J Wolfgang Goerlich's thoughts on Information Security
Nmap output to XML and SQL

By wolfgang. 28 November 2008 10:39

The Nmap port scanner has a handful of output options. It has its own proprietary format (-oN). If you want to play with the data, you can use XML output (-oX) or grep text files (-oG). The -oA will export in all three formats.

Why export to XML or grepable text? Typically, because you want to audit several IP hosts and store the results in a database.

A quicker method is to use the Nmap::Parser module with a Perl script. This method comes courtesy of Anthony Persaud. His Nmap-Parser automates reading the XML output and writing to SQL tables. MySQL and SQLite are both supported. Nmap-Parser is now up to version 1.19.

Use case: nightly IP scans of a subnet along with TCP scans of select hosts, as part of a security information management process.

Update: Paul Haas has a sample Perl script that uses Nmap::Parser and SQLite.

Tags:

Security | Security Information Management

    Log in