A quick ‘n dirty nmap parser written in Golang to convert nmap xml to IP:Port notation.

  • By pry0cc
  • Last update: Dec 31, 2022
  • Comments: 5

tew

tew is a simple, quick 'n' dirty nmap parser for converting nmap xml output files to IP:Port notation.

For example:

tew -x data/ex1/nmap.xml

1.1.1.1:80
1.1.1.1.1:443

This is useful for internal penetration tests and can be piped to httpx easily. As it is go, it compiles into a neat and tidy binary!

Example

Installation

Go install

go install github.com/pry0cc/tew@latest

Binaries

Binaries are available for most platforms and archectectures in the releases page.

Usage

# Run Nmap and save to XML output

nmap -T4 1.1.1.1 8.8.8.8 -oX file.xml

tew -x file.xml
tew -x file.xml -o output.txt
tew -x file.xml | httpx -json -o http.json

Stdin support

cat data/ex1/nmap.xml | go run main.go -x -

93.184.216.34:80 93.184.216.34:443 1.1.1.1:80 8.8.8.8:53 8.8.8.8:443 8.8.4.4:53 8.8.4.4:443 1.0.0.1:53 1.1.1.1:53 1.1.1.1:443 1.0.0.1:80 1.0.0.1:443

DNSx Parsing

If you want to correlate DNSx JSON output, simply generate a JSON file and import it using the following syntax.

subfinder -d domain.com -o subs.txt
dnsx -l subs.txt -json -o dns.json
cat dns.json | jq -r '.a[]' | tee ips.txt
nmap -T4 -iL ips.txt -oX nmap.xml

tew -x nmap.xml -dnsx dns.json --vhost | httpx -json -o http.json

URL Generation

If you want to passively generate URLs, you can do so with the --urls option.

Note: This does not replace using httpx, prefer for occasions where stealth matters over accuracy. This does not check to see if the port is running a HTTP service nor does it send any requests.

tew -x nmap.xml -dnsx dns.json --vhost --urls 

http://example.com
https://example.com

Todo

  • Create auto build using github ci & autobuild
  • Add Arm64 for Darwin to Build
  • Use proper flags library
  • Add ability to import and use dnsx JSON & text output files - working on it!
  • Clean up DNSX Parsing module and sort unique
  • Add output text file as option
  • Test on Windows, Linux & Mac for cross-compatibility

# Credit

  • @hakluke - Thank you man for helping me fix that dumb bug :)
  • @vay3t - Go Help
  • @BruceEdiger - Go Help
  • @mortensonsam - Go help!!
  • @xstp - stdin support
  • https://www.golangprograms.com - A lot of the code here is copy-pasted from the internet, at the time of writing, my go skills are copy-paste :P And that's ok if it works, right?

Download

tew.zip

Comments(5)

  • 1

    Feature: stdin support and a tiny bit of code cleanup

    • added stdin support ( filename - )
    • removed unnecessary exported functions

    stdin doesn't seem super interesting at first glance, but it can be useful

  • 2

    Suggest license

    Thanks for this package! It's really cool. But I saw that under license, you do not have any license. Legally this means no one can use or modify it. Can you add a license?

    For more on this you can read this page.

  • 3

    Feature: Stdin support :D

    feature adds stdin support

    • holds the nmapxml module in a struct.
    • will pass the stdin xml by its memory address to Run()

    switched to the preferred function naming convention for Golang (otherwise it is always exported)

    🚀

  • 4

    Added —urls option

    Added a dirty method to check and generate urls if it sees the service as http or https. Not exhaustive - but is more passive. I still recommend using httpx with this option.

  • 5

    it's possible to let tew parse massdns json output :)

    massdns support json output too e.g.

    massdns --resolvers resolvers.txt --output J --outfile xxxxx.json

    so it's gonna be awesome if tew parse massdns json output e.g.

    tew -x nmap.xml -massdns xxxxx.json -vhost

Popular Tag

Related