Make an Incomplete Nmap .xml File Usable Again

Posted on by Brent White

Make an Incomplete Nmap Scan .xml File Usable for Rawr and Other Applications That Accept .csv File-types

This is a very non-technical how-to for newcomers who have found themselves in a situation where for some reason or another, their Nmap scan wasn’t able to complete. This can be a problem when you were planning on feeding that .xml file into another application for further enumeration.

Perhaps you’re on an assessment with many web applications in scope and you’re trying to enumerate items quickly. Using a tool such as RAWR (Rapid Assessment of Web Resources) can drastically help cut down the time that it would take to manually identify which apps are worth attacking or not by quickly creating thumbnails of each “http” service identified in your Nmap scan. It also creates some nice reports to help you find good targets such as Tomcat, JBoss, and any other admin panels that might be nice. However, if your Nmap scan didn’t finish, then an application such as RAWR, will not be able to use it.
😦   It’s okay. The instructions below give a quick way to fix this. (Hooray!)

Here are some very quick, simple steps for getting your incomplete Nmap .xml file into a usable format for intelligence gathering apps like Rawr (https://bitbucket.org/al14s/rawr).

Step 1:

You start Nmap (of course) to search for web services. Here is an example Nmap scan that I run to quickly enumerate the most popular HTTP ports, and spit them out various file formats, including .xml, .nmap, and .gnmap.

nmap -g 53 -n -sS -Pn -p 80,443,8000,8080,8443 --open -oA /root/Desktop/web 10.0.0.0/16

1.png

If the .xml file is from a scan that doesn’t finish, Rawr or other programs can’t use it.
2.png

3.png
BUMMER!  😦

Step 2:

Import the .xml file into Metasploit.
From the msfconsole, type:

db_import /path/to/your/file.xml

4.png

Step 3:

Now we need to clean the results to remove all closed and filtered ports that were just imported from the web.xml file.
From the msfconsole, type:

resource port_cleaner.rc

5.png

Step 4:

Now it’s time to export the file in the .csv format, which is still acceptable in the RAWR application.
To export the nmap results as a usable .csv file, type the following command in the msfconsole:

services -o /path/where/your/new/file/goes/whatever-filename.csv

6.png

Step 5:

With our new .csv file, we’re ready to run it through RAWR, using this command:

./rawr /path/where/your/new/file/goes/whatever-filename.csv

7.pngHOORAY!!!

 

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.