Nmap scan for SNMP enabled devices

Nmap doesn't contain much in the way of output filtering options: --open will limit output to hosts containing open ports (any open ports). -v0 will prevent any output to the screen.

Instead, the best way to accomplish this is to save the XML output of the scan (using the -oX or -oA output options), which will contain all the information gathered by the scan in an easy-to-parse XML format. Then you can filter that with XML parsing tools to include the information you want.

One command-line XML parser is xmlstarlet. You can use this command to filter out only IP addresses for targets that have sysdescr containing the string "example":

xmlstarlet sel -t -m "//port/script[@id='snmpsysdescr' and contains(@output,'example')]/../../../address[@addrtype='ipv4']" -v @addr -n output.xml

You can also do this with Ndiff, which is a tool and Python 2 library distributed with Nmap:

#!/usr/bin/env python

import ndiff

def sysdescr_contains (value, host):
  for port in host.ports:
    for script in filter(lambda x: x.id == u"snmp-sysdescr", port.script_results):
      if value in script.output:
        return True
  return False

def usage ():
  print """Look for <substring> in snmp-sysdescr output and print matching hosts.
Usage: {} <filename.xml> <substring>"""

if __name__ == "__main__":
  import sys
  if len(sys.argv) < 3:
    usage()
    exit(1)

  scan = ndiff.Scan()
  scan.load_from_file(sys.argv[1])

  for host in filter(lambda x: sysdescr_contains(sys.argv[2], x), scan.hosts):
    print host.format_name()

Other Nmap-output parsing libraries are available in most common programming languages.