I'm trying to filter nmap results using grep, awk, and sed to create a report. But I can't get just the "178-36-246-126.static." I imagine that i have to have a parameter "xxx-xx-xxx-xx", using these dashes. I tried deleting the first few columns but it affects the bottom rows(awk '{print $1,$2,$3,$6}').
I tried using grep -A and -B but the number of lines is not static. I tried to use sed but the IP numbers vary. It still has over 8000 lines left so I really need some help. Thanks!
178-36-246-126.static.xxxxxxxxxx.com (178.36.246.126)
PORT STATE SERVICE
80/tcp open http
178-36-246-134.static.xxxxxxxxxx.com (178.36.246.134)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
3389/tcp open ms-wbt-server
178-36-246-145.static.xxxxxxxxxx.com (178.36.246.145)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
178-36-246-147.static.xxxxxxxxxx.com (178.36.246.147)
PORT STATE SERVICE
443/tcp open https
CodePudding user response:
If I understand your question correctly, you want to remove anything after static. on the lines with an IP address. You can change the field separator in awk and then apply pattern matching/replacing for matched lines.
awk 'BEGIN{FS=OFS="."} /^([[:digit:]]{1,3}.){3}[[:digit:]]{1,3}/ {$0=$1 "." $2} 1'
->
178-36-246-126.static
PORT STATE SERVICE
80/tcp open http
178-36-246-134.static
PORT STATE SERVICE
80/tcp open http
443/tcp open https
3389/tcp open ms-wbt-server
178-36-246-145.static
PORT STATE SERVICE
80/tcp open http
443/tcp open https
178-36-246-147.static
PORT STATE SERVICE
443/tcp open https
CodePudding user response:
If I were you I'd modify nmap's output options:
nmap -oG - subnet/subnetmask | awk '$2~/178-36-246-126.static/ && $4~/Ports:/'
Or, even shorter, instead of extracting one hosts information from a subnet scan, just scan that one host with the default output:
nmap 178-36-246-126.static
Or, if all you're trying to achieve is to strip part of the fully qualified domain-name:
nmap subnet/subnetmask | sed 's/\.xxxxxxxxxx\.com//'