search

pry0cc / tew

A quick ‘n dirty nmap parser written in Golang to convert nmap xml to IP:Port notation.
MIT License
119 stars 23 forks source link

readme

tew

tew is a simple, quick 'n' dirty nmap parser for converting nmap xml output files to IP:Port notation.

For example:

tew -x data/ex1/nmap.xml

1.1.1.1:80
1.1.1.1.1:443

This is useful for internal penetration tests and can be piped to httpx easily. As it is go, it compiles into a neat and tidy binary!

Example

Installation

Go install

go install github.com/pry0cc/tew@latest

Binaries

Binaries are available for most platforms and archectectures in the releases page.

Usage

# Run Nmap and save to XML output

nmap -T4 1.1.1.1 8.8.8.8 -oX file.xml

tew -x file.xml
tew -x file.xml -o output.txt
tew -x file.xml | httpx -json -o http.json

Stdin support

cat data/ex1/nmap.xml | go run main.go -x -

93.184.216.34:80 93.184.216.34:443 1.1.1.1:80 8.8.8.8:53 8.8.8.8:443 8.8.4.4:53 8.8.4.4:443 1.0.0.1:53 1.1.1.1:53 1.1.1.1:443 1.0.0.1:80 1.0.0.1:443

DNSx Parsing

If you want to correlate DNSx JSON output, simply generate a JSON file and import it using the following syntax.

subfinder -d domain.com -o subs.txt
dnsx -l subs.txt -json -o dns.json
cat dns.json | jq -r '.a[]' | tee ips.txt
nmap -T4 -iL ips.txt -oX nmap.xml

tew -x nmap.xml -dnsx dns.json --vhost | httpx -json -o http.json

URL Generation

If you want to passively generate URLs, you can do so with the --urls option.

Note: This does not replace using httpx, prefer for occasions where stealth matters over accuracy. This does not check to see if the port is running a HTTP service nor does it send any requests.

tew -x nmap.xml -dnsx dns.json --vhost --urls 

http://example.com
https://example.com

Todo

 Credit