Parsing Nmap to display each service followed by each ip using bash

Question

I need to be able to display what ips have each service port open, with each service listed alphabetically, formatted as so:

ftp
============
192.168.33.226
192.168.33.129
192.168.33.220

http-alt
============
192.168.33.243
192.168.33.252

I have a file containing nmap results for a list of ips such as the following:

Nmap scan report for 192.168.33.252
Host is up (0.041s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE
8000/tcp open  http-alt
MAC Address: 00:50:56:AF:1E:5B (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 2.6.34 (93%), Linux 2.6.18 (CentOS 5, x86_64, SMP) (91%), Linux 2.6.27 (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), IBM System Storage DS4700 NAS device (91%), Lantronix SLC 8 terminal server (Linux 2.6) (91%), Linux 2.6.21 (91%), Linux 2.6.27 (Ubuntu 8.10) (91%), Linux 2.6.27 - 2.6.28 (91%), Linux 2.6.5 (SUSE Enterprise Server 9) (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

Nmap scan report for 192.168.33.226
Host is up (0.041s latency).
Not shown: 998 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:AF:4E:1D (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2000|2003|2008|XP (94%)
OS CPE: cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_xp::sp3
Aggressive OS guesses: Microsoft Windows 2000 SP4 (94%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows Server 2003 SP2 (91%), Microsoft Windows Server 2008 Enterprise SP2 (90%), Microsoft Windows 2003 SP2 (89%), Microsoft Windows XP SP3 (88%), Microsoft Windows 2000 SP0 (85%), Microsoft Windows XP (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

Using grep and awk I managed to take out the extraneous information in the file down to just each ip followed by the services running, but don't know where to go from here.

cat /usr/share/cctc/NMAP_all_hosts.txt | grep -E "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b|\b+\/tcp\s*open" | awk '{print $NF}' 

Gives me the following format:

192.168.33.249
ftp
ssh
192.168.33.236
ssh
ident
netbios-ssn
microsoft-ds

Answer 1

Perl was originally written to improve on sed/grep/awk with high-level language features.

Possible Perl one-liner:

perl -lne '$ip=$1 if /((\d+\.){3}\d+)$/; push @{$h{$1}}, $ip if /tcp\s+open\s+(.+)$/; END { for (sort keys %h) { print"$_\n========"; print for @{$h{$_}}; print"" } }' nmap.txt

Explanation:

Options: -l auto linefeed remove/add on IO, -n puts your code into a while (<>) { ... } loop, -e indicates following script.

No need for pipe from cat, simply add file as last argument. Same with your grep.

Collect data in hash %h, addressed by service names, values arrays of IPs.

$1 contains 1st capture group in parens in the regex match.

Update global variable $ip on matching lines with IP address.

If service name encountered, push current $ip to array under %h hash's service key.

END block runs after implicit loop, do the printing.