GitHub - jakl/blocks: Grep and Extract info from similar repeating blocks of text, like nmap output

jakl / blocks Public

Notifications You must be signed in to change notification settings
Fork 1
Star 3

Grep and Extract info from similar repeating blocks of text, like nmap output

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README		README
blocks.pl		blocks.pl

Repository files navigation

NAME
  Blocks

USAGE
  ./blocks.pl [ --term=<str>|--match|--no-match|--data=<str>|--delim=<str> LOCAL_FILE ]

DESCRIPTION
  Use to parse files composed of regular blocks of text

OPTIONS
  --term      -t  : Term to search for
  --match     -m  : Match the term
  --no-match -nom : Match all but the term; inverted match
  --delim     -de : Delimit the blocks of text by this header line (REQUIRED)
                       delimiter header line is included in the block
  --data      -da : Find and print only this bit of data (regex formatted)

  Option names may be shorter unique abbreviations of the full names shown above
  Full or abbreviated options may be preceded by one - or two -- dashes

EXAMPLES
  We are looking at a log file of computers identified by their ip addresses
  It might look like this:

    Nmap scan report for walmart (192.168.1.71)
    Host is up (0.00032s latency).
    Not shown: 999 closed ports
    PORT     STATE SERVICE
    3000/tcp open  ppp

    Nmap scan report for homeportal (192.168.1.254)
    Host is up (0.042s latency).
    Not shown: 998 closed ports
    PORT    STATE SERVICE
    80/tcp  open  http
    443/tcp closed  https

  Each computer has latency as well as closed and open ports. 
  Each block of text starts with the word Nmap.

  We might want to list the machines that have port 80/tcp open.

  ./blocks.pl --delim Nmap --term '80/tcp  open'

    Nmap scan report for homeportal (192.168.1.254)
    Host is up (0.042s latency).
    Not shown: 998 closed ports
    PORT    STATE SERVICE
    80/tcp  open  http
    443/tcp closed  https


  We might want to extract the IP from every block using a regex.

  ./blocks.pl --delim=Nmap --data='Nmap scan report for .* \((.*)\)'

    192.168.1.71
    192.168.1.254

  We might want to extract the IP from every block that has port 80 open.

  ./blocks.pl --delim=Nmap --term '80/tcp  open' --data='Nmap scan report for .* \((.*)\)'

    192.168.1.254


AUTHOR
  Written by James Koval
  Documented by David Odell
REPORTING BUGS
  Report bugs to <jediknight304 () gmail . com>
COPYRIGHT
  Copyright 2010 James Koval
  License GPLv3+: GNU GPL version 3 or later
  <http://gnu.org/licenses/gpl.html>
  This is free software; you are free to change and redistribute it
  There is NO WARRANTY, to the extent permitted by law