如何从Nmap输出扫描中省略某些行?

2024-04-26 22:14:06 发布

您现在位置:Python中文网/ 问答频道 /正文
6403 3

我正在运行命令nmap -v --script ssl-cert paypal.com -T4

我得到了一个巨大的输出,其中有很多我不需要的信息。你知道吗

下面是完整的输出(我截取了生成实际证书密钥的部分):

Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 10:50 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 10:50
Completed NSE at 10:50, 0.00s elapsed
Initiating Ping Scan at 10:50
Scanning paypal.com (64.4.250.37) [4 ports]
Completed Ping Scan at 10:50, 0.15s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:50
Completed Parallel DNS resolution of 1 host. at 10:50, 0.05s elapsed
Initiating SYN Stealth Scan at 10:50
Scanning paypal.com (64.4.250.37) [1000 ports]
Discovered open port 110/tcp on 64.4.250.37
Discovered open port 135/tcp on 64.4.250.37
Discovered open port 143/tcp on 64.4.250.37
Discovered open port 80/tcp on 64.4.250.37
Discovered open port 25/tcp on 64.4.250.37
Discovered open port 443/tcp on 64.4.250.37
Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 2.07% done; ETC: 10:55 (0:04:44 remaining)
Discovered open port 21/tcp on 64.4.250.37
Discovered open port 8008/tcp on 64.4.250.37
Discovered open port 8010/tcp on 64.4.250.37
Completed SYN Stealth Scan at 10:51, 19.20s elapsed (1000 total ports)
NSE: Script scanning 64.4.250.37.
Initiating NSE at 10:51
Completed NSE at 10:51, 29.66s elapsed
Nmap scan report for paypal.com (64.4.250.37)
Host is up (0.12s latency).
Other addresses for paypal.com (not scanned): 64.4.250.36
Not shown: 536 filtered ports, 455 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
135/tcp  open  msrpc
143/tcp  open  imap
443/tcp  open  https
| ssl-cert: Subject: commonName=paypal.com/organizationName=PayPal, Inc./stateOrProvinceName=California/countryName=US/localityName=San Jose/organizationalUnitName=PayPal Production
| Subject Alternative Name: DNS:paypal.com
| Issuer: commonName=DigiCert SHA2 High Assurance Server CA/organizationName=DigiCert Inc/countryName=US/organizationalUnitName=www.digicert.com
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2018-10-22T00:00:00
| Not valid after:  2020-11-18T12:00:00
| MD5:   7705 9f8d cc8d d8a0 0835 e9ff cd9e 644f
| SHA-1: 595b 7897 7448 af87 cd2a 3bb9 5469 72e1 7e4e 7cec
| -----BEGIN CERTIFICATE-----
 *clipped data*
|_-----END CERTIFICATE-----
8008/tcp open  http
8010/tcp open  xmpp

NSE: Script Post-scanning.
Initiating NSE at 10:51
Completed NSE at 10:51, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 49.41 seconds
           Raw packets sent: 2621 (115.300KB) | Rcvd: 482 (19.420KB)

你可以看到这里有很多东西。我只需要443------BEGIN CERTIFICATE-------字段之间的行。你知道吗

有没有办法省略其余的检索数据?你知道吗

我试过一种效率不高的方法。我们可以看到总共有10行,我只需要在这个扫描:从ssl-cert: Subject:SHA-1。你知道吗

到目前为止,我所做的基本上是一个python脚本,它从一开始就运行nmap命令nmap -v --script ssl-cert T4 | grep '*keyword from each line here*'。。。你知道吗

所以我的扫描大约需要20分钟,因为我已经扫描了10次了。你知道吗

感谢您的帮助


Tags: comscanonportportsopennmappaypal
2条回答
网友
1楼 · 编辑于 2024-04-26 22:14:06
nmap -v  script ssl-cert paypal.com -T4 | sed -En '/(^\|\s[a-zA-Z]+)/p'
  • -E激活扩展的regexp,因此我们可以使用()+
  • -n抑制图案空间的打印
  • (^\|\s[a-zA-Z]+)搜索以|字符开头(^)的流(需要将其转换为\|才能正确处理),后跟空格(\s),后跟字母bwetena-z和a-z(大写和小写)([a-zA-Z])1次或多次(+
  • \...\p模式参数中的p用于在stdout上打印匹配项
网友
2楼 · 编辑于 2024-04-26 22:14:06
... |  sed -n '/^443/,/BEGIN CERTIFICATE/p'

如果出现误报,您可能需要微调匹配的模式。。。你知道吗

相关问题 更多 >

    编程相关推荐