Nmap -O –osscan-guess 192.168.0.0/24 > scan.txt
cat scan.txt
Filter Windows 10 and 11 save result to .csv
#!/bin/bash
# ✅ 自動升權為 root
if [ “$EUID” -ne 0 ]; then
echo “🔒 本腳本需使用 root 權限,嘗試以 sudo 重新執行…”
exec sudo “$0” “$@”
fi
# ✅ 可自訂參數
TARGET_SUBNET=”192.168.0.0/24″
EMAIL_TO=”you@example.com”
EMAIL_SUBJECT=”Windows OS Scan Report”
NOW=$(date ‘+%Y%m%d_%H%M%S’)
OUTPUT_FILE=”win_os_scan_${NOW}.csv”
# ✅ 執行掃描與轉換
nmap -O –osscan-guess -p 21,22,23,25,80,135,139,445,3389 -R “$TARGET_SUBNET” | awk -v subnet=”$TARGET_SUBNET” ‘
BEGIN {
print “Scan Target: ” subnet
print “Timestamp: ” strftime(“%Y-%m-%d %H:%M:%S”)
print “IP,Hostname,Guess”
}
/^Nmap scan report for/ {
ip = “”; host = “”; guess = “”
if ($0 ~ /\(.*\)/) {
match($0, /for (.*) \((.*)\)/, m)
host = m[1]
ip = m[2]
} else {
match($0, /for (.*)/, m)
ip = m[1]
host = “(none)”
}
}
/^Aggressive OS guesses:/ {
if ($0 ~ /Windows (10|11)|Windows Server/) {
match($0, /Aggressive OS guesses: (.*)/, arr)
split(arr[1], guesses, “,”)
guess = “”
for (i in guesses) {
if (guesses[i] ~ /Windows (10|11)|Windows Server/) {
gsub(/^[ \t]+|[ \t]+$/, “”, guesses[i])
gsub(/”/, “\”\””, guesses[i])
guess = guess guesses[i] “; ”
}
}
gsub(/; $/, “”, guess)
gsub(/”/, “\”\””, host)
print ip “,\”” host “\”,\”” guess “\””
}
}
‘ > “$OUTPUT_FILE”
# ✅ 顯示結果位置
echo “Report saved to: $OUTPUT_FILE”
# ✅ 發送 Email(mail 或 mutt 擇一)
if command -v mail >/dev/null 2>&1; then
echo “Windows scan report generated on $NOW” | mail -s “$EMAIL_SUBJECT” -a “$OUTPUT_FILE” “$EMAIL_TO”
echo “Report emailed to $EMAIL_TO”
elif command -v mutt >/dev/null 2>&1; then
echo “Windows scan report generated on $NOW” | mutt -s “$EMAIL_SUBJECT” -a “$OUTPUT_FILE” — “$EMAIL_TO”
echo “Report emailed to $EMAIL_TO”
else
echo “⚠️ mail or mutt command not found — skipping email.”
fi
Save the code named win_os_scan_report.sh
run the shell ./win_os_scan_report.sh get below csv file
