Save Nmap’s output

You can save Nmap’s output to a file. Three different formats are available:

  • XML output – can be converted to HTML and or imported into databases. The -oX filename flag is used to specify the output in this form:
root@kali:~# nmap -p21,22,80,135 -oX results.xml 192.168.5.102
root@kali:~# cat results.txt
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.01 scan initiated Sat Mar 5 19:10:30 2016 as: nmap -p21,22,80,135 -oX results.txt 192.168.5.102 -->
<nmaprun scanner="nmap" args="nmap -p21,22,80,135 -oX results.txt 192.168.5.102" start="1457201430" startstr="Sat Mar 5 19:10:30 2016" version="7.01" xmloutputversion="1.04">
<scaninfo type="syn" protocol="tcp" numservices="4" services="21-22,80,135"/>
<verbose level="0"/>
<debugging level="0"/>
<host starttime="1457201430" endtime="1457201431"><status state="up" reason="reset" reason_ttl="128"/>
<address addr="192.168.5.102" addrtype="ipv4"/>
<hostnames>
</hostnames>
<ports><port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="ftp" method="table" conf="3"/></port>
<port protocol="tcp" portid="22"><state state="closed" reason="reset" reason_ttl="128"/><service name="ssh" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="128"/><service name="msrpc" method="table" conf="3"/></port>
</ports>
<times srtt="127094" rttvar="252373" to="1136586"/>
</host>
<runstats><finished time="1457201431" timestr="Sat Mar 5 19:10:31 2016" elapsed="1.07" summary="Nmap done at Sat Mar 5 19:10:31 2016; 1 IP address (1 host up) scanned in 1.07 seconds" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>
  • grepable output – designed to be used by the Linux tool grep. It is invoked using the -oG flag:
root@kali:~# nmap -p21,22,80,135 -oG results.grep 192.168.5.102
root@kali:~# cat results.grep
# Nmap 7.01 scan initiated Sat Mar 5 19:12:44 2016 as: nmap -p21,22,80,135 -oG results.grep 192.168.5.102
Host: 192.168.5.102 () Status: Up
Host: 192.168.5.102 () Ports: 21/open/tcp//ftp///, 22/closed/tcp//ssh///, 80/open/tcp//http///, 135/open/tcp//msrpc///
# Nmap done at Sat Mar 5 19:12:45 2016 -- 1 IP address (1 host up) scanned in 1.05 seconds
root@kali:~#
  • human readable output – produces a normal output format. It is invoked with the -oN flag:
root@kali:~# nmap -p21,22,80,135 -oN results.txt 192.168.5.102
root@kali:~# cat results.txt
# Nmap 7.01 scan initiated Sat Mar 5 19:17:10 2016 as: nmap -p21,22,80,135 -oN results.txt 192.168.5.102
Nmap scan report for 192.168.5.102
Host is up (0.13s latency).
PORT STATE SERVICE
21/tcp open ftp
22/tcp closed ssh
80/tcp open http
135/tcp open msrpc
# Nmap done at Sat Mar 5 19:17:11 2016 -- 1 IP address (1 host up) scanned in 1.04 seconds

To output all three log files, use the -oA flag.
Geek University 2022