Nmap Security Scanner
*Ref Guide
Security Lists
Security Tools
Site News
Advertising
About/Contact
Credits
Sponsors





Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Searching through results
Prev Chapter 12. Zenmap GUI Users' Guide Next

Searching through results

Zenmap allows you to search through saved scan results files and the database of recent scans. To begin searching, select “Search Scan Results” from the “Tools” menu or use the ctrl+F keyboard shortcut. The search dialog appears as shown in Figure 12.9, “The search dialog”

Figure 12.9. The search dialog

The search dialog

The tabs in the search dialog allow specifying the search criteria to varying levels of specificity. The fields in the “Host” tab allow searching by host name or address, those in the “Service” allow searching by port name or state, and so on. The “Keyword” on the “General” tab is the most useful. The keyword matches against the profile, any Nmap options, the target’s name or address (MAC, IPv4, or IPv6), service names and versions, OS names, and the complete Nmap output itself. For example, searching for the keyword “linux” will return scans that found a host running Linux, scans that found a host with a name containing “linux”, and scans that found a host with the linuxconf port (98) open.

Click the “Find” button to start a search. Results are shown in the “Results” display at the right. To open a found scan, select it and click the “Open” button. If you get no results or only a few, remember that all of the criteria you specify must match in a scan. Remove some search criteria to make the search broader.

All text matches will match against a portion of the relevant string from the scan; for example “nmap” will match “scanme.nmap.org”. Matches are case-sensitive, except for matches against the profile, OS, or service version. The “*” wildcard, meaning “match all”, is supported all by itself in text fields, however it has the same effect as leaving the field blank.

Figure 12.10. Search options

Search options

The “Search options” tab, shown in Figure 12.10, “Search options”, allows specifying not what to search for, but where to look and how to search for it.

By default only scans in open scan tabs and those in the recent scans database are searched. The database, described in the section called “The recent scans database”, holds the results of all recent scans, saved or not. You may also search a directory of scan results by putting its name in the “Directory” field. Files with the given file name extension will be searched. You may use more than one extension by separating them with semicolons, for example “usr;xml”. Directory searches are not recursive.

The “Data base” section of the “Search options” tab controls the recent scans database. How long scans are stored in the database can be modified here. Uncheck the “Save scan results in data base…” check box to disable any updates to the recent scans database. Uncheck the “Search saved scan results…” option to search only in saved files in the given directory.


Prev Up Next
The profile editor Home Comparing results
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]