The Bug Hunter Podcast 3: Nmap outputs & motivation vs inspiration

the-bug-hunter-podcast-episode-3.png

Hi, here’s a new episode of the Bug Hunter podcast!

You can now listen to it using the widget below or on the following platforms: Apple podcasts/iTunes, Google Podcasts, Anchor, Spotify, Breaker, Pocket Casts, Overcast and RadioPublic.

If your favorite podcasting app is missing from this list, please let me know so I can add it.

Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding any links or commands mentioned in the audio.


Transcript

Hey hackers! This is the Bug Hunter podcast by Pentesterland. The podcast for pentesters & bug bounty hunters. We tackle technical questions & inspirational topics to help you develop both a hacker skillset & mindset.

Welcome to this podcast number 3! I’m you host, Mariem. And the title of this episode is: “Nmap outputs & motivation vs inspiration”.

I have two segments for you today:

  1. Favorite hack: on the different kinds of Nmap outputs
  2. Personal growth: on the difference between motivation and inspiration, and how you can use this knowledge to find your inner strength and defeat lazyness or procrastination,

You’re getting used to it now… I’m including a segment that’s not about hacking or anything technical. It’s more about hacking your life to be happier and more productive.

Also, if you prefer written text, you’ll find the whole transcript on pentester.land/podcasts, under episode n°3. It’s also helpful for finding any links or commands mentioned in this audio.

Favorite hack

I recently saw a Tweet by Luke Stephens about how to convert Nmap XML output to HTML output. I wasn’t aware of this possibility.
So I want to share with you this tip, and remind you of the different ways to output and save Nmap results. And also why you should always save Nmap results!

There are 4 types of Nmap outputs: Normal, XML, Greppable and Script Kiddie output.

Normal output

Normal output is what you see printed on your screen when you run Nmap. If you use the option -oN filename, Nmap saves what you see printed on your screen to the file you gave it.

XML output

XML output is when you use the option -oX filename. It saves Nmap’s results in an XML file.

Greppable format output

Greppable format output is when you use the option -oG filename. It saves the results in a format which allows for easy grepping.
What this means is that if you scan tens or hundreds of hosts, the greppable file will contain a single line for each host, including all the information obtained for it: port numbers, their status (open, filtered or closed), service versions, etc.
So you can easily use this format to extract all hosts which have a specific open port or service version.

Script kiddie output

$crIpT kIddI3 0uTPut is normal output processed to look funnier. It’s not really useful but I’m just telling you… it exists!
The option for it is -oS filename.

So which of these options do you have to use in practice? My recommendation is to systematically use all of them! That way, if after you finished testing and you have a need that you didn’t anticipate, like grepping for something, you will have all 3 outputs available. You won’t need to re-do any Nmap scans because you didn’t use the right output format the first time.

Output to all formats

The option for saving all 3 outputs is -oA filename: It creates 3 files, a .gnmap file with Greppable output, a .xml file with XML output and a .nmap file with Normal output.

If you feel lost right now because you’re not familiar with Nmap and maybe there’s too much information and options, here is the single thing that you can take away from all this segment: When you do an Nmap scan, ALWAYS use the option -oA filename.

Why save Nmap results?

The reason why you should always systematically save your Nmap results is that:

  1. It gives you traceability. If a client complains about network issues, you can check whether you had any scans running at the same time.
  2. It gives you access to Nmap’s results even after the testing period has ended. If you’re writing your pentest report and need to check something, you won’t need to re-do any scans.
  3. If you’re doing long term pentesting on the same targets or bug bounty hunting, you will be able to compare the state of open ports and services on the same targets after months.
  4. And this is a huge one, logging files allows you to stop your Nmap scans and resume them. If your network connection is cut off and the Nmap scans stop, you can later resume them and they will continue from where they were stopped. This is particularly handy when you’re testing hundreds of hosts at the same time, or if you’re scanning all open ports which can take a long time, or if you have networking issues. You don’t want to have to start the scans over just because your laptop was turned off or your network connection was cut off.

Resuming stopped Nmap scans

The option to resume a scan is: --resume filename. The file can be either in normal or greppable output. This shouldn’t be an issue since we’re always using the -oA output option, right?

In case you need other output formats like HTML or saving to a database, there are no native options for that.

HTML output

But for HTML output, you can convert Nmap XML files to HTML with this command: xsltproc filename.xml -o filename.html

Output to a database

What if you want to save results in a database? Nmap doesn’t have a native option for that.
And I didn’t find any tool for this that’s updated regularly and is stable, doesn’t break when a new version of Nmap is released.

So the best option, for me, is to write a custom script that parse Nmap XML output and saves the results in your database.

So that was everything I know about Nmap outputs. If you have any additional information or if you know a good tool for saving results to a database, I’d love to know, please share it with us.

Personal growth segment

There is a huge difference between motivation and inspiration. Often people use them interchangeably. I’m guilty of this too.

But beyond words, knowing the difference between these two concepts is crucial for anyone who strives to improve themselves and live a better happier more productive life.

In this segment, I want to explain the difference, why you don’t need others to motivate you, how you can become both inspired and motivated to change your life and, yes, even beat procrastination.

Do you know this feeling when you watch a movie like Rocky or Karate Kid… and by the end you’re so excited and up-lifted? You feel on top of the world, like you could accomplish amazing incredible things just like the movie’s heroes. You could learn karate, boxing, train days after days after days after days, until you become a world class champion just like them.

So on the spot you decide to start running or strenght training, swimming, yoga, whatever your thing is.

You do it one day, two, three, then life starts getting in the way. You don’t last long. In less than a month it’s already a thing of the past. You remember having watched a good movie, having tried to do something regularly but it is just so hard, and you just don’t have the time. After all, is it really important, considering that you have a lot of work, and you want to go out with your friends? And you’re always mentally and sometimes physically tired at the end of the day and you just want to relax and watch TV or Youtube.

In this picture, the feeling you have just after watching the movie is inspiration. It comes from an external source, in this case the story of a movie character. You can find inspiration everywhere: in music, art, movies, Tweets, stories of other people, biographies, nature, podcasts, etc. But inspiration doesn’t last long. After a few days or weeks, it won’t be enough to push you to do whatever it is that you have decided to do day everyday: exercise, write, create, work, learn, etc.

What gives you the energy to go on every single day despite obstacles is motivation. It can only come from within. Motivation is when you have a goal, you know exactly what it means to you, why you want it, what it will feel like when you reach it. It is when you can no longer tolerate the current state of things and the only option left is to change and do whatever work is necessary to attain that goal.

Wherever someone asks me: tell me something motivating, I have this hard thing to do and I really need motivation… I tell them: No. You don’t need me to motivate you. I can inspire you by working by your side, showing you interesting books, podcasts or tips to improve your productivity levels… But only YOU can motivate yourself.

You do this by having a clear vision of what you want, why you want it, and then making a plan to make it happen. If you can envision yourself at that desired place, you will find yourself doing the work and finding the time, right before going to work, before bed, during the weekends. Your passion will lift you up, your why will keep you going when you have difficulties. You will have all the drive you need. The secret is consistency.

If you want to beat procrastination and get to the next level, here is what I suggest you do. Take some time to answer these 3 questions:

  • What is my goal?
  • Why do I want to achieve it? Why is it so important to me?
  • What do I need to do every day, week or month to achieve it?

This can be things like, I need to read and analyze 1 bug bounty writeup every week, or I need to do 50 pushups every day, etc.

Once you did your inner work and found your own motivation, keep it going by looking for inspiration around you. Watch podcasts, read books about positive people who achieved what you are trying to do. Listen to good up-lifting music while you are working on your goal.

If you still have difficulties because your life is really not easy, and your work is really tiring or takes up too much of your time… well, I’ve been there. This is a talk for another time about turning your life upside down to get rid of any blocking issues. But you will still need to do the same inner work and find motivation. Everyone needs this.

So I can’t wait to hear about you! Tell us by leaving a comment on the show notes’ page on pentester.land… Or if you’re shy, tell only me by email.

Share your answers to these 3 questions so that we can hold you accountable: What is your goal? Why do you want to achieve it? And what will you do every day to make it happen?

Bonus segment

I stumbled upon a Github repo of Dad style programming jokes, and OMG, I think they’re so funny! But maybe it’s just me, you tell me…

Here’s one:

Q: What is a computer virus? A: A terminal illness!

Here’s another one:

Q: How many developers does it take to change a light bulb? A: None. It’s a hardware issue

Oh and a last one:

Q: What did JavaScript call his son? A: JSON!

If you liked these, there’s more at github.com/websbos/dad-jokes.

Conclusion

That’s it for today guys!

Thanks for listening to The Bug Hunter podcast by PentesterLand. If you like what you just heard, please share with your friends and colleagues, like, subscribe and comment.

Also, send your questions and suggestions by DM on Twitter at twitter.com/pentesterland or send us an email to [email protected].

See you next time! Keep on hacking!


If you want to be notified when new articles, our newsletter and podcasts are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments