Grepable Output (`-oG`) with Nmap

Learn how to use Nmap’s grepable output format to efficiently extract and process scan results using command-line tools.

by İbrahim Korucuoğlu ( @siberoloji) | Friday, April 04, 2025

Categories:

4 minute read

Introduction to Nmap and Grepable Output

Nmap (Network Mapper) is one of the most powerful and widely used network scanning tools. It helps security professionals, system administrators, and ethical hackers discover hosts, services, and vulnerabilities within a network. Nmap provides multiple output formats for analyzing scan results, one of which is grepable output (-oG).

The grepable output format (-oG) is specifically designed for parsing and processing scan results using command-line tools like grep, awk, sed, and cut. This makes it extremely useful for automating tasks and extracting specific pieces of information from large network scans.

Understanding Grepable Output Format

When you run an Nmap scan with the -oG option, the output is structured in a format that makes it easy to parse using text-processing utilities. A typical grepable output entry looks like this:

# Nmap 7.94 scan initiated Sun Apr 2 12:00:00 2025
Host: 192.168.1.1 ()    Status: Up
Host: 192.168.1.2 ()    Status: Up
Host: 192.168.1.1 ()    Ports: 22/open/tcp//ssh///, 80/open/tcp//http///    Ignored State: closed (998)
Host: 192.168.1.2 ()    Ports: 443/open/tcp//https///    Ignored State: closed (999)

Each line starts with a keyword (e.g., Host:) followed by structured data, making it easy to extract relevant information using grep and other tools.

How to Use `-oG` in Nmap Scans

Basic Syntax

To generate grepable output, use the following command:

nmap -oG output.txt <target>

For example, scanning a subnet:

nmap -oG scan_results.txt 192.168.1.0/24

This will save the results in scan_results.txt in a structured grepable format.

Combining `-oG` with Other Options

To make the output more useful, you can combine -oG with other scanning options:

Scan with service detection and grepable output:
```
nmap -sV -oG services.txt 192.168.1.1
```

Aggressive scan with grepable output:

nmap -A -oG aggressive_scan.txt 192.168.1.1

Scan only open ports and output in grepable format:
```
nmap --open -oG open_ports.txt 192.168.1.1
```

Extracting Information from Grepable Output

One of the key benefits of -oG is its easy integration with command-line tools. Below are some examples of how to extract useful information from grepable output.

Finding Live Hosts

To list all live hosts from a scan:

grep "Status: Up" scan_results.txt | awk '{print $2}'

Extracting Open Ports

To find all open ports from the scan results:

grep "Ports:" scan_results.txt | awk -F 'Ports: ' '{print $2}'

To extract only the host IPs with open ports:

grep "Ports:" scan_results.txt | awk '{print $2}'

Finding Hosts with Specific Open Ports

To filter hosts that have a specific port open (e.g., port 22 for SSH):

grep "22/open" scan_results.txt | awk '{print $2}'

To find hosts with HTTP (port 80) open:

grep "80/open" scan_results.txt | awk '{print $2}'

Extracting Both Host IPs and Open Ports

To list hosts alongside their open ports:

grep "Ports:" scan_results.txt | awk '{print $2, $4}'

Automating Tasks with Grepable Output

By combining -oG with shell scripting, you can automate various network analysis tasks.

Example: Extracting Live Hosts into a File

nmap -sn -oG hosts.txt 192.168.1.0/24
grep "Up" hosts.txt | awk '{print $2}' > live_hosts.txt

Example: Checking for SSH on Live Hosts

for ip in $(grep "Up" hosts.txt | awk '{print $2}'); do
  nmap -p 22 --open -oG ssh_hosts.txt $ip
done
grep "22/open" ssh_hosts.txt | awk '{print $2}' > ssh_open_hosts.txt

Advantages and Limitations of Grepable Output

Advantages

Easily parsable: Structured format allows quick extraction of data using command-line tools.
Automation-friendly: Can be integrated into scripts and automated workflows.
Efficient for large-scale scans: Enables quick filtering of hosts, ports, and services.
Minimalistic format: More compact than XML or JSON outputs, making it suitable for quick text-based processing.

Limitations

Lacks full details: Compared to XML (-oX) or normal (-oN) output, grepable format omits certain details like OS detection and service versions.
Not well-structured for advanced parsing: While good for basic filtering, complex queries require additional processing.
Deprecated but still functional: The grepable format is deprecated in some versions of Nmap, but it remains widely used.

Conclusion

Grepable output (-oG) is a powerful feature in Nmap that allows users to efficiently extract and process scan results using command-line tools. By leveraging tools like grep, awk, and sed, security professionals can automate tasks, analyze large networks, and quickly filter relevant data. While it has some limitations, its simplicity and ease of use make it a valuable tool for network scanning and security assessments.

By mastering -oG and integrating it into scripts, you can streamline your workflow and make the most out of Nmap’s scanning capabilities.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

< Nmap Normal Output XML Output with Nmap >