[EN] Wiki
Xtreme Nmap Parser (XNP) takes XML files generated by Nmap and turns them into accessible and easily manipulable formats such as CSV, XLSX or JSON. This way, you can spend less time sifting through raw Nmap output and more time interpreting the results and planning your next steps.
This is particularly useful when tasked with analyzing a large number of hosts as it enables quicker, more efficient filtering and testing.
- Input Handling: XNP can process both individual Nmap XML files and directories containing multiple files.
- Data Export: XNP transforms Nmap scan results into pandas DataFrames and exports them in CSV, XLSX, and/or JSON formats, facilitating integration with other analysis tools or storing the results for future review.
- Customization: With a YAML configuration file, XNP allows output to be tailored to specific needs.
- Filtering Options: Filter based on specific services or open ports to concentrate on targets of interest while disregarding irrelevant data.
- Pentest Records: Keeping track of analyzed data can be beneficial to avoid unnecessary re-scanning, monitor progress over time, and provide an audit trail for review purposes.
- Network-Wide Vulnerability Detection: If a vulnerable service is detected on one host, XNP can be used to swiftly search for other hosts in the network potentially running the same service, assisting in identifying vulnerabilities across the network.
- Easy Data Export: The ability to effortlessly copy and paste data about vulnerable hosts, filtered by service version, can be a practical feature. It simplifies the documentation of findings, data sharing with colleagues, and inputting data into other tools or reports.
In summary, XNP is a tool designed to simplify the life of a pentester. By automating the processing and analysis of Nmap output, XNP allows you to focus on the most crucial part of your job: interpreting the results and planning better strategies. }8·)
The structure and fields used were extracted from the DTD associated with the Nmap XML files found in the tool's official repository.
The columns considered to date in the output of information from the different formats (CSV, XLSX and JSON) are:
- Hostname.
- IP.
- State.
- Port.
- Protocol.
- State Port.
- Service Name.
- Product.
- Version.
- Extrainfo.
- Scripts.
CSV output example:
Hostname;IP;State;Port;Protocol;State Port; Service Name; Product; Version; Extrainfo
xtormin.local;10.10.1.9;up;445;tcp;open;microsoft-ds;Windows Server 2016 Standard 14393 microsoft-ds;;
xtormin.local;10.10.1.9;up;1433;tcp;open;ms-sql-s;Microsoft SQL Server 2017;"14.00.1000.00; RTM";
xtormin.local;10.10.1.9;up;3389;tcp;open;ms-wbt-server;Microsoft Terminal Services;;
- Clone this repository:
git clone https://github.com/xtormin/XtremeNmapParser.git
- Navigate to the XNP directory:
cd XtremeNmapParser
- Install the necessary Python packages:
python3 -m pip install -r requirements.txt
or
sudo apt install python3-venv
python3 -m venv venv
source venv/bin/activate
python3 -m pip install -r requirements.txt
- Run XNP.
Example of nmap scan:
nmap -T4 -Pn -open --script=default,version,vuln -A -p- -oA nmap/tcp-full-scripts 10.10.1.9
To convert the XML file, you can use the following command:
python3 xnp.py -f <nmap XML file> -oF <list with output formats>
python3 xnp.py -f nmap/tcp-full-scripts.xml -oF csv,xlsx,json
To convert XML files from a folder recursively, meaning to search for all XML files within the folder structure, you can use the argument '-R'.
The following command will produce a CSV/XLSX file for each XML file in the specified folder. The CSV/XLSX will be saved in the same location as the original.
To convert all XML files in a folder, you can use the following command:
python3 xnp.py -d <folder with nmap XML files> -oF <list with output formats>
python3 xnp.py -d nmap/ -oF csv,xlsx,json
Recursively:
python3 xnp.py -d nmap/ -oF csv,xlsx,json -R
The following command will produce a single XLSX/CSV file that contains the merged data from all of the XML files in the specified folder.
To merge all nmap XML files and generate a file with the result, you can use the following command:
- Default output name "merged_nmap_scan_data":
python3 xnp.py -d <folder with nmap XML files> -oF <list with output formats> -M
python3 xnp.py -d nmap/ -oF csv,xlsx,json -M
- Other output name:
python3 xnp.py -d <folder with nmap XML files> -oF <list with output formats> -M -oN <output name>
python3 xnp.py -d nmap/ -o csv,xlsx,json -M -oN merged_nmap_scan_data
Recursively:
python3 xnp.py -d nmap/ -o csv,xlsx,json -M -O merged_nmap_scan_data -R
Quick version:
python3 xnp.py -d nmap/ -M -R --open
It is possible to select the desired columns in the output using the '-C' argument and specifying the desired fields.
For example, here is an output example with the "Scripts" column that contains the information of the result from all nmap scripts for each port/service in question:
python3 xnp.py -f nmap/tcp-full-scripts.xml -C Hostname IP State Port Protocol "State Port" "Service Name" Product Version Extrainfo Scripts
To export only the open ports from the dataframe, you can use the "--open" argument.
For example:
python3 xnp.py -d nmap/ -C Hostname IP State Port Protocol "State Port" "Service Name" Product Version Extrainfo Scripts -M -O examples/merged_nmap_scan_data -R --open
| Argument | Description |
|---|---|
| -f | This flag is used to specify the input file to the XNP script. In this case, nmap/tcp-full-scripts.xml is the Nmap XML file that you want to parse. |
| -d | This flag is used to specify a directory that contains Nmap XML files that you want to parse. In this case, nmap/ is the directory being specified. |
| -oF | This flag is used to specify the output format(s) for the parsed data. In this case, you are asking XNP to export the parsed data in both CSV (Comma-Separated Values), XLSX (Microsoft Excel) formats and JSON (JavaScript Object Notation). |
| -M | This flag indicates that the parsed data from all the XML files should be merged into a single dataset. |
| -oN | This flag is used to specify the base name for the output files. In this case, "merged_nmap_scan_data" is the base name, so the output files will be named "merged_nmap_scan_data.csv", "merged_nmap_scan_data.xlsx", and "merged_nmap_scan_data.json". |
| -R | This flag indicates that all files in the directory and subdirectories within the folder will be included recursively. |
| --open | This flag indicates that only open ports will be included. |
| -C | This flag indicates the columns to include in the output files. |