nmap
nmap copied to clipboard
nmap
[Feature Request] Output in JSON format (New flag -oJ)
So far there is no flag to save the Nmap output in JSON format. I think it would be helpful if Nmap can output in JSON format as JSON has become a popular notation these days. (
masscan supports it, and I could use xml2json to get some stuff from nmap, but a straight json output would be much much appreciated
To be honest, this is very unlikely to happen unless someone performs a refactor and overhaul of Nmap's output system entirely. As it is, output is a hodgepodge of log_write calls and xml.cc function calls with a lot of attached logic (see printportoutput in output.cc for example). Cluttering this up with yet another set of functions is not feasible; we'd want some sort of object-oriented approach where a set of different formatter objects are passed the data to be output in a single call.
Until that time, the best approach to get JSON output is to format it from the standard XML output.
Even the standard XML output leaves a lot to be desired. For example, port discovery in XML outputs a tiny text-based table it seems, rather than each item being defined clearly. I would be fine with XML output if I felt it would be easily transferable to json.
@dkran I don't understand what you mean. But if you have a suggestion for improvement to the XML output, you could make a separate issue or discuss it on the nmap-dev mailing list or #nmap IRC channel (Freenode).
Very good. I'll take some time and see how I may format the output to a more "JSONable" output from xml. I'm unfamiliar with it so I'll take my time
JSON would be really helpful. The vast majority of modern applications work with JSON instead of XML. JSON seems to be the de facto standard.
I did write a node.js nmap2json module, it process the XML files fairly well, but needs a little more work, but for most purposes it parses the nmap output pretty darn well
here is the xml parser I wrote. I could modify it to work as a command line program, and I have some updates I have to push (I think I did push them but didn't update version so feel free to use the master branch. it should work on any single-host scan very well. I get highly detailed output, but the module does need a little work to be "perfect". I think it'll give you everything you want right off the bat though. Not sure if I have support for multiple hosts though, so try to run it on an xml file for one ip at a time. I'm working more on a complicated scanner right now, using masscan to find the services, then nmap to service discover the ports, do reverse lookups, etc. I'm kind of doing it in a microservice design. My end-game is constant internet-wide census. people say zmap is the way to go, but I highly disagree. You don't get near the detail. Unless all you want to scan is http servers.
Here is another tool that I wrote which might help you to convert nmap xml to JSON, CSV, html or markdown:
https://github.com/vdjagilev/nmap-formatter
Combining this with jq tool is quite interesting, for example, display hosts only where http services are running:
nmap-formatter nmap.xml json | jq '.Host[]? | . as $host | .Ports?.Port[]? | select(.Service.Name== "http") | $host.HostAddress.Address' | uniq -c
Output should be:
1 "192.168.1.1"
1 "192.168.1.2"
2 "192.168.1.3"
I integrated nmap in an embedded device with limited amount of resources, the libraries to interpret xml output have a considerable footprint. With a JSON output I could recover ~20 MB of space.
Theres a patch https://seclists.org/nmap-dev/2021/q1/4 but things seem to have diverged just enough since then to prevent it from compiling. (comes close tho). Probably could get it to work again after a bit of effort.
I was able to compile it with this patch that @jstaursky says and even containerize it into a nice Docker container but it does not seems to work neither. It looks like it's not parsing the option properly as it tries to resolve the filename specified with -oJ <filename>
It does not even appears on the --help.
All the other outputs work properly.
any news on this? 🤔
if it helps and somebody is interested on trying:
FROM alpine:latest
RUN apk update && apk add gcc make libc-dev openssl-dev libssh2-dev autoconf g++ linux-headers patch
COPY nmap-7.92.tar.bz2 /usr/src/
RUN cd /usr/src/ && tar -xjvf nmap-7.92.tar.bz2
RUN cd /usr/src/nmap-7.92 && wget https://seclists.org/nmap-dev/2021/q1/att-4/nmap_patch.gz && gzip -d nmap_patch.gz && patch -p0 nmap_patch && ./configure --with-json=yes && make
CMD sleep 3600
A solution if you have IVRE (repository) installed* is to run ivre scan2db --test [your_file.xml]: using --test produces a JSON output rather than inserting the scan result in a database.
The beauty is that it will create a similar result (same JSON schema, attempt to match output & values) for Nmap and for other scanners (so far Masscan, Dismap, Zgrab2, Zdns, Nuclei, Httpx and Dnsx, as well as exports from Shodan).
Hope this helps
(*) I know it may look hard but installing IVRE on Kali is as easy as apt install ivre, on BlackArch pacman -S ivre, on Arch Linux yay -S ivre, and everywhere else pip install ivre.
jc can convert NMAP's XML output to JSON (or YAML) as well:
https://github.com/kellyjonbrazil/jc/wiki/Tips-and-Tricks#example-nmap-xml-output
# nmap -T4 -A -p 1-1000 -oX - scanme.nmap.org | jc --xml
