk: ./extract-2.awk:9: /^.*socks-open-proxy:/{print
> ipadr":"port}
> awk: ./extract-2.awk:9: ^ syntax error awk:
> ./extract-2.awk:9: /^.*socks-open-proxy:/{print ipadr":"port}
> awk: ./extract-2.awk:9: ^ unterminated regexp
> ------------
>
> Any hints?
follows:
split($1,a,"[/]")
But, even so, use your above method, I'll obtained so many duplicated
results. See the following results for detail:
--------
178.63.22.206:53132
178.63.22.206:53132
178.63.22.206:53132
178.63.22.206:53144
178.63.22.206:53144
178.63.22.206:53144
178.63.22.206:53173
178.63.22.206:53173
----------
Regards
Hongyi Zhao
Mar 13, 2015, 9:36:02 AM3/13/15
to
On Fri, 13 Mar 2015 13:24:48 +0000, Hongyi Zhao wrote:
> But, even so, use your above method, I'll obtained so many duplicated
> results. See the following results for detail:
>
> --------
> 178.63.22.206:53132 178.63.22.206:53132 178.63.22.206:53132
> 178.63.22.206:53144 178.63.22.206:53144 178.63.22.206:53144
> 178.63.22.206:53173 178.63.22.206:53173 ----------
Thanks again, after a further reading on my data, I found the reason is
> But, even so, use your above method, I'll obtained so many duplicated
> results. See the following results for detail:
>
> --------
> 178.63.22.206:53132 178.63.22.206:53132 178.63.22.206:53132
> 178.63.22.206:53144 178.63.22.206:53144 178.63.22.206:53144
> 178.63.22.206:53173 178.63.22.206:53173 ----------
due to the data itself -- there are some malform/twisted form in it. So
it does nothing to do with your awk code. Thanks for your help.
Regars
0 new messages