GNXTools - Glens Nmap XML Tools
GNXTools - Glens Nmap XML Tools - are several python scripts which parse and merge nmap XML output files on the cmdline. When used together, there are a number of potential uses, particularly when using gnxmerge to process results generated by nmap from the gnxparse 'rescan' output.
GNXParse (Nmap XML Parser)
List ips, ports, subnets and generate nmap 'rescan' commands.
GNXMerge (Nmap XML Merger)
Merge multiple nmap xml files.
GNXParse (Glens Nmap XML Parser)
GNXParse is a python script which parses nmap XML report files and outputs discovered IP addresses, /24 subnets and open ports for use with other tools.
GNXParse is also able to output nmap command lines in order to repeat a previous scan against known open ports. This may be useful for example when performing a full scan of a host or hosts from a fast/privileged/unfirewalled location (eg internal network) then performing a re-scan from an untrusted network to compare exposure levels.
Compared to repeating a comprehensive scan, this method has the advantage of significantly reducing both bandwidth and time consumption, along with producing a much quieter footprint in firewall and IDS logs.
Multiple nmap scans may be parsed by first merging the xml output using gnxmerge.py
$ ./gnxparse.py --help usage: gnxparse.py filename.xml [OPTIONS] Glens Nmap XML Parser (gnxparse) positional arguments: file File containing nmap XML output optional arguments: -h, --help show this help message and exit -i, -ips Output list of active ipv4 addresses -p, -ports Output list of open ports -s, -subnets Output list of /24 subnets containing live hosts -r [RESCAN], -rescan [RESCAN] Generate nmap-compatible command-line for re-testing hosts. If no nmap command prefix is given, defaults to: nmap -PN --traceroute --open -c [CSVOUT], -csv [CSVOUT] Output simple csv file format (HOSTIP,port1,port2,port3) -q, -quiet Suppress header output for ip, port and subnet lists. -v, --version show program's version number and exit usage examples: gnxparse.py ./scan.xml -ips gnxparse.py ./scan.xml -ports gnxparse.py ./scan.xml -subnets gnxparse.py ./scan.xml -rescan > ./outputscript.sh gnxparse.py ./scan.xml -rescan 'nmap -A' > ./outputscript.sh gnxparse.py ./scan.xml -i -s -r gnxparse.py ./scan.xml -i -s -r 'nmap -A'
GNXMerge (Glens Nmap XML Merger)
GNXMerge is a python script which merges multiple separate nmap XML results files into a single XML output. This is primarily to provide an easy method of feeding multiple scan results to tools which accept Nmap .xml output files, for example Zenmap, Nessus or OpenVAS.
It attempts to emulate the official Nmap xml format as far as possible for the merged output, mainly to reduce the likelihood of any other tools not recognising the generated file.
Other tools for handing multiple nmap xml files include Zenmap and Magictree, both of which should also accept files generated by gnxmerge.
gnxmerge functions at the <host> container level, eg all <host> entries from input files will be joined together (including duplicates).
Merging of results within the <host> level (eg cumulation of port checks for the same IP over different scans) is not yet supported.
$ ./gnxmerge.py --help usage: gnxmerge.py -sources=./file.xml,file2.xml,/path/to/files Glens Nmap XML Merger gnxmerge - Merges <host> sections from multiple nmap XML files optional arguments: -h, --helpshow this help message and exit -s SOURCES, -sources SOURCES Comma separated list of paths to files and/or folder contents to merge. An .xml extension is not mandatory; all files and contents of target folder will be (non- recursively) processed, regardless of extension. If files are present which are not valid XML, they will be skipped with warnings. -v, --version show program's version number and exit