Home/ Questions/Q 8509559
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T03:28:02+00:00

I have some data from an Nmap Scan. It looks like this. Nmap scan

  • 0

I have some data from an Nmap Scan. It looks like this.

Nmap scan report for 10.16.17.34
Host is up (0.011s latency).
Not shown: 65530 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
23/tcp   open  telnet
80/tcp   open  http
| http-headers: 
|   Date: THU, 30 AUG 2012 22:46:11 GMT
|   Expires: THU, 30 AUG 2012 22:46:11 GMT
|   Content-type: text/html
|   
|_  (Request type: GET)
443/tcp  open  https
| ssl-enum-ciphers: 
|   SSLv3
|     Ciphers (11)
|       TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA - unknown strength
|       TLS_RSA_EXPORT1024_WITH_RC4_56_SHA - unknown strength
|       TLS_RSA_EXPORT_WITH_DES40_CBC_SHA - unknown strength
|       TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - unknown strength
|       TLS_RSA_EXPORT_WITH_RC4_40_MD5 - unknown strength
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength
|       TLS_RSA_WITH_DES_CBC_SHA - unknown strength
|       TLS_RSA_WITH_RC4_128_MD5 - unknown strength
|       TLS_RSA_WITH_RC4_128_SHA - strong
|   TLSv1.0
|     Ciphers (10)
|       TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA - unknown strength
|       TLS_RSA_EXPORT1024_WITH_RC4_56_SHA - unknown strength
|       TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - unknown strength
|       TLS_RSA_EXPORT_WITH_RC4_40_MD5 - unknown strength
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength
|       TLS_RSA_WITH_DES_CBC_SHA - unknown strength
|       TLS_RSA_WITH_RC4_128_MD5 - unknown strength
|       TLS_RSA_WITH_RC4_128_SHA - strong
|     Compressors (1)
|       NULL
|_  Least strength = unknown strength
2023/tcp open  xinuexpansion3

Nmap scan report for 10.16.40.0
Host is up (0.00062s latency).
All 65535 scanned ports on 10.16.40.0 are closed

Nmap scan report for 10.16.40.1
Host is up (0.00071s latency).
All 65535 scanned ports on 10.16.40.1 are closed

What I am attempting to do is to either use Awk, Sed or Grep or something else to extract any section that starts with Nmap Scan and ends in a blank new line and has ssl-enum-ciphers in it. I figured out with Awk how to print each section but I can’t get it to check for the ssl line. I’m out of my league with this.
Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What you have is blank-line separated records. You can use awk to check for your ssl-enum-ciphers:

    awk -v RS='' '/ssl-enum-ciphers/' file.txt

    This will check that the record doesn’t contain the phrase ‘host down’:

    awk -v RS='' '/ssl-enum-ciphers/ && !/host down/' file.txt

    You could make this more stringent by changing the field separator to a newline character:

    awk 'BEGIN { RS=""; FS="\n" } /ssl-enum-ciphers/ && $1 !~ /host down/' file.txt

    Add some newlines between records:

    awk 'BEGIN { RS=""; FS="\n" } /ssl-enum-ciphers/ && $1 !~ /host down/ { printf "%s\n\n", $0 }' file.txt
    • 0