我得到了一个nmap结果,我正在尝试使用awk处理各种(主机向上或向下(结果。
我正在传递一个ip地址,并试图获得以下信息:状态(向上或向下(、主机名、操作系统
目标:我需要访问每个字段,才能用它的值更新数据库。此外,我正试图以尽可能简单的方式实现这一点,也许有任何方法可以将字段保存在变量中,这样我就可以使用它,检查它是否为空等等
更多详细信息:
- 如果主机关闭,Host_name=";"未知";,并且OS="0";未知">
- 如果Host up获取Host_name并选中OS->这里有两种可能性,或者/Running:/或者/OS猜测/这两种可能性都会给我们提供操作系统,但我们会有一种或另一种
启动的主机的预期输出:
$ip$status$host_name$os主机启动时:134.99.120.2 host_up HostName Linux当主机关闭时:134.99.120.2 host_down unknown unknown
我在这里想出了一行:
sudo nmap -O -R -p 22 -oN -T4 134.99.120.2 | awk '/down/{print$5}/Nmap scan report/{print$5}/Running:/{print$2}/OS guess/{print$4}'
但这不能控制输出。
nmap的原始输出:
主机启动时:
>启动Nmap 6.40(http://nmap.org(美国东部时间2020-11-29 14:58>HostName的Nmap扫描报告(134.99.120.2(主机已启动(0.00067s>延迟(。PORT STATE SERVICE 22/tcp open ssh警告:OSScan>结果可能不可靠,因为我们找不到至少1个打开>和1个封闭端口设备类型:通用运行:Linux OS CPE:>xx:/o:xxx:xxxxx OS:9.10操作系统详细信息:Linux网络距离:7跳操作系统>执行检测。请在上报告任何不正确的结果>http://nmap.org/submit/。Nmap完成:扫描了1个IP地址(1个主机(>在2.58秒内
当主机关闭时:
>启动Nmap 6.40(http://nmap.org(美国东部时间2020-11-29 15:00>注意:主持人似乎情绪低落。如果它真的启动了,但阻止了我们的ping>探测,尝试-Pn Nmap完成:3.64中扫描了1个IP地址(0个主机(>秒
您实际上可以根据需要格式化数据,方法是将提取的数据设置为awk中的变量,然后将其打印在END块中,因此:
sudo nmap -O -R -p 22 -oN -T4 134.99.120.2 | awk -v ip="134.99.120.2" '
/Host is up/ {
status="host_up"
}
/Host seems down/ {
status="host_down"
}
/Nmap scan report/ {
hstname=$5
}
/Running:/ {
os=$2
}
/OS guess/ {
os=$4
}
END {
!os?os="unknown":os=os;
!hstname?hstname="unknown":hstname=hstname;
printf "%st%st%st%sn",ip,status,hstname,os
}'
一个衬垫:
sudo nmap -O -R -p 22 -oN -T4 134.99.120.2 | awk -v ip="134.99.120.2" '/Host is up/ { status="host_up" } /Host seems down/ { status="host_down" } /Nmap scan report/ { hstname=$5 } /Running:/ { os=$2 } /OS guess/ { os=$4 } END { !os?os="unknown":os=os;!hstname?hstname="unknown":hstname=hstname;printf "%st%st%st%sn",ip,status,hstname,os }'
用-F将变量ip传递到awk中,然后根据搜索到的文本设置os、hstname和状态。在结束块中,检查hstname和os变量是否存在。如果它们不存在,则将变量设置为未知,否则将它们设置为现有变量。最后以所需的格式打印变量。
注意看起来拉曼在"发布你的答案"按钮上更快了。。。
假设:
nmap
输出将始终类似于OP提供的两个示例之一nmap
输出将始终在相同字段中具有Hostname
和OS
名称(即,不必担心nmap
由于数据长度可变而在不同的字处换行(- 当OP在其样本
awk
中显示OS guess
时,样本nmap
数据显示OS details
(下面的答案基于OS details
;OP可以根据其nmap
调用实际返回的内容进行修改( nmap
数据实际上在每一行输出的第一列中包括>
(如在OP采样输入中显示的(;这意味着OP的awk
字段引用可能需要相应地偏移+/-(OP可以根据一行是否以>
开头来调整下面的答案(
示例输入(代替在主机上运行nmap
(:
$ cat nmap.up.dat
> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 14:58 EST
> Nmap scan report for HostName (134.99.120.2) Host is up (0.00067s
> latency). PORT STATE SERVICE 22/tcp open ssh Warning: OSScan
> results may be unreliable because we could not find at least 1 open
> and 1 closed port Device type: general purpose Running: Linux OS CPE:
> xx:/o:xxx:xxxxxos:9.10 OS details: Linux Network Distance: 7 hops OS
> detection performed. Please report any incorrect results at
> http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned
> in 2.58 seconds
$ cat nmap.down.dat
> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 15:00 EST
> Note: Host seems down. If it is really up, but blocking our ping
> probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.64
> seconds
一个awk
解决方案,尽管我假设OP实际上不会为单个ip地址(???(提供两组nmap
输出。。。
ipaddr='134.99.120.2'
awk -v ip="${ipaddr}" ' # pass ip addr in as awk variable "ip"
FNR==1 { hstat="host_up" # reset defaults for status ...
hname=hos="unknown" # hostname and host OS
}
/down/ { hstat="host_down" ; next } # reset status
/scan report for/ { hname=$6 ; next } # reset hostname
/OS details/ { hos=$5 ; next } # reset host OS
ENDFILE { fmt="%-18s%-12s%-15s%sn" # re-usable format
if ( NR==FNR ) # for first file print a header:
{ printf fmt, "$ip", "$status", "$host_name", "$os" }
printf fmt, ip, hstat, hname, hos # otherwise print results
}
' nmap.up.dat nmap.down.dat
注意:ENDFILE
需要GNU awk
(根据Ed Morton的评论(
以上生成:
$ip $status $host_name $os
134.99.120.2 host_up HostName Linux
134.99.120.2 host_down unknown unknown
决定对一个(简单的(令牌分析器进行扫描,该分析器消除了对awk
中硬编码字段引用的需要,但仍然假设nmap
的文本输出与OP样本输出中显示的一样。
示例输入(代替在主机上运行nmap
(:
$ cat nmap.up.dat
> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 14:58 EST
> Nmap scan report for HostName (134.99.120.2) Host is up (0.00067s
> latency). PORT STATE SERVICE 22/tcp open ssh Warning: OSScan
> results may be unreliable because we could not find at least 1 open
> and 1 closed port Device type: general purpose Running: Linux OS CPE:
> xx:/o:xxx:xxxxxos:9.10 OS details: Linux Network Distance: 7 hops OS
> detection performed. Please report any incorrect results at
> http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned
> in 2.58 seconds
$ cat nmap.down.dat
> Starting Nmap 6.40 ( http://nmap.org ) at 2020-11-29 15:00 EST
> Note: Host seems down. If it is really up, but blocking our ping
> probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.64
> seconds
代币分析器的一个awk
想法:
ipaddr='134.99.120.2'
awk -v ip="${ipaddr}" ' # pass ip addr in as awk variable "ip"
FNR==1 { hstat="host_up" # reset defaults for status ...
hname=hos="unknown" # hostname and host OS
prev="" # clear our "prev"ious token
}
{ for ( i=1 ; i<=NF ; i++ ) # process each field
{ token=$(i) # make note of current token aka field
if ( token == ">" ) continue # ignore the ">" in the first column
# if our "prev"ious token matches any of the case statements then
# update our variables according to the current token
switch (prev) {
case "scan" : if ( token == "report") { prev=prev" "token } ; break
case "scan report" : if ( token == "for" ) { prev=prev" "token } ; break
case "scan report for": hname=token ; prev=token ; break
case "down." : hstat="host_down" ; prev=token ; break
case "Running:" : hos=token ; prev=token ; break
default : prev=token ; break
}
}
}
ENDFILE { fmt="%-18s%-12s%-15s%sn" # re-usable format
if ( NR==FNR ) # for first file print a header:
{ printf fmt, "$ip", "$status", "$host_name", "$os" }
printf fmt, ip, hstat, hname, hos # otherwise print results
}
' nmap.up.dat nmap.down.dat
注意:ENDFILE需要GNU awk
以上生成:
$ip $status $host_name $os
134.99.120.2 host_up HostName Linux
134.99.120.2 host_down unknown unknown