[英]Nmap: extract undesirable ports for sending mail with Batch and Blat
I use FINDSTR /C:"portid=" "scanports.xml"
to extract theses lines from a file: 我使用
FINDSTR /C:"portid=" "scanports.xml"
从文件中提取这些行:
<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ftp" method="table" conf="3"/></port>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ssh" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="https" method="table" conf="3"/></port>
<port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ms-term-serv" method="table" conf="3"/></port>
21
, 22
, 80
, 443
and 3389
from this line? 21
, 22
, 80
, 443
和3389
的这条线? [0-9]
except 21
, 22
, 80
, 443
and 3389
? [0-9]
21
[0-9]
, [0-9]
22
[0-9]
, [0-9]
80
[0-9]
, [0-9]
443
和[ 3389
[0-9]
外, [0-9]
的随机数是否存在相同问题? I want to send by email all opened ports usually not open. 我想通过电子邮件发送通常未打开的所有打开的端口。
You can use a second FINDSTR to filter out the "normally open" ports. 您可以使用第二个FINDSTR过滤掉“常开”端口。 The solution I show uses an external file to list the ports to exclude (the normally open ones).
我展示的解决方案使用一个外部文件列出要排除的端口(通常打开的端口)。 Alternatively the list could be specified on the command line as multiple
/C
options. 或者,可以在命令行上将该列表指定为多个
/C
选项。
ignore.txt (edit as needed) ignore.txt(根据需要进行编辑)
portid="21"
portid="22"
portid="80"
portid="443"
portid="3389"
findstr /c:"portid=" test.txt | findstr /r /v /g:"ignore.txt"
There is a bug with FINDSTR in that it may fail to find a match if there are multiple literal search strings of different lengths. FINDSTR存在一个错误,即如果存在多个不同长度的文字搜索字符串,则可能找不到匹配项。 That is the reason I chose to use the
/R
regular expression option. 这就是我选择使用
/R
正则表达式选项的原因。
If the format of the XML file is consistent then you can use FOR /F with DELIMS set to the quote character to pull out the 4th token. 如果XML文件的格式一致,则可以将FOR / F与DELIMS设置为引号字符一起使用,以提取第四个标记。 The syntax for specifying a FOR /F options with quote as a delimiter is odd: Normally you would do something like
"tokens=4 delims=,"
. 用引号作为分隔符来指定FOR / F选项的语法很奇怪:通常,您会执行类似
"tokens=4 delims=,"
。 But to include quote as a delimiter you have to do a bunch of escaping: tokens^=4^ delims^=^"
. 但是要使用quote作为分隔符,您必须进行一系列转义:
tokens^=4^ delims^=^"
。
Putting it all together you get 放在一起就可以
@echo off
for /f tokens^=4^ delims^=^" %%P in (
'findstr /c:"portid=" test.txt ^| findstr /r /v /g:"ignore.txt"'
) do (
echo unusual open port = %%P
)
exit /b
If the format (attribute order) of the XML can vary, then the solution is more complex. 如果XML的格式(属性顺序)可以变化,那么解决方案将更加复杂。 You first use an outer FOR /F to read the entire line into a variable.
您首先使用外部FOR / F将整行读入变量。 You use a SET * search and replace op to find the portid location within the string, and then a second FOR /F to parse out the actual port.
您可以使用SET *搜索并替换op来找到字符串中的portid位置,然后使用第二个FOR / F解析出实际的端口。
setlocal enableDelayedExpansion
for /f "delims=" %%L in (
'findstr /c:"portid=" test.txt ^| findstr /r /v /g:"ignore.txt"'
) do (
set "ln=%%L"
for /f delims^=^=^" %%A in ("!ln:*portid=!") do set port=%%A
echo unusual open port = !port!
)
Once you have the port ids isolated you are in a position to build your mail message. 一旦隔离了端口ID,就可以构建邮件了。 I recommend using Blat for Windows to send your email.
我建议使用Windows Blat发送电子邮件。
You could use FOR/F for parsing lines. 您可以使用FOR / F解析行。
FINDSTR /C:"portid=" "scanports.xml" > tmpFile.tmp
FOR /F "tokens=3 delims=>=" %%1 in (tmpFile.tmp) DO (
echo %%~1
)
This is a little cheating, but your batch file can call a VBScript script: 这有点作弊,但是您的批处理文件可以调用VBScript脚本:
c:\windows\system32\cscript.exe //nologo scanports.vbs
Where scanports.vbs is the following script: 其中scanports.vbs是以下脚本:
Option Explicit
Dim xml, port
Set xml = CreateObject("Microsoft.XMLDOM")
xml.load "scanports.xml"
For Each port in xml.documentElement.selectNodes("//port")
WScript.Echo port.getAttribute("portid")
Next
I finish my script with jeb's answer and this link . 我用jeb的答案和此链接来完成脚本。
@ECHO Off
SETLOCAL ENABLEDELAYEDEXPANSION
REM Blat options:
SET blat="C:\Program Files (x86)\blat276\full\blat.exe"
SET server=127.0.0.1
SET port=25
SET from=x@x.com
SET to=y@y.com
FOR %%i IN (1,1,9) DO (
"C:\Program Files (x86)\Nmap\nmap.exe" server%%i.com -oX scanports%%i.xml
FINDSTR /C:"portid=" scanports%%i.xml >> scanports%%itemp.txt
FOR /F "tokens=*" %%a IN (scanports%%itemp.txt) DO (
SET x=%%a
SET x=!x:"=/!
FOR /f "tokens=4,12 delims=/" %%a IN ("!x!") DO (
IF NOT %%a==21 IF NOT %%a==22 IF NOT %%a==80 IF NOT %%a==443 IF NOT %%a==3389 (
%blat% -server %server% -port %port% -f %from% -to %to% -html -s "Port ouvert sur server%%i" -body "Port %%a : %%b"
)
)
)
DEL scanports%%i.xml
DEL scanports%%itemp.txt
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.