Pentest & Bug Bounty Resources and Techniques
  • Pentest & Bug Bounty Resources and Techniques
    • Introduction
    • Tests Checklist
    • OSINT
    • Communications Security
      • SSL/TLS
    • Networking
      • Subdomains Discovery
        • DNS & OSINT
        • DNS Brute force
          • Second DNS Brute-Force Round
      • Subdomain Takeover
      • Network Host Scan/Discovery
        • External/Internal
        • Internal only
      • Network Vulnerability Scanning
      • Network Hacking
      • Parsing
      • Reporting
    • Brute Force
      • Wordlists
      • Databases
      • SSH
    • Web
      • Endpoint Discovery
      • Infrastructure & Configuration
        • Headers
        • WAF Detection/ Evasion
      • Injection
        • GraphQL
        • Cross-Site Scripting (XSS)
        • SQL Injection
        • Payloads
      • SSRF & XXE
        • Labs & Resources
        • Tools
        • SVG SSRF Cheatsheet
        • XXE - XEE - XML External Entity
      • JWT Vulnerabilities (Json Web Tokens)
      • HTTP/S DoS
    • Mobile
      • Both
        • SAST
          • MobSF
        • DAST
          • Installing Frida and Objection
      • Android
        • Create a Lab
          • Rooting Android Emulator
          • Rooting Android Emulator Cheat Sheet
        • APK Certificates
        • SAST
          • APKs
            • Get Information from APK
            • GDA (GJoy Dex Analysizer)
            • Scanning APK for URIs, endpoints & secrets
            • Google Maps API Scanner
        • DAST
          • Rooting the Android Studio AVDs
          • non-Rooted devices
            • Bypass SSL Pinning - non-rooted devices
              • Method 1: apk-mitm
              • Instrumentation with Frida and Objection
                • Bypass SSL Pinning - Method 2: With Objection Explore
                • Bypass SSL Pinning - Method 3: With root_bypass.js
          • Rooted Devices
            • Run frida-server in the emulator or device
            • Inject Frida
            • Bypass SSL Pinning - rooted devices
              • Install Burp CA as a system-level CA on the device
      • iOS
        • SAST
          • Building a reverse iOS engineering environment for free
          • Test Vulnerabilities
  • Lets Practice
    • Virtual Machines
    • Vulnerable App
    • Guided Labs
    • CTFs
  • Group 1
    • AI
Powered by GitBook
On this page
  • Nmap XML to HTML report
  • Requirements
  • 🎓 Usage
  • WebMap
  • Webmap Installation
  1. Pentest & Bug Bounty Resources and Techniques
  2. Networking

Reporting

PreviousParsingNextBrute Force

Last updated 6 months ago

Nmap XML to HTML report

An Nmap XSL implementation with Bootstrap. Allows Nmap XML port scan results to be converted into beautiful HTML reports.

Requirements

xsltproc — command line xslt processor

sudo apt install xsltproc

🎓 Usage

Converting Nmap XML

You can convert an already existing Nmap XML file into a nicely formatted HTML report by executing the following commands:

# download the nmap bootstrap xsl
wget https://raw.githubusercontent.com/Haxxnet/nmap-bootstrap-xsl/main/nmap-bootstrap.xsl

# convert your nmap xml file into html
xsltproc -o report.html nmap-bootstrap.xsl <nmap.xml>

The resulting Nmap HTML report report.html can be directly opened with any web browser of your choice.

Applying XSL in advance

If you have not yet started your Nmap port scan, you can also apply the bootstrap XSL in your Nmap CLI command as follows:

nmap -sS -Pn --stylesheet https://raw.githubusercontent.com/Haxxnet/nmap-bootstrap-xsl/main/nmap-bootstrap.xsl scanme.nmap.org

The resulting Nmap XML file can be directly opened with a supported web browser. The bootstrap XSL will already be applied.

Note: Nonetheless, it is recommended to convert the XML file into an HTML report. This ensures that the final Nmap bootstrap report is supported by all web browsers and that clients, to which you'll hopefully send your port scanning results, can easily categorize and open the file with the default OS application - a web browser.

WebMap

Automatically Visualize and Report Your Nmap Scan Results

Webmap Installation

  1. First you have to create a new folder

mkdir /tmp/webmap

  1. Then run this

docker run -d \
         --name webmap \
         -h webmap \
         -p 8000:8000 \
         -v /tmp/webmap:/opt/xml \
         reborntc/webmap

  1. After running it, you need a token. Generate token with this

docker exec -ti webmap /root/token

  1. To open Webmap go to http://localhost:8000/

  2. To put your Nmap result to Webmap folders, copy the XML files to /tmp/webmap/

You can see Kali Linux Site for installing docker

https://github.com/Haxxnet/nmap-bootstrap-xsl
https://www.kali.org/docs/containers/installing-docker-on-kali/