# Cute Outputs

Once you’ve done your scan and found juicy stuff — open ports, services, vulnerabilities — it’s time to **save it**. You don’t want to scroll through history or re-scan just to remember what port was open.

Nmap gives you **multiple ways to save the output**, depending on what format you like: simple text, grep-friendly, XML for tools, or even all of them at once.

## Save Output to a File with `-oN`

This saves the scan in **normal text format**, just like what you see in the terminal.

<pre class="language-bash"><code class="lang-bash">❯ nmap 10.10.20.208 -sCV -T4 -oN filename
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-04-24 13:31 +0545
[//..SNIP..//]
Nmap scan report for 10.10.20.208
Host is up (0.25s latency).
Not shown: 995 filtered tcp ports (no-response)
PORT     STATE SERVICE       VERSION
21/tcp   open  ftp           FileZilla ftpd
| ftp-syst: 
|_  SYST: UNIX emulated by FileZilla
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_Can't get directory listing: TIMEOUT
53/tcp   open  domain        Simple DNS Plus
80/tcp   open  http          Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
|_http-title: IIS Windows Server
| http-methods: 
|_  Potentially risky methods: TRACE
135/tcp  open  msrpc         Microsoft Windows RPC
3389/tcp open  ms-wbt-server Microsoft Terminal Services
| ssl-cert: Subject: commonName=win-scan
| Not valid before: 2025-04-23T06:30:02
|_Not valid after:  2025-10-23T06:30:02
| rdp-ntlm-info: 
|   Target_Name: WIN-SCAN
|   NetBIOS_Domain_Name: WIN-SCAN
|   NetBIOS_Computer_Name: WIN-SCAN
|   DNS_Domain_Name: win-scan
|   DNS_Computer_Name: win-scan
|   Product_Version: 10.0.17763
|_  System_Time: 2025-04-24T07:47:28+00:00
|_ssl-date: 2025-04-24T07:47:59+00:00; -1s from scanner time.
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: -1s, deviation: 0s, median: -1s

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 63.83 seconds

<strong>❯ cat filename  
</strong># Nmap 7.94SVN scan initiated Thu Apr 24 13:31:58 2025 as: nmap -sCV -T4 -oN filename 10.10.20.208
Nmap scan report for 10.10.20.208
Host is up (0.25s latency).
Not shown: 995 filtered tcp ports (no-response)
PORT     STATE SERVICE       VERSION
21/tcp   open  ftp           FileZilla ftpd
| ftp-syst: 
|_  SYST: UNIX emulated by FileZilla
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_Can't get directory listing: TIMEOUT
[//..SNIP..//]
</code></pre>

This is perfect if you just want to **read it later** or share it in a report.

## Grepable Format with `-oG`&#x20;

This format is made for tools or quick searching:

<pre class="language-bash"><code class="lang-bash"><strong>❯ nmap 10.10.20.208 -sV -T4 -oG nmap-grepable-output.txt 
</strong>Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-04-24 13:34 +0545
[//..SNIP..//]

<strong>❯ grep open nmap-grepable-output.txt                                            
</strong>Host: 10.10.20.208 ()	Ports: 21/open/tcp//ftp//FileZilla ftpd/, 53/open/tcp//domain//Simple DNS Plus/, 80/open/tcp//http//Microsoft IIS httpd 10.0/, 135/open/tcp//msrpc//Microsoft Windows RPC/, 3389/open/tcp//ms-wbt-server//Microsoft Terminal Services/	Ignored State: filtered (995)
</code></pre>

It is useful when scanning lots of IPs and need to pull out only open ports or certain services.

## XML Format with `-oX`&#x20;

If you want to use your scan results in other tools (like Zenmap, Nmap visualizers, or your own script), save it as XML:

```bash
❯ nmap -T4 -sV -oX scan.xml 10.10.20.208
```

<figure><img src="/files/naI2CMZL1i6bZE6uNrQ3" alt=""><figcaption><p>XML Content</p></figcaption></figure>

XML is structured and can be parsed by automation tools or security dashboards.

### Convert XML to HTML

When you save your scan using `-oX` or `-oA`, you get an XML file. That file is structured — which means we can **transform it into a nicely formatted HTML report**.

We can transform using `xsltproc`.

```bash
❯ sudo apt install xsltproc # Install the tool use to parse and transform
```

We can then use the tool like so:

```bash
❯ xsltproc scan.xml -o scan.html 
```

This will make scan.html file in current directory. We can open the file in browser using:

```bash
❯ open scan.html
```

<figure><img src="/files/7ZMvRq40rWWpDSMya1Hl" alt=""><figcaption></figcaption></figure>

## All Formats at Once: `-oA`&#x20;

Want all of the above in one go? Use `-oA`:

```bash
❯ nmap -sV -oA myscan 10.10.20.208
```

This saves:

* `myscan.nmap` (normal)
* `myscan.gnmap` (grepable)
* `myscan.xml` (XML)

Now you’ve got **everything**, no need to re-run the scan.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://handbook.ncateam.xyz/reconnaissance/network-enumeration/cute-outputs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.