Can nmap display only hosts with specific ports open?











up vote
13
down vote

favorite
3












Can nmap list all hosts on the local network that have both SSH and HTTP open? To do so, I can run something like:



nmap 192.168.1.1-254 -p22,80 --open


However, this lists hosts that have ANY of the list ports open, whereas I would like hosts that have ALL of the ports open. In addition, the output is quite verbose:



# nmap 192.168.1.1-254 -p22,80 --open



Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-31 10:14 EST

Nmap scan report for Wireless_Broadband_Router.home (192.168.1.1)

Host is up (0.0016s latency).

Not shown: 1 closed port

PORT   STATE SERVICE

80/tcp open  http



Nmap scan report for new-host-2.home (192.168.1.16)

Host is up (0.013s latency).

PORT   STATE SERVICE

22/tcp open  ssh

80/tcp open  http



Nmap done: 254 IP addresses (7 hosts up) scanned in 3.78 seconds


What I'm looking for is output simply like:



192.168.1.16


as the above host is the only one with ALL the ports open.



I certainly can post-process the output, but I don't want to rely on the output format of nmap, I'd rather have nmap do it, if there is a way.






ip tcp scanner nmap







share|improve this question






















  • If you want to test only one port, 'nmap -p 22 | grep -B3 open' is a easy way.
    – Luciano Andress Martini
    Aug 29 '17 at 19:34

















up vote
13
down vote

favorite
3












Can nmap list all hosts on the local network that have both SSH and HTTP open? To do so, I can run something like:



nmap 192.168.1.1-254 -p22,80 --open


However, this lists hosts that have ANY of the list ports open, whereas I would like hosts that have ALL of the ports open. In addition, the output is quite verbose:



# nmap 192.168.1.1-254 -p22,80 --open



Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-31 10:14 EST

Nmap scan report for Wireless_Broadband_Router.home (192.168.1.1)

Host is up (0.0016s latency).

Not shown: 1 closed port

PORT   STATE SERVICE

80/tcp open  http



Nmap scan report for new-host-2.home (192.168.1.16)

Host is up (0.013s latency).

PORT   STATE SERVICE

22/tcp open  ssh

80/tcp open  http



Nmap done: 254 IP addresses (7 hosts up) scanned in 3.78 seconds


What I'm looking for is output simply like:



192.168.1.16


as the above host is the only one with ALL the ports open.



I certainly can post-process the output, but I don't want to rely on the output format of nmap, I'd rather have nmap do it, if there is a way.






ip tcp scanner nmap







share|improve this question






















  • If you want to test only one port, 'nmap -p 22 | grep -B3 open' is a easy way.
    – Luciano Andress Martini
    Aug 29 '17 at 19:34















up vote
13
down vote

favorite
3









up vote
13
down vote

favorite
3






3





Can nmap list all hosts on the local network that have both SSH and HTTP open? To do so, I can run something like:



nmap 192.168.1.1-254 -p22,80 --open


However, this lists hosts that have ANY of the list ports open, whereas I would like hosts that have ALL of the ports open. In addition, the output is quite verbose:



# nmap 192.168.1.1-254 -p22,80 --open



Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-31 10:14 EST

Nmap scan report for Wireless_Broadband_Router.home (192.168.1.1)

Host is up (0.0016s latency).

Not shown: 1 closed port

PORT   STATE SERVICE

80/tcp open  http



Nmap scan report for new-host-2.home (192.168.1.16)

Host is up (0.013s latency).

PORT   STATE SERVICE

22/tcp open  ssh

80/tcp open  http



Nmap done: 254 IP addresses (7 hosts up) scanned in 3.78 seconds


What I'm looking for is output simply like:



192.168.1.16


as the above host is the only one with ALL the ports open.



I certainly can post-process the output, but I don't want to rely on the output format of nmap, I'd rather have nmap do it, if there is a way.






ip tcp scanner nmap







share|improve this question













Can nmap list all hosts on the local network that have both SSH and HTTP open? To do so, I can run something like:



nmap 192.168.1.1-254 -p22,80 --open


However, this lists hosts that have ANY of the list ports open, whereas I would like hosts that have ALL of the ports open. In addition, the output is quite verbose:



# nmap 192.168.1.1-254 -p22,80 --open



Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-31 10:14 EST

Nmap scan report for Wireless_Broadband_Router.home (192.168.1.1)

Host is up (0.0016s latency).

Not shown: 1 closed port

PORT   STATE SERVICE

80/tcp open  http



Nmap scan report for new-host-2.home (192.168.1.16)

Host is up (0.013s latency).

PORT   STATE SERVICE

22/tcp open  ssh

80/tcp open  http



Nmap done: 254 IP addresses (7 hosts up) scanned in 3.78 seconds


What I'm looking for is output simply like:



192.168.1.16


as the above host is the only one with ALL the ports open.



I certainly can post-process the output, but I don't want to rely on the output format of nmap, I'd rather have nmap do it, if there is a way.






ip tcp scanner nmap




ip tcp scanner nmap






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 31 '15 at 15:20









Brian

1,0071411




1,0071411












  • If you want to test only one port, 'nmap -p 22 | grep -B3 open' is a easy way.
    – Luciano Andress Martini
    Aug 29 '17 at 19:34




















  • If you want to test only one port, 'nmap -p 22 | grep -B3 open' is a easy way.
    – Luciano Andress Martini
    Aug 29 '17 at 19:34


















If you want to test only one port, 'nmap -p 22 | grep -B3 open' is a easy way.
– Luciano Andress Martini
Aug 29 '17 at 19:34






If you want to test only one port, 'nmap -p 22 | grep -B3 open' is a easy way.
– Luciano Andress Martini
Aug 29 '17 at 19:34












3 Answers
3






active

oldest

votes

















up vote
7
down vote



accepted










There is not a way to do that within Nmap, but your comment about not wanting "to rely on the output format of nmap" lets me point out that Nmap has two stable output formats for machine-readable parsing. The older one is Grepable output (-oG), which works well for processing with perl, awk, and grep, but is missing some of the more advanced output (like NSE script output, port reasons, traceroute, etc.). The more complete format is XML output (-oX), but it may be overkill for your purposes.



You can either save these outputs to files with -oG, -oX, or -oA (both formats plus "normal" text output), or you can send either one straight to stdout: nmap 192.168.1.1-254-p22,80 --open -oG - | awk '/22/open.*80/open/{print $2}'






share|improve this answer

















  • 1




    That's perfect, just what I was looking for (the -oG -)
    – Brian
    Dec 31 '15 at 17:03


















up vote
2
down vote













Consider also this awk one-liner:



nmap -Pn -oG -p22,80,443,445 - 100.100.100.100 | awk '/open/{ s = ""; for (i = 5; i <= NF-4; i++) s = s substr($i,1,length($i)-4) "n"; print $2 " " $3 "n" s}'


It will print you all the hosts with all specified opened ports like this:



 100.100.100.100 (some-domain.com)

 22/open/tcp//ssh

 80/open/tcp//http

 443/open/tcp//microsoft-ds

 445/open/tcp//https-alt





share|improve this answer























  • You must have added -p after testing this. The '-' on the command line belongs right after -oG
    – Wayne
    Nov 26 '17 at 10:47


















up vote
0
down vote













Try:
nmap --open -p 22,80 192.168.1.1-254 -oG - | grep "/open" | awk '{ print $2 }'



This will scan for your ports in your range and pipe the output in greppable format looking for open ports, then print the ip addresses that fit any of that criteria.






share|improve this answer








New contributor




Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • Welcome to U&L! Note that the accepted answer from ~3 years ago has a simpler version of this where it uses awk to grep and print.
    – Jeff Schaller
    2 days ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f252517%2fcan-nmap-display-only-hosts-with-specific-ports-open%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
7
down vote



accepted










There is not a way to do that within Nmap, but your comment about not wanting "to rely on the output format of nmap" lets me point out that Nmap has two stable output formats for machine-readable parsing. The older one is Grepable output (-oG), which works well for processing with perl, awk, and grep, but is missing some of the more advanced output (like NSE script output, port reasons, traceroute, etc.). The more complete format is XML output (-oX), but it may be overkill for your purposes.



You can either save these outputs to files with -oG, -oX, or -oA (both formats plus "normal" text output), or you can send either one straight to stdout: nmap 192.168.1.1-254-p22,80 --open -oG - | awk '/22/open.*80/open/{print $2}'






share|improve this answer

















  • 1




    That's perfect, just what I was looking for (the -oG -)
    – Brian
    Dec 31 '15 at 17:03















up vote
7
down vote



accepted










There is not a way to do that within Nmap, but your comment about not wanting "to rely on the output format of nmap" lets me point out that Nmap has two stable output formats for machine-readable parsing. The older one is Grepable output (-oG), which works well for processing with perl, awk, and grep, but is missing some of the more advanced output (like NSE script output, port reasons, traceroute, etc.). The more complete format is XML output (-oX), but it may be overkill for your purposes.



You can either save these outputs to files with -oG, -oX, or -oA (both formats plus "normal" text output), or you can send either one straight to stdout: nmap 192.168.1.1-254-p22,80 --open -oG - | awk '/22/open.*80/open/{print $2}'






share|improve this answer

















  • 1




    That's perfect, just what I was looking for (the -oG -)
    – Brian
    Dec 31 '15 at 17:03













up vote
7
down vote



accepted







up vote
7
down vote



accepted






There is not a way to do that within Nmap, but your comment about not wanting "to rely on the output format of nmap" lets me point out that Nmap has two stable output formats for machine-readable parsing. The older one is Grepable output (-oG), which works well for processing with perl, awk, and grep, but is missing some of the more advanced output (like NSE script output, port reasons, traceroute, etc.). The more complete format is XML output (-oX), but it may be overkill for your purposes.



You can either save these outputs to files with -oG, -oX, or -oA (both formats plus "normal" text output), or you can send either one straight to stdout: nmap 192.168.1.1-254-p22,80 --open -oG - | awk '/22/open.*80/open/{print $2}'






share|improve this answer












There is not a way to do that within Nmap, but your comment about not wanting "to rely on the output format of nmap" lets me point out that Nmap has two stable output formats for machine-readable parsing. The older one is Grepable output (-oG), which works well for processing with perl, awk, and grep, but is missing some of the more advanced output (like NSE script output, port reasons, traceroute, etc.). The more complete format is XML output (-oX), but it may be overkill for your purposes.



You can either save these outputs to files with -oG, -oX, or -oA (both formats plus "normal" text output), or you can send either one straight to stdout: nmap 192.168.1.1-254-p22,80 --open -oG - | awk '/22/open.*80/open/{print $2}'







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 31 '15 at 16:48









bonsaiviking

1,969912




1,969912








  • 1




    That's perfect, just what I was looking for (the -oG -)
    – Brian
    Dec 31 '15 at 17:03














  • 1




    That's perfect, just what I was looking for (the -oG -)
    – Brian
    Dec 31 '15 at 17:03








1




1




That's perfect, just what I was looking for (the -oG -)
– Brian
Dec 31 '15 at 17:03




That's perfect, just what I was looking for (the -oG -)
– Brian
Dec 31 '15 at 17:03












up vote
2
down vote













Consider also this awk one-liner:



nmap -Pn -oG -p22,80,443,445 - 100.100.100.100 | awk '/open/{ s = ""; for (i = 5; i <= NF-4; i++) s = s substr($i,1,length($i)-4) "n"; print $2 " " $3 "n" s}'


It will print you all the hosts with all specified opened ports like this:



 100.100.100.100 (some-domain.com)

 22/open/tcp//ssh

 80/open/tcp//http

 443/open/tcp//microsoft-ds

 445/open/tcp//https-alt





share|improve this answer























  • You must have added -p after testing this. The '-' on the command line belongs right after -oG
    – Wayne
    Nov 26 '17 at 10:47















up vote
2
down vote













Consider also this awk one-liner:



nmap -Pn -oG -p22,80,443,445 - 100.100.100.100 | awk '/open/{ s = ""; for (i = 5; i <= NF-4; i++) s = s substr($i,1,length($i)-4) "n"; print $2 " " $3 "n" s}'


It will print you all the hosts with all specified opened ports like this:



 100.100.100.100 (some-domain.com)

 22/open/tcp//ssh

 80/open/tcp//http

 443/open/tcp//microsoft-ds

 445/open/tcp//https-alt





share|improve this answer























  • You must have added -p after testing this. The '-' on the command line belongs right after -oG
    – Wayne
    Nov 26 '17 at 10:47













up vote
2
down vote










up vote
2
down vote









Consider also this awk one-liner:



nmap -Pn -oG -p22,80,443,445 - 100.100.100.100 | awk '/open/{ s = ""; for (i = 5; i <= NF-4; i++) s = s substr($i,1,length($i)-4) "n"; print $2 " " $3 "n" s}'


It will print you all the hosts with all specified opened ports like this:



 100.100.100.100 (some-domain.com)

 22/open/tcp//ssh

 80/open/tcp//http

 443/open/tcp//microsoft-ds

 445/open/tcp//https-alt





share|improve this answer














Consider also this awk one-liner:



nmap -Pn -oG -p22,80,443,445 - 100.100.100.100 | awk '/open/{ s = ""; for (i = 5; i <= NF-4; i++) s = s substr($i,1,length($i)-4) "n"; print $2 " " $3 "n" s}'


It will print you all the hosts with all specified opened ports like this:



 100.100.100.100 (some-domain.com)

 22/open/tcp//ssh

 80/open/tcp//http

 443/open/tcp//microsoft-ds

 445/open/tcp//https-alt






share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 8 '17 at 20:22

























answered Jul 22 '17 at 17:43









Suncatcher

14414




14414












  • You must have added -p after testing this. The '-' on the command line belongs right after -oG
    – Wayne
    Nov 26 '17 at 10:47


















  • You must have added -p after testing this. The '-' on the command line belongs right after -oG
    – Wayne
    Nov 26 '17 at 10:47
















You must have added -p after testing this. The '-' on the command line belongs right after -oG
– Wayne
Nov 26 '17 at 10:47




You must have added -p after testing this. The '-' on the command line belongs right after -oG
– Wayne
Nov 26 '17 at 10:47










up vote
0
down vote













Try:
nmap --open -p 22,80 192.168.1.1-254 -oG - | grep "/open" | awk '{ print $2 }'



This will scan for your ports in your range and pipe the output in greppable format looking for open ports, then print the ip addresses that fit any of that criteria.






share|improve this answer








New contributor




Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • Welcome to U&L! Note that the accepted answer from ~3 years ago has a simpler version of this where it uses awk to grep and print.
    – Jeff Schaller
    2 days ago















up vote
0
down vote













Try:
nmap --open -p 22,80 192.168.1.1-254 -oG - | grep "/open" | awk '{ print $2 }'



This will scan for your ports in your range and pipe the output in greppable format looking for open ports, then print the ip addresses that fit any of that criteria.






share|improve this answer








New contributor




Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • Welcome to U&L! Note that the accepted answer from ~3 years ago has a simpler version of this where it uses awk to grep and print.
    – Jeff Schaller
    2 days ago













up vote
0
down vote










up vote
0
down vote









Try:
nmap --open -p 22,80 192.168.1.1-254 -oG - | grep "/open" | awk '{ print $2 }'



This will scan for your ports in your range and pipe the output in greppable format looking for open ports, then print the ip addresses that fit any of that criteria.






share|improve this answer








New contributor




Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









Try:
nmap --open -p 22,80 192.168.1.1-254 -oG - | grep "/open" | awk '{ print $2 }'



This will scan for your ports in your range and pipe the output in greppable format looking for open ports, then print the ip addresses that fit any of that criteria.







share|improve this answer








New contributor




Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer






New contributor




Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered 2 days ago









Marshall Hallenbeck

1




1




New contributor




Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Marshall Hallenbeck is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Welcome to U&L! Note that the accepted answer from ~3 years ago has a simpler version of this where it uses awk to grep and print.
    – Jeff Schaller
    2 days ago


















  • Welcome to U&L! Note that the accepted answer from ~3 years ago has a simpler version of this where it uses awk to grep and print.
    – Jeff Schaller
    2 days ago
















Welcome to U&L! Note that the accepted answer from ~3 years ago has a simpler version of this where it uses awk to grep and print.
– Jeff Schaller
2 days ago




Welcome to U&L! Note that the accepted answer from ~3 years ago has a simpler version of this where it uses awk to grep and print.
– Jeff Schaller
2 days ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f252517%2fcan-nmap-display-only-hosts-with-specific-ports-open%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Accessing regular linux commands in Huawei's Dopra Linux

Image
4 Backstory: I have a Huawei HG8245 router in my house and I want to change the default username/password. I've tried following this guide but the config file always gets reset. My ISP isn't helping either so I'm looking for other ways to accomplish this. The router has telnet access so this seems like a way to change the credentials. The first shell I gain access to looks like this: WAP> Pressing "?" gives me a list of available commands which I've pasted here, the two interesting ones are "su" and "shell". I can't seem to get su access, even after logging in as root (challenge password prompt, and then nothing happens), but shell gives me a proper linux shell. WAP>shell BusyBox v1.18.4 (2017-12-26 17:06:34 CST) built-in shell (ash) Enter 'hel...
Read more

Can't connect RFCOMM socket: Host is down

Image
up vote 3 down vote favorite I have bluez 5.4.3 and I am attempting to communicate with a ble device through minicom. These two deceives (my computer and a bluno nano) are alreadt paired and this has been my method so far. #bluetoothctl # pair xx:xx:xx:xx:xx:xx # exit Everything is working well so far then... #sudo rfcomm connect /dev/rfcomm0 xx:xx:xx:xx:xx:xx 1 & [1] 3665 Can't connect RFCOMM socket: Host is down Does anyone know how to resolve this issue? Any help would be very much appreciated. bluetooth bluez share | improve this question asked Feb 9 '17 at 18:46 Brandon Knape 46 2 ...
Read more

Kernel panic - not syncing: Fatal Exception in Interrupt

Image
0 Every day this error occured on my pc, kernel panic error on interrupt, what will be the problem? linux-mint share asked 6 mins ago Vinod Selvin Vinod Selvin 1 1 New contributor Vinod Selvin is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment ...
Read more