0 
➜ cat nmap/ports.nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-21 11:30 IST Warning: 10.10.10.100 giving up on port because retransmission cap hit (10). Nmap scan report for 10.10.10.100 Host is up (0.26s latency). Not shown: 65410 closed tcp ports (reset), 111 filtered tcp ports (no-response) PORT STATE SERVICE 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 49152/tcp open unknown 49153/tcp open unknown 49154/tcp open unknown 49155/tcp open unknown 49157/tcp open unknown 49158/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 17.57 seconds

After searching, I use this command.

cat nmap/ports.nmap | grep 'open' | awk '{ print $1 }' | awk '{print ($0+0)}' | sed -z 's/\n/,/g;s/,$/\n/'

Output:

88,135,139,389,445,464,593,636,49152,49153,49154,49155,49157,49158

Is there any simpler command than this, can anyone please help me.

Improve this question
1
  • 1
    You can use nmap --open .... to show only the open ports. So you won't have to use grep open Commented Oct 21, 2022 at 9:00

3 Answers 3

Reset to default
1

I would probably work with the XML output from nmap, which makes it easier to extract the wanted information.

Here I'm getting the port number for each open port in the result of the scan using xmlstarlet, and then I'm using paste to format the lines of port numbers onto a single line with comma-delimited fields:

$ nmap -oX - localhost | xmlstarlet sel -t -v '//port[state/@state="open"]/@portid' -nl | paste -s -d, - 22,25,111,2049,7000,7001

You may do that in two steps if you want to save the result first:

$ nmap -oX nmap.xml localhost Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-21 08:53 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.000057s latency). Other addresses for localhost (not scanned): ::1 Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 2049/tcp open nfs 7000/tcp open afs3-fileserver 7001/tcp open afs3-callback Nmap done: 1 IP address (1 host up) scanned in 6.13 seconds 
$ xmlstarlet sel -t -v '//port[state/@state="open"]/@portid' -nl nmap.xml | paste -s -d, - 22,25,111,2049,7000,7001

The XPath query //port[state/@state="open"]/@portid locates any port node in the XML document that has a state child node with a state attribute with value open. For each such port node, the portid attribute is extracted.

If you just want to have a variation of what you already have, you may combine most of the parsing in a single awk call:

awk '$2 == "open" { sub("/.*","",$1); print $1 }' nmap.out | paste -s -d, -

This detects the word open in the second field and extracts and prints everything before the / in the first field. The comma-delimited list is created with paste as before.

Improve this answer
0
1 
cat nmap/ports.nmap | awk -F/ '/open/ {b=b","$1} END {print substr(b,2)}'

Just use awk?

88,135,139,389,445,464,593,636,49152,49153,49154,49155,49157,49158

Improve this answer
0

Original command:

cat nmap/ports.nmap | grep 'open' | awk '{ print $1 }' | awk '{print ($0+0)}' | sed -z 's/\n/,/g;s/,$/\n/'

Sort and delete duplicate ports command:

cat nmap/ports.nmap | grep 'open' | awk '{ print $1 }' | awk '{print ($0+0)}' | sort | uniq | sed -z 's/\n/,/g;s/,$/\n/'
Improve this answer
1
  • Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. Commented Mar 10, 2023 at 7:50

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.