Make an Incomplete Nmap Scan .xml File Usable for Rawr and Other Applications That Accept .csv File-types
This is a very non-technical how-to for newcomers who have found themselves in a situation where for some reason or another, their Nmap scan wasn’t able to complete. This can be a problem when you were planning on feeding that .xml file into another application for further enumeration.
Perhaps you’re on an assessment with many web applications in scope and you’re trying to enumerate items quickly. Using a tool such as RAWR (Rapid Assessment of Web Resources) can drastically help cut down the time that it would take to manually identify which apps are worth attacking or not by quickly creating thumbnails of each “http” service identified in your Nmap scan. It also creates some nice reports to help you find good targets such as Tomcat, JBoss, and any other admin panels that might be nice. However, if your Nmap scan didn’t finish, then an application such as RAWR, will not be able to use it.
😦 It’s okay. The instructions below give a quick way to fix this. (Hooray!)
Here are some very quick, simple steps for getting your incomplete Nmap .xml file into a usable format for intelligence gathering apps like Rawr (https://bitbucket.org/al14s/rawr).
Step 1:
You start Nmap (of course) to search for web services. Here is an example Nmap scan that I run to quickly enumerate the most popular HTTP ports, and spit them out various file formats, including .xml, .nmap, and .gnmap.
nmap -g 53 -n -sS -Pn -p 80,443,8000,8080,8443 --open -oA /root/Desktop/web 10.0.0.0/16
If the .xml file is from a scan that doesn’t finish, Rawr or other programs can’t use it.
BUMMER! 😦
Step 2:
Import the .xml file into Metasploit.
From the msfconsole, type:
db_import /path/to/your/file.xml
Step 3:
Now we need to clean the results to remove all closed and filtered ports that were just imported from the web.xml file.
From the msfconsole, type:
resource port_cleaner.rc
Step 4:
Now it’s time to export the file in the .csv format, which is still acceptable in the RAWR application.
To export the nmap results as a usable .csv file, type the following command in the msfconsole:
services -o /path/where/your/new/file/goes/whatever-filename.csv
Step 5:
With our new .csv file, we’re ready to run it through RAWR, using this command:
./rawr /path/where/your/new/file/goes/whatever-filename.csv
HOORAY!!!