HTML pages have a particular strength over other file formats; they can be viewed in the web browsers that are shipped with most devices. For this reason, users might find it useful to generate scan reports in HTML and upload them somewhere for easy access.
The following recipe will show you how to generate an HTML page displaying scan results taken from an XML results file.
For this task we will use a tool called "XSLT processor". There are a few options available for different platforms, but the most popular one for Unix systems is called "xsltproc"; if you are running a modern Linux, there is a good chance that you already have it installed. "Xsltproc" also works on Windows, but it requires that you add some additional libraries to it.
If you are looking for other cross-platform XSLT (and XQuery) processor, which is easier to install on Windows, go to http://saxon.sourceforge.net/. They offer a free version of "saxon", which is based on Java.
First, save the scan results in the XML format by using the following command:
# nmap -A -oX results.xml scanme.nmap.org
Run xsltproc to transform the XML file to HTML/CSS:
$xsltproc results.xml -o results.html
The HTML file should be written to your working directory. Now, just open it with your favorite web browser.
XSL stylesheets are used to view XML files straight from web browsers. Unfortunately, modern web browsers include stricter, same origin policy restrictions so it is more convenient to generate an HTML report instead.
The
xsltproc utility takes the following arguments:
$xsltproc <input file> -o <output file>
The reference to the XSL stylesheet is included in the XML file, and the style is taken from there.
You need to make sure that the referenced XSL stylesheet is readable, otherwise xsltproc will fail. By default, Nmap ships nmap.xsl to your installation directory. If you don't have it in your system, you can download it from <url>, place it in your working directory, and use the directive --stylesheet:
#cp /usr/local/share/nmap/nmap.xsl
At the end, we should have both nmap.xsl and our results file results.xml in the same folder (our working directory).
If you don't have the XSL stylesheet in your system, you can use the directive --webxml to have Nmap reference the online copy using the following command:
# nmap -A -oX results.xml --webxml scanme.nmap.org
To customize the look of the report, you can edit the XSL stylesheet. I recommend that you start with the file nmap.xsl to learn the field names.
- The Saving scan results in normal format recipe
- The Saving scan results in an XML format recipe
- The Saving scan results in grepable format recipe
- The Saving scan results in normal format recipe
- The Saving scan results to a SQLite database recipe
- The Comparing scan results with Ndiff recipe in Chapter 1, Nmap Fundamentals
- The Monitoring servers remotely with Nmap and Ndiff recipe in Chapter 1, Nmap Fundamentals