mailing list archives
Re: [FEATURE] Multible scan options in the same run
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 10 Dec 2013 20:32:52 -0600
Just realized that I fell victim to "overscanning" myself here. The
Nmap command should use -Pn -n, since you probably don't want to run
this on a host that's not confirmed up, and there's no point in
re-accomplishing the reverse DNS lookup. Just an example.
On Tue, Dec 10, 2013 at 11:03 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
On 12/10/2013 08:02 AM, John Bond wrote:
d33tah just made a comment in IRC that it would be useful to run
multiple TCP scan options in the same run and have all results shown.
Something a bit like the following example.
nmap -sA -sT -sI -sF -sW -p 22 localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-10 14:54 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000089s latency).
PORT STATE(sA) STATE(sT) STATE(sI) STATE(sF) STATE(sW) SERVICE
22/tcp unfiltered open unknown open|filtered
Nmap done: 1 IP address (1 host up) scanned in 0.04 second
This would be very useful for working out the best scan type for a
specific network or device and would love to see it implemented.
I would not discourage someone from attempting to implement this, but I
wouldn't recommend using it. When I try to help someone with an Nmap scan,
the most common thing I end up doing is *removing* parts of their scan. I
feel that an Nmap scan should be targeted to the kind of information that is
desired, and that when people complain about Nmap's slowness, it is because
they are trying to do too much (e.g. -A, --script all, etc.) at once.
Some considerations for the implementer:
* How will NSE portrules work when the port is in multiple states?
* How can this be made better than a shell script that runs each type in
Example Perl script is attached.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/