GNXTools - Glens Nmap XML Tools - are several python scripts which parse and merge nmap XML output files on the cmdline. When used together, there are a number of potential uses, particularly when using gnxmerge to process results generated by nmap from the gnxparse 'rescan' output.

Author: (glen at) glenscott.net , @memoryresident

List ips, ports, subnets and generate nmap 'rescan' commands.

Merge multiple nmap xml files.

GNXParse is a python script which parses nmap XML report files and outputs discovered IP addresses, /24 subnets and open ports for use with other tools.

GNXParse is also able to output nmap command lines in order to repeat a previous scan against known open ports. This may be useful for example when performing a full scan of a host or hosts from a fast/privileged/unfirewalled location (eg internal network) then performing a re-scan from an untrusted network to compare exposure levels.

Compared to repeating a comprehensive scan, this method has the advantage of significantly reducing both bandwidth and time consumption, along with producing a much quieter footprint in firewall and IDS logs.

Multiple nmap scans may be parsed by first merging the xml output using gnxmerge.py

$ ./gnxparse.py  --help
usage: gnxparse.py filename.xml [OPTIONS]

Glens Nmap XML Parser (gnxparse)

positional arguments:
  file  File containing nmap XML output

optional arguments:
      -h, --help 	show this help message and exit
      -i, -ips  	Output list of active ipv4 addresses
      -p, -ports 	Output list of open ports
      -s, -subnets  Output list of /24 subnets containing live hosts
      -r [RESCAN], -rescan [RESCAN]
				    Generate nmap-compatible command-line for re-testing
				    hosts. If no nmap command prefix is given, defaults
				    to: nmap -PN --traceroute --open
      -c [CSVOUT], -csv [CSVOUT]
    				Output simple csv file format (HOSTIP,port1,port2,port3)
	  -q, -quiet    Suppress header output for ip, port and subnet lists.
      -v, --version show program's version number and exit

usage examples:
    gnxparse.py ./scan.xml -ips
    gnxparse.py ./scan.xml -ports
    gnxparse.py ./scan.xml -subnets
    gnxparse.py ./scan.xml -rescan > ./outputscript.sh
    gnxparse.py ./scan.xml -rescan 'nmap -A' > ./outputscript.sh
    gnxparse.py ./scan.xml -i -s -r
    gnxparse.py ./scan.xml -i -s -r 'nmap -A'

GNXMerge is a python script which merges multiple separate nmap XML results files into a single XML output. This is primarily to provide an easy method of feeding multiple scan results to tools which accept Nmap .xml output files, for example Zenmap, Nessus or OpenVAS.

It attempts to emulate the official Nmap xml format as far as possible for the merged output, mainly to reduce the likelihood of any other tools not recognising the generated file.

Other tools for handing multiple nmap xml files include Zenmap and Magictree, both of which should also accept files generated by gnxmerge.

gnxmerge functions at the container level, eg all entries from input files will be joined together (including duplicates).

Merging of results within the level (eg cumulation of port checks for the same IP over different scans) is not yet supported.

$ ./gnxmerge.py  --help
usage: gnxmerge.py -sources=./file.xml,file2.xml,/path/to/files

Glens Nmap XML Merger gnxmerge - Merges <host> sections from multiple nmap XML files

optional arguments:
  -h, 					--helpshow this help message and exit
  -s SOURCES, -sources SOURCES
					    Comma separated list of paths to files and/or folder
					    contents to merge. An .xml extension is not mandatory;
					    all files and contents of target folder will be (non-
					    recursively) processed, regardless of extension. If
					    files are present which are not valid XML, they will
					    be skipped with warnings.
  -v, 					--version show program's version number and exit