Nmap scan range output file problem

Okay, I want to have Nmap scan an IP range for computers with a certain port open (port 80 in this case) and have it output all the IP's it finds into a text file, stored in this format:

192.168.0.1
192.168.0.185
192.168.0.192
192.168.0.195

So to output the file, I tried using this command:

nmap -sT -p 80 -ttl 40 192.168.0.0-255 -oG - | grep "80/open" > output.txt

Where "output.txt" is the output file that contains the results. So a line of output.txt looks like this:

Host: 192.168.0.1 ()    Ports: 80/open/tcp//http///

So I basically want it only to output the IP address with port 80 open, and nothing else. I want it to not output the "Host: " or the "()"开发者_JAVA百科 and "Ports: 80/open/tcp//http///" lines. So is there anyway I can have Nmap not put that stuff into the output file? Or make it only output the IP addresses? I tried looking at the map page, it was of little help. And I looked all over the Internet and that wasn't very useful either. So does anyone know how I can do this? Thanks

Awk is your friend!

$ nmap -sT -p 80 192.168.0.0/24 -oG - | awk '/ 80\/open/{print $2}' > output.txt

This will find lines with port 80 open (notice the space before 80, if you plan to scan more than the one port!), and print field 2, splitting on whitespace. Another way to do it would be:

$ nmap -sT -p 80 --open 192.168.0.0/24 -oG - | awk '$4=="Ports:"{print $2}' > output.txt

This one uses the --open argument to Nmap to only produce output for hosts with open ports. The awk command checks that this is a "Ports" line, not a "Status" line (which may only show up when using -v, but I'm not positive) before printing the IP address.

Note that it is usually in your best interests to save the scan results to a file, to avoid needing to repeat the scan if you decide to extract some different information. If you choose to do this, I would recommend using the XML output (-oX), since there are lots of analysis tools that have parsers built for it already.

Having nmap produce exactly what you want would indeed be nice. But as a more general solution:

$ nmap ... | grep ... | tr '/' ' ' | awk '{ print $2,$5; }
192.168.0.1 80

Or maybe:

nmap ... | grep ... | tr '/' ' ' | cut -d' ' -f2,8

I found a script called scanreport.sh very useful. Although its not necessary, you could just use awk as suggested, but thought it might be of interest.

It gives the ability to output the nmap results nicely by service or port (with highlighting). It uses the grep-able output from nmap (-oG) after a quick tidy from grep -v ^# nmapoutput.txt > report.txt

Example

nmap -sS 192.168.1.22 -oG /directory/of/choice/results.txt

grep -v ^# results.txt > report.txt

./scanreport.sh -f report.txt

Host: 192.168.1.22 ()
22 open tcp  ssh  OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)
80 open tcp  http  Apache httpd 2.2.14 ((Ubuntu))

./scanreport.sh -f report.txt -p 80

Host: 192.168.1.22 ()
80 open tcp  http  Apache httpd 2.2.14 ((Ubuntu))  

./scanreport.sh -f report.txt -s ssh

Host: 192.168.1.22 ()
22 open tcp  ssh  OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)

Plenty of stuff on google about it but here a link to one ref.

./scanreport.sh