4

I run a nmap scan of my hosts daily to check for open ports. 

sudo nmap -f -sS -sV --log-errors -append-output -p1-9999 host.com

But along with the output I get a long list of fingerprint submissions for unrecognized ports like this 

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port4000-TCP:V=5.21%I=7%D=2/9%Time=4F30CAC%P=x86_64-redhat-linux-gnu%r
SF::\r\nERR\x20UNKNOWN_COMMAND\x20Unknown\+server\+commandCSeq:\r\nERR\x20
-------------------------------------------

How do I remove these from my nmap reports?

Quintin Par
  • 4,293
  • 10
  • 46
  • 72
  • you could actually do what it says, take a note of what service you are scanning *you did say they were your hosts* so in theory you should know what service are running, get all the data and submit it the nmap project. Then in the next version you get a better tool! that's how open source works! contribute! :-) – The Unix Janitor Feb 09 '12 at 13:06

2 Answers2

2

There is no way to keep Nmap from outputting this information, other than to submit the fingerprints as The Unix Janitor suggested in his comment. Along those lines, you could try using the latest version of Nmap (5.51 or 5.61TEST5); over 700 new service fingerprints have been added since the version you are using.

To strip the unwanted output from your scan results, try this Perl one-liner:

perl -ne 'if(/NEXT SERVICE FINGERPRINT/){$f=1}else{$f=0 if $f and not /^SF/}print unless $f'

That will strip the fingerprints out. If you are concerned about parsing the output, I would encourage you to use the XML output instead, since the structure of the normal output can change from version to version.

bonsaiviking
  • 4,355
  • 16
  • 26
0

You might consider using the XML output format and parsing that (there is a Perl library to parse it, but any XML parser would work) rather than the default semi-structured text output. In the default output format I am not aware of a way to suppress those messages.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328