Boxing Octopus

Browsing Category DevSecOps

DevSecOps / infosec

How to Make Nmap Output Prettier: Part 2 – Nmap Bootstrap XSL

In part 1, I showed you how to make Nmap output prettier on the console by transforming Nmap’s output into JSON and YAML. But maybe you want something web-facing, say for a report or for a dashboard. Fear not, there are a couple of solutions for this. The first I’ll discuss, is adding custom XSL stylesheets to Nmap’s XML output format.

In this case, a lot of the work of making things look fancy has been done for us by Andreas Hontzia and his nmap-bootstrap-xsl project, which applies Twitter’s Bootstrap CSS to XML via XSL stylesheet rules.

The easiest way to leverage this XSL stylesheet is by simply referencing it in your Nmap command, like so:

nmap -sS -T4 -A -sC -oA scanme \
     --stylesheet \

Once your Nmap scan finishes, you should end up with an HTML file which you can open in a browser. The end result should look something like this:

Not bad, but having a bunch of static HTML lying around is kinda ugly in my opinion. So what if we could turn these into a dynamic web dashboard where you could drill down into scans and get really in-depth, AND also generate PDF reports…For that, we need Rev3rseSecurity‘s WebMap tool.

WebMap is an EXTREMELY powerful dashboard for Nmap scans; written in Python using the Django web framework, Rev3rseSecurity recommends that their tool be set up in a Docker container, so that’s what we’ll do.

However, I’m going to save WebMap for part 3, as I intend to also show you how to leverage tools like DigitalOcean’s “Spaces” Object Storage solution to store your Nmap scan data for WebMap.