使用 awk 处理 nmap 扫描结果,求出存活主机IP
企业开发
2018-06-02 18:44:56
阅读次数: 0
在使用 nmap 扫描时,得到如下结果:
结果1:
Interesting ports on 172.22.43.23:
PORT STATE SERVICE
22/tcp open ssh
Interesting ports on 172.22.43.24:
PORT STATE SERVICE
22/tcp open ssh
Interesting ports on 172.22.43.25:
PORT STATE SERVICE
22/tcp open ssh
Interesting ports on 172.22.43.250:
PORT STATE SERVICE
22/tcp filtered ssh
Interesting ports on 172.22.43.251:
PORT STATE SERVICE
22/tcp open ssh
Nmap run completed -- 256 IP addresses (17 hosts up) scanned in 2.375 seconds
要求:如果 扫描 22 端口为 open 则打印 所扫IP地址 (如:172.22.43.251 的 22/tcp 为 open 则打印 这个 IP )
扫描结果2:
Interesting ports on 172.22.43.251:
PORT STATE SERVICE
5911/tcp closed unknown
5912/tcp closed unknown
5913/tcp closed unknown
5914/tcp closed unknown
5915/tcp closed unknown
5916/tcp closed unknown
5917/tcp closed unknown
5918/tcp closed unknown
5919/tcp closed unknown
5920/tcp closed unknown
Interesting ports on 172.22.43.252:
PORT STATE SERVICE
5911/tcp closed unknown
5912/tcp closed unknown
5913/tcp closed unknown
5914/tcp closed unknown
5915/tcp closed unknown
5916/tcp closed unknown
5917/tcp closed unknown
5918/tcp closed unknown
5919/tcp closed unknown
5920/tcp closed unknown
Interesting ports on 172.22.43.254:
PORT STATE SERVICE
5911/tcp closed unknown
5912/tcp open unknown
5913/tcp closed unknown
5914/tcp closed unknown
5915/tcp closed unknown
5916/tcp closed unknown
5917/tcp closed unknown
5918/tcp closed unknown
5919/tcp closed unknown
5920/tcp closed unknown
Nmap run completed -- 256 IP addresses (17 hosts up) scanned in 3.446 seconds
我在扫描 5911-5920 这10个端口时只要有一个端口为open,就打印这个IP地址 (如:172.22.43.254 的 5912/tcp 端口为 open的,就打印 172.22.43.254 这个IP)
不清楚这个 awk 应怎么写,求助 ! |
|
|
|
|
|
要嫁就嫁灰太郎
帖子
363
主题
10
精华
0
可用积分
992
专家积分
0 (本版:0)
在线时间
403 小时
注册时间
2008-11-25
最后登录
2010-10-26
状态:...当前离线... [微博 ] [博客 ] [短信 ] |
问题1:
awk 'BEGIN{RS="Interesting ports on";FS="\n";OFS="\n"}{for(j=1;j<=NF;j++){if($j~/open/){print $1;break}}}' data.txt
同意适合问题2
[ 本帖最后由 sunbw001 于 2009-11-24 10:11 编辑 ] |
|
|
|
|
|
帖子
696
主题
32
精华
0
可用积分
1883
专家积分
15 (本版:15)
在线时间
2,551 小时
注册时间
2006-01-04
最后登录
2010-06-03
状态:...当前离线... [微博 ] [博客 ] [短信 ] |
第一个
awk -v RS="\n\n" '{if($9=="open") print $4}'
第二个
awk -v RS="\n\n" '{for (i=9;i<=NF;i+=3) if($i=="open") print $4}' |
|
|
|
|
|
帖子
101
主题
0
精华
0
可用积分
486
专家积分
0 (本版:0)
在线时间
430 小时
注册时间
2008-08-29
最后登录
2010-10-19
状态:...当前离线... [微博 ] [博客 ] [短信 ] |
| awk 'BEGIN {ip="";state="closed"} /Interesting ports on/ {ip=$4} $2=="open" {state="open"} NF==0{if(state=="open") print ip;ip="";state="closed"}' |
|
|
|
|
|
帖子
4329
主题
66
精华
0
可用积分
37373
专家积分
140 (本版:140)
在线时间
2,205 小时
注册时间
2005-12-11
最后登录
2010-11-02
状态:...当前离线... [微博 ] [博客 ] [短信 ] |
1. awk '/^Interesting/{sub(/:$/,"",$NF);ip=$NF}$1~/^22/&&$2=="open"{print ip}'
2. awk '/^Interesting/{T=0;sub(/:$/,"",$NF);ip=$NF}!T&&$2=="open"{print ip;T=1}' |
|
|
|
|
|
帖子
35
主题
2
精华
0
可用积分
57
专家积分
0 (本版:0)
在线时间
244 小时
注册时间
2007-06-07
最后登录
2010-06-20
状态:...当前离线... [微博 ] [博客 ] [短信 ] |
1:
nawk -v RS="\n\n" '$8 ~ /22/ && $9 ~ /open/{sub(/:/,"",$4);print $4}'
2:
nawk -v RS="\n\n" '/ open /{sub(/:/,"",$4);print $4}' |
|
|
|
|
|
帖子
1223
主题
92
精华
0
可用积分
2554
专家积分
10 (本版:10)
在线时间
525 小时
注册时间
2006-08-25
最后登录
2010-11-01
状态:...当前离线... [微博 ] [博客 ] [短信 ] |
|
| |
转载自baitai.iteye.com/blog/802151
