tew
tew
is a simple, quick 'n' dirty nmap parser for converting nmap xml output files to IP:Port notation.
For example:
tew -x data/ex1/nmap.xml
1.1.1.1:80
1.1.1.1.1:443
This is useful for internal penetration tests and can be piped to httpx easily. As it is go, it compiles into a neat and tidy binary!
Installation
Go install
go install github.com/pry0cc/tew@latest
Binaries
Binaries are available for most platforms and archectectures in the releases page.
Usage
# Run Nmap and save to XML output
nmap -T4 1.1.1.1 8.8.8.8 -oX file.xml
tew -x file.xml
tew -x file.xml -o output.txt
tew -x file.xml | httpx -json -o http.json
Stdin support
cat data/ex1/nmap.xml | go run main.go -x -
93.184.216.34:80 93.184.216.34:443 1.1.1.1:80 8.8.8.8:53 8.8.8.8:443 8.8.4.4:53 8.8.4.4:443 1.0.0.1:53 1.1.1.1:53 1.1.1.1:443 1.0.0.1:80 1.0.0.1:443
DNSx Parsing
If you want to correlate DNSx JSON output, simply generate a JSON file and import it using the following syntax.
subfinder -d domain.com -o subs.txt
dnsx -l subs.txt -json -o dns.json
cat dns.json | jq -r '.a[]' | tee ips.txt
nmap -T4 -iL ips.txt -oX nmap.xml
tew -x nmap.xml -dnsx dns.json --vhost | httpx -json -o http.json
URL Generation
If you want to passively generate URLs, you can do so with the --urls
option.
Note: This does not replace using httpx, prefer for occasions where stealth matters over accuracy. This does not check to see if the port is running a HTTP service nor does it send any requests.
tew -x nmap.xml -dnsx dns.json --vhost --urls
http://example.com
https://example.com
Todo
- Create auto build using github ci & autobuild
- Add Arm64 for Darwin to Build
- Use proper flags library
- Add ability to import and use dnsx JSON & text output files - working on it!
- Clean up DNSX Parsing module and sort unique
- Add output text file as option
- Test on Windows, Linux & Mac for cross-compatibility
# Credit
- @hakluke - Thank you man for helping me fix that dumb bug :)
- @vay3t - Go Help
- @BruceEdiger - Go Help
- @mortensonsam - Go help!!
- @xstp - stdin support
- https://www.golangprograms.com - A lot of the code here is copy-pasted from the internet, at the time of writing, my go skills are copy-paste :P And that's ok if it works, right?
Feature: stdin support and a tiny bit of code cleanup
stdin doesn't seem super interesting at first glance, but it can be useful
Suggest license
Thanks for this package! It's really cool. But I saw that under license, you do not have any license. Legally this means no one can use or modify it. Can you add a license?
For more on this you can read this page.
Feature: Stdin support :D
feature adds stdin support
switched to the preferred function naming convention for Golang (otherwise it is always exported)
🚀
Added —urls option
Added a dirty method to check and generate urls if it sees the service as http or https. Not exhaustive - but is more passive. I still recommend using httpx with this option.
it's possible to let tew parse massdns json output :)
massdns support json output too e.g.
massdns --resolvers resolvers.txt --output J --outfile xxxxx.json
so it's gonna be awesome if tew parse massdns json output e.g.
tew -x nmap.xml -massdns xxxxx.json -vhost