GNXTools - Glens Nmap XML Tools - are several python scripts which parse and merge nmap XML output files on the cmdline. When used together, there are a number of potential uses, particularly when using gnxmerge to process results generated by nmap from the gnxparse 'rescan' output.
Author: (glen at) glenscott.net , @memoryresident
List ips, ports, subnets and generate nmap 'rescan' commands.
Merge multiple nmap xml files.
GNXParse is a python script which parses nmap XML report files and outputs discovered IP addresses, /24 subnets and open ports for use with other tools.
GNXParse is also able to output nmap command lines in order to repeat a previous scan against known open ports. This may be useful for example when performing a full scan of a host or hosts from a fast/privileged/unfirewalled location (eg internal network) then performing a re-scan from an untrusted network to compare exposure levels.
Compared to repeating a comprehensive scan, this method has the advantage of significantly reducing both bandwidth and time consumption, along with producing a much quieter footprint in firewall and IDS logs.
Multiple nmap scans may be parsed by first merging the xml output using gnxmerge.py
$ ./gnxparse.py --help
usage: gnxparse.py filename.xml [OPTIONS]
Glens Nmap XML Parser (gnxparse)
positional arguments:
file File containing nmap XML output
optional arguments:
-h, --help show this help message and exit
-i, -ips Output list of active ipv4 addresses
-p, -ports Output list of open ports
-s, -subnets Output list of /24 subnets containing live hosts
-r [RESCAN], -rescan [RESCAN]
Generate nmap-compatible command-line for re-testing
hosts. If no nmap command prefix is given, defaults
to: nmap -PN --traceroute --open
-c [CSVOUT], -csv [CSVOUT]
Output simple csv file format (HOSTIP,port1,port2,port3)
-q, -quiet Suppress header output for ip, port and subnet lists.
-v, --version show program's version number and exit
usage examples:
gnxparse.py ./scan.xml -ips
gnxparse.py ./scan.xml -ports
gnxparse.py ./scan.xml -subnets
gnxparse.py ./scan.xml -rescan > ./outputscript.sh
gnxparse.py ./scan.xml -rescan 'nmap -A' > ./outputscript.sh
gnxparse.py ./scan.xml -i -s -r
gnxparse.py ./scan.xml -i -s -r 'nmap -A'
GNXMerge is a python script which merges multiple separate nmap XML results files into a single XML output. This is primarily to provide an easy method of feeding multiple scan results to tools which accept Nmap .xml output files, for example Zenmap, Nessus or OpenVAS.
It attempts to emulate the official Nmap xml format as far as possible for the merged output, mainly to reduce the likelihood of any other tools not recognising the generated file.
Other tools for handing multiple nmap xml files include Zenmap and Magictree, both of which should also accept files generated by gnxmerge.
gnxmerge functions at the container level, eg all entries from input files will be joined together (including duplicates).
Merging of results within the level (eg cumulation of port checks for the same IP over different scans) is not yet supported.
$ ./gnxmerge.py --help
usage: gnxmerge.py -sources=./file.xml,file2.xml,/path/to/files
Glens Nmap XML Merger gnxmerge - Merges <host> sections from multiple nmap XML files
optional arguments:
-h, --helpshow this help message and exit
-s SOURCES, -sources SOURCES
Comma separated list of paths to files and/or folder
contents to merge. An .xml extension is not mandatory;
all files and contents of target folder will be (non-
recursively) processed, regardless of extension. If
files are present which are not valid XML, they will
be skipped with warnings.
-v, --version show program's version number and exit