I was tasked with running a NMap scan against our corporate network and compiling a list of only live endpoints. My issue is how to go about separating out the hosts via their open ports (printer/endpoint). For example I want to remove all printers/hosts from the nmap output (-oN) file Corp.txt if port 9100 (printer) is open. The list must also maintain the host name/IP in relation to it's port numbers and open status.
Below is an example of the command I'm running and its output:
nmap -p 80,135,9100 -oN ~/Documents/Corp.txt 10.33.131.1/24 Nmap scan report for itbrn1745.domain.net (10.33.131.13) Host is up (0.91s latency). PORT STATE SERVICE 80/tcp closed http 135/tcp open msrpc 9100/tcp closed jetdirect Nmap scan report for itPC.domain.net (10.33.131.37) Host is up (0.0033s latency). PORT STATE SERVICE 80/tcp open http 135/tcp open msrpc 9100/tcp filtered jetdirect Nmap scan report for ap4403.a740 (10.33.131.56) Host is up (0.0046s latency). PORT STATE SERVICE 80/tcp open http 135/tcp filtered msrpc 9100/tcp open jetdirect
Any advice into the logic of compiling a list of only live endpoints on the network is greatly appreciated.
--open --script reverse-index
NSE flags and script from your nmap command-line