The list of hosts can be filtered by a filter string. When the filter
is active, only the hosts matching the filter string will be shown.
The other hosts are still present in the inventory, but hidden. Using
a filter string, you can quickly narrow down a large scan to just the
hosts you are interested in.
shows the host filter in action, finding the two hosts out of nine
Figure 12.12. Host filter
The host filter is activated by clicking the “Filter
Hosts” button, selecting “Filter
Hosts” from the “Tools” menu, or
This will raise the filter bar at the bottom of the screen. Hosts are
filtered live as you type. To disable the filter, click
“Filter Hosts” or press
ctrl+L again to
hide the filter bar.
This simplest form of host filtering is basic keyword matching. Enter
one or more strings such as
telnet, and it
will match hosts that have the string anywhere in their
information—as a hostname or IP address, port name or number, OS
match, or service version string. If more than one word is in the
filter string, all the words must match for a host to be shown.
For more specific results, the host filter also supports matching only
specific data fields in each host. The syntax supported is a subset of
the search criteria discussed in detail in
the section called “Searching Saved Results”. The criteria allowed in the host
|port states: |
os: (operating system);
service: (service version); and
inroute: (host in route).
Here are some examples of host filter strings.
This keyword search matches hosts that have been found to be
running the Apache web server, but will also match any other host
with “apache” in it, for example one named
This is like the previous string, but it will only match
“apache” in a service version.
- os:linux ssh
Shows Linux hosts that are running SSH.
Shows all hosts with port 445 open.