# Nmap (Assets)

PlexTrac supports importing asset information into the **Clients** module from **Nmap** in XML. Nmap, short for "Network Mapper," is an open-source network scanning tool that allows network administrators and security professionals to discover devices on a network, identify open ports and services, gather information about those services, perform OS fingerprinting, and automate tasks using custom scripts. 

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2Fe2CMFpqJaGZV00m17Dzh%2Fimage.png?alt=media&#x26;token=1aa433b2-5078-4a21-8fcb-0420234dc8a7" alt="" width="166"><figcaption></figcaption></figure></div>

## Field Mappings

All `<host/>` elements with a child `<status/>` containing the `state="up"` property will be parsed as an asset.\
\
If a field is not listed, then PlexTrac does not currently import.

* **Hostname:** Derived from the inner `<hostname name="host"/>` element’s **name** property.\
  \
  `<hostnames> <hostname name="<hostname>"/> </hostnames>`

{% hint style="info" %}
If no hostname is found from the elements above, the hostname is derived from the **IP Address** `address addr` element’s value.
{% endhint %}

* **IP Address** (for hostname)**:** `<address addr="<hostname>"/>`. This is also added to the **Known IPs** field on the asset.
* **Description:** Defaults to `"This asset was originally discovered via Nmap import."`

### **Ports**

All Ports data comes from the following element:\
\
`<ports> <port protocol="${port protocol}" portid="${port number}"> <state="open"/> </port> </ports>`

If a `<port/>` element does not have a `<state="open"/>` child element, it will not get imported with the rest of the asset’s ports.

* **Port number:** `<port portid="PORT NUMBER" .../>`
* **Port protocol:** `<port protocol="PORT PROTOCOL" .../>`
* **Port service:** The service information for a Port can be found inside the parent `<ports/>` element\
  \
  `<service name="" product="" version="" extrainfo="" />`\
  \
  The **Port service** name and **Port version** derive from a combination of `product`, version and `extrainfo` from the `<service/>` element.

### Vulnerable Parameters <a href="#vulnerable-params" id="vulnerable-params"></a>

Vulnerable parameters are similar to ports and derived from the parent `<ports/>` element  within the `<script/>` element.

Each `<table/>` element inside another `<table/>` element will be parsed as a vulnerable parameter.

For each of these vulnerable parameters, there will be multiple `<elem />` elements containing the details for each parameter.

If the `<elem .../>` has the property `key="id"`, this value will be added to the **CVE** information of the corresponding finding.

If the `<elem .../>` has the property `key="cvss"`, this value will be added to the **CVSS** information of the corresponding finding and used to help set the severity.