Nmap (Assets)

PlexTrac supports importing asset information into the Clients module from Nmap in XML. Nmap, short for "Network Mapper," is an open-source network scanning tool that allows network administrators and security professionals to discover devices on a network, identify open ports and services, gather information about those services, perform OS fingerprinting, and automate tasks using custom scripts.

Field Mappings

All <host/> elements with a child <status/> containing the state="up" property will be parsed as an asset. If a field is not listed, then PlexTrac does not currently import.

Hostname: Derived from the inner <hostname name="host"/> element’s name property. <hostnames> <hostname name="<hostname>"/> </hostnames>

If no hostname is found from the elements above, the hostname is derived from the IP Address address addr element’s value.

IP Address (for hostname): <address addr="<hostname>"/>. This is also added to the Known IPs field on the asset.
Description: Defaults to "This asset was originally discovered via Nmap import."

Ports

All Ports data comes from the following element: <ports> <port protocol="${port protocol}" portid="${port number}"> <state="open"/> </port> </ports>

If a <port/> element does not have a <state="open"/> child element, it will not get imported with the rest of the asset’s ports.

Port number: <port portid="PORT NUMBER" .../>
Port protocol: <port protocol="PORT PROTOCOL" .../>
Port service: The service information for a Port can be found inside the parent <ports/> element <service name="" product="" version="" extrainfo="" /> The Port service name and Port version derive from a combination of product, version and extrainfo from the <service/> element.

Vulnerable Parameters

Vulnerable parameters are similar to ports and derived from the parent <ports/> element within the <script/> element.

Each <table/> element inside another <table/> element will be parsed as a vulnerable parameter.

For each of these vulnerable parameters, there will be multiple <elem /> elements containing the details for each parameter.

If the <elem .../> has the property key="id", this value will be added to the CVE information of the corresponding finding.

If the <elem .../> has the property key="cvss", this value will be added to the CVSS information of the corresponding finding and used to help set the severity.

PreviousNipper NextNmap Vulners NSE

Last updated 10 months ago

Was this helpful?

Field Mappings

All <host/> elements with a child <status/> containing the state="up" property will be parsed as an asset. If a field is not listed, then PlexTrac does not currently import.

Hostname: Derived from the inner <hostname name="host"/> element’s name property. <hostnames> <hostname name="<hostname>"/> </hostnames>

If no hostname is found from the elements above, the hostname is derived from the IP Address address addr element’s value.

IP Address (for hostname): <address addr="<hostname>"/>. This is also added to the Known IPs field on the asset.

Description: Defaults to "This asset was originally discovered via Nmap import."

Ports

All Ports data comes from the following element: <ports> <port protocol="${port protocol}" portid="${port number}"> <state="open"/> </port> </ports>

If a <port/> element does not have a <state="open"/> child element, it will not get imported with the rest of the asset’s ports.

Port number: <port portid="PORT NUMBER" .../>

Port protocol: <port protocol="PORT PROTOCOL" .../>

Port service: The service information for a Port can be found inside the parent <ports/> element <service name="" product="" version="" extrainfo="" /> The Port service name and Port version derive from a combination of product, version and extrainfo from the <service/> element.

Vulnerable Parameters

Vulnerable parameters are similar to ports and derived from the parent <ports/> element within the <script/> element.

Each <table/> element inside another <table/> element will be parsed as a vulnerable parameter.

For each of these vulnerable parameters, there will be multiple <elem /> elements containing the details for each parameter.

If the <elem .../> has the property key="id", this value will be added to the CVE information of the corresponding finding.

If the <elem .../> has the property key="cvss", this value will be added to the CVSS information of the corresponding finding and used to help set the severity.