Let's quickly recap how Nmap formats the output of a scan. If we run the default NSE category (-sC) against the scanme.nmap.org host, we get the following output:
nmap -n -Pn -p80 -sC scanme.nmap.org PORT STATE SERVICE 80/tcp open http |_http-title: Go ahead and ScanMe!
By default, Nmap returns the normal output if no option is given. The available output options are:
Normal output (
-oN)XML output (
-oX)Grepable output (
-oG)Script kiddie (
-oS)
Tip
The -oA <basename> argument saves the output in normal, XML, and grepable formats. I personally use this option all the time. Let's say we want to scan port 80 with NSE and save the results in all formats. We would use a command similar to the following:
$nmap -p80 -sC -oA scanme.nmap.org scanme.nmap.org
When the scan is complete, new files will be generated in your current directory:
scanme.nmap.org.gnmapscanme.nmap.org.nmapscanme.nmap.org.xml
These files correspond to the results of the scan in grepable...