Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nmap comprehensive scan problem via Armitage
From: Shinnok <admin () shinnok com>
Date: Tue, 21 Jun 2011 10:23:50 +0300

On 06/20/2011 10:08 PM, David Fifield wrote:
On Sun, Jun 19, 2011 at 04:26:43PM -0700, Fyodor wrote:
On Fri, Jun 17, 2011 at 12:41:57AM -0700, David Fifield wrote:
On Fri, Jun 17, 2011 at 10:12:08AM +0300, Shinnok wrote:

We already undocumented --script=all. I think the plan is just to remove
it because it's basically useless, for the reasons you cite.

I'm glad we undocumented it.  We might keep it for the rare times it
is useful.  For example "--script-help all" or "--script 'all and not
intrusive'".  I think the latter could be reduced to just "not
intrusive", but some users intuitively use the more verbose version.

It looks like Armitage got the command line from our "Slow comprehensive
scan" Zenmap profile:

command = nmap -sS -sU -T4 -A -v -PE -PS80,443 -PA3389 -PP -PU40125 -PY --source-port 53 --script all

We should change that. What do you think, maybe "discovery and safe"?

Great point!  As Shinook noted, there are some default scripts which
don't match this query.  So maybe "default or (discovery and safe)"
would be better.  Thee are default scripts which aren't in both discovery
and safe categories:

Shinnok, please make this change in share/zenmap/config/scan_profile.usp
and document it in CHANGELOG.

David Fifield

Done. discovery and safe it is.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]