Using Nmap XML and HTML parsers to generate output for easy analysis

Nmap HTML and XML parsers and interfaces help you analyze and share Nmap results with your customers. This tip explains Nmap parsers and interfaces and how they can help you import output into a database or convert it into HTML.

How to organize Nmap output for easy analysis

    Requires Free Membership to View

For a security tool to be useful you have to be able to understand what it's telling you about the setup, security, or weak points of the system or network. With Nmap you can run very comprehensive tests. To analyze the results it is often best to have the output recorded in XML format so that it can be easily imported into a database or converted into HTML for analysis and human consumption.

You can have Nmap's output saved as XML by adding the -oX option to your Nmap command, as in:

nmap -A -oX scanreport.xml www.yourorg.com
To organize and make the XML output more presentable, you can use the style sheet option (--stylesheet). The XML file will point to a style sheet for formatting and transformation using the eXtensible Stylesheet Language (XSL), which describes how the XML document should be displayed. Nmap includes a default XSL styles sheet called nmap.xsl, the latest version of which you can also reference by including the full URL in the command line:
nmap -A -oX --stylesheet http://insecure.org/nmap/data/nmap.xsl
scanreport.xml www.yourorg.com
Referencing a style sheet located on the Web enables you to view correctly formatted results on a machine that doesn't have Nmap or nmap.xsl installed. You can, of course, also opt to use your own style sheet.

The main advantage of Nmap being a command-line application is that it is easier to run from a script, and precise scans can be executed without having to set lots of different options. However this can be intimidating for new and infrequent users. NmapFE is a graphical X Window front end for Nmap. Most of its options correspond directly to Nmap options, allowing you to select your targets, set your scanning options and view the results of your scan. It also shows you the actual Nmap command you're creating on the command line, which is a great way to learn how to construct complex Nmap command line instructions.

Read more on Nmap parsers and interfaces.

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book
IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This tip originally appeared on SearchSecurity.com.

This was first published in December 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.