Nmap：使用 Batch 和 Blat 提取不需要的端口以发送邮件

发布于 2025-01-03 07:48:33 字数 1247 浏览 2 评论 0原文

上下文

我使用 FINDSTR /C:"portid=" "scanports.xml" 从文件中提取这些行：

<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ftp" method="table" conf="3"/></port>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ssh" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="https" method="table" conf="3"/></port>
<port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ms-term-serv" method="table" conf="3"/></port>

问题

如何提取 21, 22、80、443 和 3389 来自这一行？
对于 [0-9] 中的随机数有同样的问题，除了 21、22、80、443 和 3389？

我想通过电子邮件发送所有通常不打开的打开端口。

原文

Context

I use FINDSTR /C:"portid=" "scanports.xml" to extract theses lines from a file:

<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ftp" method="table" conf="3"/></port>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ssh" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="https" method="table" conf="3"/></port>
<port protocol="tcp" portid="3389"><state state="open" reason="syn-ack" reason_ttl="124"/><service name="ms-term-serv" method="table" conf="3"/></port>

Questions

How to extract 21, 22, 80, 443 and 3389 from this line?
Same question for a random number in [0-9] except 21, 22, 80, 443 and 3389?

I want to send by email all opened ports usually not open.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

呢古 2025-01-10 07:48:33

您可以使用第二个 FINDSTR 来过滤掉“常开”端口。我展示的解决方案使用外部文件来列出要排除的端口（常开端口）。或者，可以在命令行上将列表指定为多个 /C 选项。

ignore.txt（根据需要编辑）

portid="21"
portid="22"
portid="80"
portid="443"
portid="3389"

findstr /c:"portid=" test.txt | findstr /r /v /g:"ignore.txt"

FINDSTR 存在一个错误，如果存在多个不同长度的文字搜索字符串，它可能无法找到匹配项。这就是我选择使用 /R 正则表达式选项的原因。

如果 XML 文件的格式一致，则可以使用 FOR /F 并将 DELIMS 设置为引号字符来提取第四个标记。使用引号作为分隔符指定 FOR /F 选项的语法很奇怪：通常您会执行类似 "tokens=4 delims=," 的操作。但是要包含引号作为分隔符，您必须进行一系列转义：tokens^=4^ delims^=^"。

将它们放在一起，您

@echo off
for /f tokens^=4^ delims^=^" %%P in (
  'findstr /c:"portid=" test.txt ^| findstr /r /v /g:"ignore.txt"'
) do (
  echo unusual open port = %%P
)
exit /b

将得到 XML 的格式（属性顺序）可能会有所不同，那么解决方案会更复杂，首先使用外部 FOR /F 将整行读入变量，然后使用 SET * 搜索并替换 op 来查找字符串中的 portid 位置，然后使用第二个 FOR。 /F 解析隔离出实际端口

setlocal enableDelayedExpansion
for /f "delims=" %%L in (
  'findstr /c:"portid=" test.txt ^| findstr /r /v /g:"ignore.txt"'
) do (
  set "ln=%%L"
  for /f delims^=^=^" %%A in ("!ln:*portid=!") do set port=%%A
  echo unusual open port = !port!
)

后，我建议您使用 Blat for Windows 发送您的电子邮件。

You can use a second FINDSTR to filter out the "normally open" ports. The solution I show uses an external file to list the ports to exclude (the normally open ones). Alternatively the list could be specified on the command line as multiple /C options.

ignore.txt (edit as needed)

portid="21"
portid="22"
portid="80"
portid="443"
portid="3389"

findstr /c:"portid=" test.txt | findstr /r /v /g:"ignore.txt"

There is a bug with FINDSTR in that it may fail to find a match if there are multiple literal search strings of different lengths. That is the reason I chose to use the /R regular expression option.

If the format of the XML file is consistent then you can use FOR /F with DELIMS set to the quote character to pull out the 4th token. The syntax for specifying a FOR /F options with quote as a delimiter is odd: Normally you would do something like "tokens=4 delims=,". But to include quote as a delimiter you have to do a bunch of escaping: tokens^=4^ delims^=^".

Putting it all together you get

@echo off
for /f tokens^=4^ delims^=^" %%P in (
  'findstr /c:"portid=" test.txt ^| findstr /r /v /g:"ignore.txt"'
) do (
  echo unusual open port = %%P
)
exit /b

If the format (attribute order) of the XML can vary, then the solution is more complex. You first use an outer FOR /F to read the entire line into a variable. You use a SET * search and replace op to find the portid location within the string, and then a second FOR /F to parse out the actual port.

setlocal enableDelayedExpansion
for /f "delims=" %%L in (
  'findstr /c:"portid=" test.txt ^| findstr /r /v /g:"ignore.txt"'
) do (
  set "ln=%%L"
  for /f delims^=^=^" %%A in ("!ln:*portid=!") do set port=%%A
  echo unusual open port = !port!
)

Once you have the port ids isolated you are in a position to build your mail message. I recommend using Blat for Windows to send your email.

回复收藏 0 原文

一个人练习一个人 2025-01-10 07:48:33

您可以使用 FOR/F 来解析行。

FINDSTR /C:"portid=" "scanports.xml" > tmpFile.tmp

FOR /F "tokens=3 delims=>=" %%1 in (tmpFile.tmp) DO (
  echo %%~1
)

You could use FOR/F for parsing lines.

FINDSTR /C:"portid=" "scanports.xml" > tmpFile.tmp

FOR /F "tokens=3 delims=>=" %%1 in (tmpFile.tmp) DO (
  echo %%~1
)

回复收藏 0 原文

丶视觉 2025-01-10 07:48:33

这有点作弊，但是您的批处理文件可以调用 VBScript 脚本：

c:\windows\system32\cscript.exe //nologo scanports.vbs

其中 scanports.vbs 是以下脚本：

Option Explicit
Dim xml, port
Set xml = CreateObject("Microsoft.XMLDOM")
xml.load "scanports.xml"
For Each port in xml.documentElement.selectNodes("//port")
  WScript.Echo port.getAttribute("portid")
Next

This is a little cheating, but your batch file can call a VBScript script:

c:\windows\system32\cscript.exe //nologo scanports.vbs

Where scanports.vbs is the following script:

Option Explicit
Dim xml, port
Set xml = CreateObject("Microsoft.XMLDOM")
xml.load "scanports.xml"
For Each port in xml.documentElement.selectNodes("//port")
  WScript.Echo port.getAttribute("portid")
Next

回复收藏 0 原文

爱的那么颓废 2025-01-10 07:48:33

我用 jeb 的回答 和此链接。

代码：

@ECHO Off
SETLOCAL ENABLEDELAYEDEXPANSION

REM Blat options:
SET blat="C:\Program Files (x86)\blat276\full\blat.exe"
SET server=127.0.0.1
SET port=25
SET [email protected]
SET [email protected]

FOR %%i IN (1,1,9) DO (  
  "C:\Program Files (x86)\Nmap\nmap.exe" server%%i.com -oX scanports%%i.xml

  FINDSTR /C:"portid=" scanports%%i.xml >> scanports%%itemp.txt

  FOR /F "tokens=*" %%a IN (scanports%%itemp.txt) DO (
    SET x=%%a
    SET x=!x:"=/!
    FOR /f "tokens=4,12 delims=/" %%a IN ("!x!") DO (
      IF NOT %%a==21 IF NOT %%a==22 IF NOT %%a==80 IF NOT %%a==443 IF NOT %%a==3389 (
        %blat% -server %server% -port %port% -f %from% -to %to% -html -s "Port ouvert sur server%%i" -body "Port %%a : %%b"
      )
    )
  )
  
  DEL scanports%%i.xml
  DEL scanports%%itemp.txt
)

I finish my script with jeb's answer and this link.

Code:

@ECHO Off
SETLOCAL ENABLEDELAYEDEXPANSION

REM Blat options:
SET blat="C:\Program Files (x86)\blat276\full\blat.exe"
SET server=127.0.0.1
SET port=25
SET [email protected]
SET [email protected]

FOR %%i IN (1,1,9) DO (  
  "C:\Program Files (x86)\Nmap\nmap.exe" server%%i.com -oX scanports%%i.xml

  FINDSTR /C:"portid=" scanports%%i.xml >> scanports%%itemp.txt

  FOR /F "tokens=*" %%a IN (scanports%%itemp.txt) DO (
    SET x=%%a
    SET x=!x:"=/!
    FOR /f "tokens=4,12 delims=/" %%a IN ("!x!") DO (
      IF NOT %%a==21 IF NOT %%a==22 IF NOT %%a==80 IF NOT %%a==443 IF NOT %%a==3389 (
        %blat% -server %server% -port %port% -f %from% -to %to% -html -s "Port ouvert sur server%%i" -body "Port %%a : %%b"
      )
    )
  )
  
  DEL scanports%%i.xml
  DEL scanports%%itemp.txt
)

回复收藏 0 原文

~没有更多了~