While seeking out servers that needed to be patched for the WannaCry Ransomware attack yesterday, I ran a nmap scan on most of my company subnets.
The nmap output looks like this:
Nmap scan report for prelude.nyc.domain.com (172.16.0.9)
Host is up (0.00046s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
4045/tcp open lockd
13722/tcp open netbackup
13782/tcp open netbackup
13783/tcp open netbackup
32778/tcp open sometimes-rpc19
Device type: general purpose
Running: Sun Solaris 9|10
OS CPE: cpe:/o:sun:sunos:5.9 cpe:/o:sun:sunos:5.10
OS details: Sun Solaris 9 or 10 (SPARC)
Network Distance: 2 hops
Nmap scan report for cleburne.nyc.domain.com (172.16.0.10)
Host is up (0.00082s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
4045/tcp open lockd
32776/tcp open sometimes-rpc15
32779/tcp open sometimes-rpc21
Device type: general purpose
Running: Sun Solaris 9|10
OS CPE: cpe:/o:sun:sunos:5.9 cpe:/o:sun:sunos:5.10
OS details: Sun Solaris 9 or 10 (SPARC)
Network Distance: 2 hops
Nmap scan report for patton.nyc.domain.com (172.16.0.11)
Host is up (0.00041s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
1521/tcp open oracle
4045/tcp open lockd
13722/tcp open netbackup
13782/tcp open netbackup
13783/tcp open netbackup
Device type: general purpose
Running: Sun Solaris 9|10
OS CPE: cpe:/o:sun:sunos:5.9 cpe:/o:sun:sunos:5.10
OS details: Sun Solaris 9 or 10 (SPARC)
Network Distance: 2 hops
This will parse the file and yank out IP and OS details if you’re interested 🙂
#!/bin/python
###########################################
# BiffSocko
# parsenmap.py
#
# parses nmap output for IP and OS info
#
# NOTE: findwin is the nmap otput file
###########################################
ip=[]
osver=""
import re
foo=open("findwin",'r')
for i in foo:
ip=re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', i)
if("OS details" in i):
osver=i
if ip and osver:
print ip[0]+" "+osver
ip=[]
osver=""
exit(0)
