In this task, we have to search through a giant file that was created using
We’re greeted with the following instructions at the top of the terminal:
Howdy howdy! Mind helping me with this homew- er, challenge? Someone ran nmap -oG on a big network and produced this bigscan.gnmap file. The quizme program has the questions and hints and, incidentally, has NOTHING to do with an Elf University assignment. Thanks! Answer all the questions in the quizme executable: - What port does 188.8.131.52 have open? - What port does 184.108.40.206 have open? - How many hosts appear "Up" in the scan? - How many hosts have a web port open? (Let's just use TCP ports 80, 443, and 8080) - How many hosts with status Up have no (detected) open TCP ports? - What's the greatest number of TCP ports any one host has open? Check out bigscan.gnmap and type quizme to answer each question.
-oG flag in nmap specifies the output to be formatted in a way that makes grepping through it easier.
What port does 220.127.116.11 have open?
Let’s just cat out the file and grep for the ip address to see what we get:
cat bigscan.gnmap | grep 18.104.22.168
the output looks like this:
Host: 22.214.171.124 () Status: Up Host: 126.96.36.199 () Ports: 62078/open/tcp//iphone-sync/// Ignored State: closed (999)
We can see that only port 62078 is open.
we can submit this answer by running
quizme in the console.
What port does 188.8.131.52 have open?
Let’s run that same command, but with this new IP:
cat bigscan.gnmap | grep 184.108.40.206
Host: 220.127.116.11 () Status: Up Host: 18.104.22.168 () Ports: 8080/open/tcp//http-proxy/// Ignored State: filtered (999)
This time port 8080 is open
How many hosts appear “Up” in the scan?
Now we have to count the total number of occurences of something using grep. For this we can use the
cat bigscan.gnmap | grep -c 'Status: Up'
How many hosts have a web port open? (Let’s just use TCP ports 80, 443, and 8080)
For this, we’ll use a regular expression to search for either
8080, followed by
/open and count the results.
cat bigscan.gnmap | grep -c -E '(80|443|8080)/open'
How many hosts with status Up have no (detected) open TCP ports?
We already know from the 3rd question how many hosts we have that are up (26054), so all we need to figure out is how many hosts have some port open. Then we just do this:\[TotalHosts - HostsWithOpenPorts = HostsWithNoOpenPorts\]
to find the number of hosts with open ports, we can just find the number of lines where
cat bigscan.gnmap | grep -c '/open'
therefore: \(HostsWithNoOpenPorts = 26054 - 25652 = 402\)
What’s the greatest number of TCP ports any one host has open?
This one was a bit trickier. It’s tough to get grep to do this just on its own. I ended up doing it the “dumb” way. (Although if it’s dumb and it works, is it really dumb?)
I ended up creating a bash script for this:
max=0 cat bigscan.gnmap | while read line do temp=$( echo $line | grep -o '/open' | wc -l) if (($temp>$max)) then max=$temp echo $max fi done
basically what it does is feed the file line-by-line into grep, which then counts the total number of occurences in that line and stores that in a temporary variable. It then compares that to the current maximum. If it is greater than the current max, it changes the max and prints it out.
Putting this all into one line so we can just copy it into the terminal:
max=0; cat bigscan.gnmap | while read line; do temp=$( echo $line | grep -o '/open' | wc -l); if (($temp>$max)); then max=$temp; echo $max; fi; done
Running it in the terminal yeilds the following output:
5 6 9 10 11 12
12 is the last maximum it spit out, so that is our answer.
This takes a while to run, but it works.