#!/usr/bin/gawk -f 
# Script made by Adrian Puente for Sm4rt Security Services
# shouts to: adrian _at_ sm4rt _dot_ com
# and apuente _at_ hackarandas _dot_ com 
#
# Filters the nmap's grep output (.gnmap)
# and creates files with a list of IPs of an specific 
# port. It makes 2 files for each port, one with the banners
# that nmap found and other with just the IP so you 
# can combine this with Hydra for example.
#
# The syntac of the program is
# gawk.filter.gnmap.awk [nmap.grep.file] [port]
#
# You can mix this script with a loop so you can split 
# a lot of ports like this:
#
# Linux
# for i in "21 22 80 443 135 139 152[1-26]"
# do
#      nmap.gawk.filter.gnmap.awk nmap.gnmap.file $i
# done
#
# for i in `cat lista.puertos.lst`
# do
#      nmap.gawk.filter.gnmap.awk nmap.gnmap.file $i
# done
#
# Windows
# for /F %i (port.list) do gawk.exe -f gawk.filter.gnmap.awk nmap.gnmap.file %i
#
# Known Bugs
#
# * Each time you run the commando you get an error like this
# gawk: (FILENAME=nmap.scan.gnmap FNR=1461) fatal: cannot open file `21' for reading 
# this happens because it tries to open the second argument that
# is the port we are filtering and obviously it doesn't exists.
#
# Requires gawk or GNU awk in your PATH.

{
	if ( ARGC < 3 )
	{
		print "Sintax: [nmap.grep.file] [port]"
		exit
	}
	PTO=ARGV[2]
	IDENTIFICADOR = " "PTO"/open"
	SEPARADOR = ":"PTO"/open"
	
	if ( $0 !~ /^\#/ ) # Quitamos cualquier info que no nos es util
	{		
		if ( $0 ~ IDENTIFICADOR )	
		{
			linea = $0
			gsub ( /:\ / , ":" , $linea )
			gsub ( /\ +/ , "_" , $linea ) 
			gsub ( /\t/ , " " ,  $linea )
			gsub ( /\,/ , " Ports:" ,  $linea )
			gsub ( /Ports:_/ , "Ports:" ,  $linea )
			split ( $linea , trozos , " ")
			for ( bloque in trozos )
			{
				if ( $bloque ~ /Host:/ )
				{
					sub ( /Host:*/ , "" , $bloque )
					sub ( /_/ , " " , $bloque )
					host=bloque
					split ( $bloque , data , " " )
				}
				if ( $bloque ~ SEPARADOR )
				{
					gsub ( /Ports:/ , "" ,  $bloque )
					gsub ( /\/open*/ , " " ,  $bloque )
					gsub ( /\/\/*/ , " " ,  $bloque )
					port=bloque
				}
			}
			printf "%-50s\t%s\n", $host, $port > "lst.banners.port."PTO".txt"
			gsub ( /\(.*\)/ , "" , $host )	# Solo mostramos las IPs.
			gsub ( /^[ \t]+|[ \t]+$/ , "" , $host )	# Quitamos espacios.
			print $host > "lst.ips.port."PTO".txt"
		}
	}
}