Nmap Log Stripp3r program is intended to be a way to condense all, or some, of the IPs of a "random" nmap scan into a file for later usage.
Common uses are to be able to feed the file back into nmap with the -iL switch, or feeding it into another port or vulnerability scanner of your choice.
Stripp3r supports stripping the nmap log of all but the IPs of hosts running a certain service, a version of a service, or even an arbitrary banner, and writing them to a file.
This is intended to be a way to condense all the IPs of a "random" Nmap scan into a file for later useage. Common uses are to be able to feed the file back into Nmap it's self with the -iL switch, or feeding it into another port or vulnerability scanner.
Useage: ./stripp3r < logfile > < output > "< version string >" -v
Pretty simple. First, you must run an Nmap scan, on random hosts.
Ex. nmap -p 80 -sV -v -iR 500000 -oN nmaplogfile.nmap
This will tell nmap to do a scan service scan of 500,000 random IP addresses for the port 80, vobosely, and save the log to a file named nmaplogfile.nmap. You can change this around, eg, scanning a different service port (if say, you were looking for computers running FTP, you would scan for port 21 instead of 80 for HTTP), scanning a different number of hosts (500,000 or so is good, takes a few hours ususally though), or saving the log file to a different filename.
Nmap will then save a list of hosts that were "up" to a log file, with some informaiton about them, specifically weather the port that you specified was open, closed, or filtered. We are interested in "open" ports, so by default, Stripp3r will take all the log
enteries that have the port your specified listed as "open" and condense them into a file, listing only the IPs, one on each line.
Ex. ./stripp3r nmaplogfile.nmap output.ips
You can be more specific, and have Stripp3r put only the IPs that are running a certain service in the output file. The service string will only register the strings matching EXACTLY, so be careful to get the case and such correct.
apache httpd 1.3.27 (wont work)
Apache 1.3.27 (wont work)
Apache httpd 1.3.27 (works!)
Ex. ./stripp3r nmaplogfile.nmap output.ips "Apache httpd 1.3.27"
If you want to try it with verbosity, say
Ex. ./stripp3r nmaplogfile.nmap output.ips "Apache httpd 1.3.27" -v
And stripp3r will print out what it finds, along with writing it to the file.
You may change, copy, and reproduce this file, as long as the author is given credit for the initial writing of the code.