I provide certain clients a report of vulnerabilities found on their systems. I have several clients that have a main office but satellite offices everywhere. One has like 1588 around the world. I use various tools for this and of course I use nmap. They have a few people onsite at their main office but they hired me because of a massive data loss due to their own guys missing things. These are clients I have only taken on the last couple of months. Most I do this for has been clients with only a couple of systems onsite.
I provide a report to them every afternoon after the scans. These reports would be easier if I could extract some info from the nmap scan. Started looking into this over the weekend. Came up with this.
but I need more info because after a bit it gets confusing. So I wanted to see if I could come up with a way to extract:
Nmap scan report for static-xx-xxx-x-x.ipcom.xxxx.net (xx.x.xxx.xx)
Host is up (0.12s latency).
Not shown: 26 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 10.0
|_http-server-header: Private
| vulners:
| cpe:/a:microsoft:iis:10.0:
| CVE-2008-4301 10.0 https://vulners.com/cve/CVE-2008-4301
| CVE-2008-4300 5.0 https://vulners.com/cve/CVE-2008-4300
| CVE-2015-2808 4.3 https://vulners.com/cve/CVE-2015-2808
|_ CVE-2013-2566 4.3 https://vulners.com/cve/CVE-2013-2566
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
But extracting this many lines, so far I have not been able to do and it keep this format or something close.
I know they send my report somewhere else to be reviewed. They are not letting their own people review or even as I understand it they don't know the company is even brought in others to check behind them.
Any help would be appreciated. Greatly appreciated!
I provide a report to them every afternoon after the scans. These reports would be easier if I could extract some info from the nmap scan. Started looking into this over the weekend. Came up with this.
Code:
awk '/CVE/ || /vulners.com/{print}' *.txt
Nmap scan report for static-xx-xxx-x-x.ipcom.xxxx.net (xx.x.xxx.xx)
Host is up (0.12s latency).
Not shown: 26 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 10.0
|_http-server-header: Private
| vulners:
| cpe:/a:microsoft:iis:10.0:
| CVE-2008-4301 10.0 https://vulners.com/cve/CVE-2008-4301
| CVE-2008-4300 5.0 https://vulners.com/cve/CVE-2008-4300
| CVE-2015-2808 4.3 https://vulners.com/cve/CVE-2015-2808
|_ CVE-2013-2566 4.3 https://vulners.com/cve/CVE-2013-2566
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
But extracting this many lines, so far I have not been able to do and it keep this format or something close.
I know they send my report somewhere else to be reviewed. They are not letting their own people review or even as I understand it they don't know the company is even brought in others to check behind them.
Any help would be appreciated. Greatly appreciated!