Parsing Nmap scans and NSE script outputs
A key part of any infrastructure assessment is performing scans to assess internal and external network exposure of services and devices. It’s easy to get lost in the avalanche of information often returned from these scans - even from distinctly “simple” tools like Nmap. In response to this, I developed a stateful parser to squash the overzealous XML output from standard Nmap scans and some common NSE scripts into a semblance of order by exporting it to JSON, after selectively mangling.
The first motivation for performing what is essentially a format conversion is that I am a Python addict and dealing with tag-based data structures gives me nightmares. JSON, by contrast, is a more flexible format and fits neatly into the Python
dict() structure. The second motivation stems from other project ideas which require the parsing of Nmap scans into Python objects.
Meet the parser
As with any Python project, I had to shoehorn py into the project name so… meet pyrsemap. This is definitely a working title and one I intend to change because it sounds like a type of handbag. pyrsemap will consume any number of Nmap
.xml files and return a combined JSON object to
stdout and supports the following NSE scripts:
stdout functionality is expected to remain through future releases so feel free to write scripts to ingest the JSON output and fiddle with it as you see fit without concern that the expected output will change. Development plans include a prettify/format option to condense scan contents into a human-readable format e.g. HTML, PDF, Word.
The scripts use
type hinting which are only supported by Python 3.7+. If it is impossible for you to export your Nmap scans to an environment with Python 3.7 (try pyenv), it should be straightforward to modify the script to support an earlier 3.x version. I’m won’t do this myself because I have no desire to manage multiple versions but will assist anyone who wants to do it.