NAME

portinfo - quickly scans multiple hosts to determine port information

SYNOPSIS

portinfo.pl [OPTS] <IP_ADDR> [<IP.ADDR> ...]

DESCRIPTION

This script uses the nmap security scanner with the Nmap::Parser module in order to run a quick PING sweep against specific hosts. It takes in a nmap xml file and outputs onto STDOUT and a file the all the ports that were scanned and found by nmap, their different states and services -- all in a comma delimited output. This script uses the -sV output to get version information of the services running on a machine. This requires nmap version 3.49+

OPTIONS

These options are passes as command line parameters.

-i nmapscan.xml

Runs the script using the given xml file (which is nmap xml scan data) instead of actually running a scan against the given set of hosts. This is useful if you only have the xml data on a given machine, and not nmap.

--fast

Runs a fast (-F) nmap scan against the host.

-h,--help,-?

Shows this help information.

-L ips.txt

Reads IP addresses from filename.txt to run a scan against. The IP addresses should be in the target specification format explained below.

-o outputfile.csv

Changes the output filename of the comma delimited file that is produced by the script.

-v

This runs the script in verbose mode. The more times used, the more verbose the script will be.

TARGET SPECIFICATION

This documentation was taken from the nmap man page. The IP address inputs to this scripts should be in the nmap target specification format.

The simplest case is listing single hostnames or IP addresses onthe command line. If you want to scan a subnet of IP addresses, you can append '/mask' to the hostname or IP address. mask must be between 0 (scan the whole internet) and 32 (scan the single host specified). Use /24 to scan a class 'C' address and /16 for a class 'B'.

You can use a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class 'B' network 128.210.*.* by specifying '128.210.*.*' or '128.210.0-255.0-255' or even use the mask notation: '128.210.0.0/16'. These are all equivalent. If you use asterisks ('*'), remember that most shells require you to escape them with back slashes or protect them with quotes.

Another interesting thing to do is slice the Internet the other way.

Examples:

portinfo.pl 127.0.0.1
portinfo.pl target.example.com
portinfo.pl target.example.com/24
portinfo.pl 10.210.*.1-127
portinfo.pl *.*.2.3-5
portinfo.pl 10.[10-15].10.[2-254]

OUTPUT EXAMPLE

These are ONLY examples of how the output would look like. It follows the conventions of:

(IP, PORT_ID, STATE, PROTO, SERVICE, PRODUCT, VERSION, EXTRA, OS_FAMILIES)

 127.0.0.1,22,filtered,tcp,ssh,OpenSSH,3.5p1,protocol 1.99,linux
 127.0.0.1,25,filtered,tcp,smtp,Sendmail,8,,linux
 127.0.0.1,111,open,udp,rpcbind,,,,linux
 127.0.0.1,937,closed,udp,unknown,,,,linux
 127.0.0.4,22,filtered,tcp,ssh,OpenSSH,3.5p1,protocol 1.99,
 127.0.0.6,22,open,tcp,ssh,OpenSSH,3.5p1,protocol 1.99,solaris,switch
 127.0.0.6,23,filtered,tcp,telnet,,,,solaris,switch
 127.0.0.6,80,open,tcp,http,,,,solaris,switch

The default output filename is: portinfo_out.csv

BUG REPORTS

Please submit any bugs to: http://sourceforge.net/tracker/?group_id=97509&atid=618345

Please make sure that you submit the xml-output file of the scan which you are having trouble. This can be done by running your scan with the -oX filename.xml nmap switch. Please remove any important IP addresses for security reasons.

SEE ALSO

Nmap::Parser

The Nmap::Parser page can be found at: http://www.nmapparser.com or http://npx.sourceforge.net. It contains the latest developments on the module. The nmap security scanner homepage can be found at: http://www.insecure.org/nmap/.

AUTHOR

Anthony G Persaud <ironstar@iastate.edu> http://www.anthonypersaud.com

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

http://www.opensource.org/licenses/gpl-license.php

1 POD Error

The following errors were encountered while parsing the POD:

Around line 276:

=back doesn't take any parameters, but you said =back 4