mailing list archives
Re: [FEATURE] Multible scan options in the same run
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 10 Dec 2013 11:03:57 -0600
On 12/10/2013 08:02 AM, John Bond wrote:
I would not discourage someone from attempting to implement this, but I
wouldn't recommend using it. When I try to help someone with an Nmap
scan, the most common thing I end up doing is *removing* parts of their
scan. I feel that an Nmap scan should be targeted to the kind of
information that is desired, and that when people complain about Nmap's
slowness, it is because they are trying to do too much (e.g. -A,
--script all, etc.) at once.
d33tah just made a comment in IRC that it would be useful to run
multiple TCP scan options in the same run and have all results shown.
Something a bit like the following example.
nmap -sA -sT -sI -sF -sW -p 22 localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-10 14:54 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000089s latency).
PORT STATE(sA) STATE(sT) STATE(sI) STATE(sF) STATE(sW) SERVICE
22/tcp unfiltered open unknown open|filtered
Nmap done: 1 IP address (1 host up) scanned in 0.04 second
This would be very useful for working out the best scan type for a
specific network or device and would love to see it implemented.
Some considerations for the implementer:
* How will NSE portrules work when the port is in multiple states?
* How can this be made better than a shell script that runs each type in
Example Perl script is attached.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/