Reading information from nmap poodle vulnerability result. Bash script

Question

I need to make a bash script that will give me a list of true or false depending on the address it scanned. Right now I have this simple script

#!/bin/bash
input="/root/file1"
input2="/root/file2"
paste -d, file{1,2}.txt | while IFS=, read x y; 
do   nmap -sV --version-light --script ssl-poodle -p $y $x
if something(detects its vulnerable)
echo "true">>file3.txt
else (not vulnerable)
echo "false">>fie3.txt
done

the information nmap returns when vulerable is

Nmap scan report for ip Host is up (0.044s latency). PORT STATE SERVICE VERSION port/tcp open ssl/http Microsoft IIS | ssl-poodle: | VULNERABLE: | SSL POODLE information leak | State: VULNERABLE

Is there a way to detect the word vulnerable, or what would be the best way to do it?

Alvaro Gutierrez Perez · Accepted Answer · 2015-10-02T21:06:07.427

#!/bin/bash
input="/root/file1"
input2="/root/file2"
paste -d, file{1,2}.txt | while IFS=, read x y; 
do
    nmap_output="$(nmap -sV --version-light --script ssl-poodle -p $y $x)"
    if [ -n "$(echo "$nmap_output" | grep VULNERABLE)" ]
    echo "true">>file3.txt
    else
    echo "false">>fie3.txt
done

Explanation

With this line

nmap_output="$(nmap -sV --version-light --script ssl-poodle -p $y $x)"

you are saving the output of nmap execution to the $nmap_output variable.

And, with this one:

if [ -n "$(echo "$nmap_output" | grep VULNERABLE)" ]

you are checking if the nmap output contains the word VULNREABLE. It does so by grepping the nmap output and keeping only lines with the VULNERABLE word. Then, it checks if the grepped string is not empty (the -n switch at the beggining of the if).

Reading information from nmap poodle vulnerability result. Bash script

1 Answers1

Explanation