如何清理 masscan 输出 (-oG)

Question

我对带有-oG 选项的masscan 实用程序产生的输出有疑问（“grep-able”输出）；例如，它输出：

# Masscan 1.0.3 scan initiated Wed Jun  4 01:35:02 2014
# Ports scanned: TCP(3;21-23,) UDP(0;) SCTP(0;) PROTOCOLS(0;)
Host: 192.168.100.19 () Ports: 2222/open/tcp////
Host: 192.168.100.13 () Ports: 2222/open/tcp////
Host: 192.168.100.16 () Ports: 443/open/tcp////
Host: 192.168.100.8 ()  Ports: 21/open/tcp////
Host: 192.168.100.5 ()  Ports: 22/open/tcp////
Host: 192.168.100.5 ()  Ports: 443/open/tcp////
Host: 192.168.100.16 () Ports: 80/open/tcp////
Host: 192.168.100.19 () Ports: 22/open/tcp////
Host: 192.168.100.7 ()  Ports: 80/open/tcp////
Host: 192.168.100.8 ()  Ports: 80/open/tcp////
Host: 192.168.100.12 () Ports: 2222/open/tcp////
Host: 192.168.100.13 () Ports: 22/open/tcp////
# Masscan done at Wed Jun  4 01:35:16 2014

以上内容可读性不好，也不好理解。

如何使用 Linux 命令行实用程序，例如sed，awk，或grep，使用上面的文件输出如下内容？

Host: 192.168.100.5
Ports: 22, 443

Host: 192.168.100.7
Ports: 80

Host: 192.168.100.8
Ports: 21, 80

Host: 192.168.100.12
Ports: 2222

Host: 192.168.100.13
Ports: 2222, 22

......

如您所见，输出在此布局中更具可读性： 按 IP 地址排序，与下面列出的所有 个关联端口，在具有相同 IP 地址的多个输入行中合并。

Answer 1

试试这个：

awk -F' +|/' '
  !/\s*#/ {    # ignore comment lines
      # Add the port on the current line to the associative array 
      # element for the IP address on the current line.
    ips[$2] = ips[$2] (ips[$2] == "" ? $5 : ", " $5)
  }
  END {
      # Enumerate all IPs and the ports for each.
      # Since the IPs will be listed in no specific order, the output
      # is piped as a _single_ line to "sort" in order to sort by IP address,
      # and then expanded into 2 lines via "tr".
    for (ip in ips) {
      printf "Host: %s@Ports: %s@\n", ip, ips[ip] | \
        "sort -t. -n -k 1.6,1 -k 2,2 -k 3,3 -k 4,4 | tr @ \"\n\""
    } 
  }
  ' file

• 此解决方案正确地按 IP 地址对输出进行排序，并用逗号分隔端口。
• 相比之下，对于给定的 IP 地址，端口号按照它们在输入中遇到的顺序列出（如问题中的示例输出数据所示）。