Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [FEATURE] Multible scan options in the same run
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 10 Dec 2013 11:03:57 -0600

On 12/10/2013 08:02 AM, John Bond wrote:
Hello All,

d33tah just made a comment in IRC that it would be useful to run
multiple TCP scan options in the same run and have all results shown.
  Something a bit like the following example.

nmap -sA -sT -sI -sF -sW -p 22 localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-10 14:54 CET
Nmap scan report for localhost (
Host is up (0.000089s latency).
22/tcp   unfiltered      open          unknown    open|filtered
closed          ssh

Nmap done: 1 IP address (1 host up) scanned in 0.04 second

This would be very useful for working out the best scan type for a
specific network or device and would love to see it implemented.

I would not discourage someone from attempting to implement this, but I wouldn't recommend using it. When I try to help someone with an Nmap scan, the most common thing I end up doing is *removing* parts of their scan. I feel that an Nmap scan should be targeted to the kind of information that is desired, and that when people complain about Nmap's slowness, it is because they are trying to do too much (e.g. -A, --script all, etc.) at once.

Some considerations for the implementer:
* How will NSE portrules work when the port is in multiple states?
* How can this be made better than a shell script that runs each type in sequence?

Example Perl script is attached.


Attachment: scantypes.pl

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]