Nmap is a common tool used in the reconnaissance phase of a web application test. It is normally used to scan ports with a variety of options to help you customise the scan to exactly how you like it. For instance, do you want to do TCP or UDP? What TCP flags do you want to set? Is there a particular Nmap script that you would like to run, such as checking for Network Time Protocol (NTP) reflection, but on a non-default port? The list can be endless.

The Nmap output is easy to read, but not very easy to use in a programmatic way. This simple recipe will convert XML output from Nmap (through the use of the –oX flag when running an Nmap scan) and convert it to CSV output.