Can nmap display only hosts with specific ports open?
There is not a way to do that within Nmap, but your comment about not wanting "to rely on the output format of nmap" lets me point out that Nmap has two stable output formats for machine-readable parsing. The older one is Grepable output (-oG
), which works well for processing with perl, awk, and grep, but is missing some of the more advanced output (like NSE script output, port reasons, traceroute, etc.). The more complete format is XML output (-oX
), but it may be overkill for your purposes.
You can either save these outputs to files with -oG
, -oX
, or -oA
(both formats plus "normal" text output), or you can send either one straight to stdout: nmap 192.168.1.1-254-p22,80 --open -oG - | awk '/22\/open.*80\/open/{print $2}'
Try the following command:
nmap --open -p 22,80 192.168.1.1-254 -oG - | grep "/open" | awk '{ print $2 }'
This will scan for your ports in your range and pipe the output in greppable format looking for open ports, then print the IP addresses that fit any of that criteria.
Consider also this awk
one-liner:
nmap -Pn -oG -p22,80,443,445 - 100.100.100.100 | awk '/open/{ s = ""; for (i = 5; i <= NF-4; i++) s = s substr($i,1,length($i)-4) "\n"; print $2 " " $3 "\n" s}'
It will print you all the hosts with all specified opened ports like this:
100.100.100.100 (some-domain.com)
22/open/tcp//ssh
80/open/tcp//http
443/open/tcp//microsoft-ds
445/open/tcp//https-alt