Home page logo

nmap-dev logo Nmap Development mailing list archives

Feature request: option to tolerate non-resolvable exclude/excl udefile entries
From: <michael () zbuffer com>
Date: Mon, 16 Dec 2013 22:18:57 +0000

I've read the documentation, searched the nmap-dev archive and Google. I don't believe this feature exists. Apologies 
if I've missed something.

Consider the following scenario:
You'd like to identify computers that are not included in a given list of hostnames. For example, finding Windows 
computers in a given target network space that are not part of Active Directory. In this example, you might dump Active 
Directory computer hostnames into a file called domaincomputers.txt and use the -excludefile command to instruct nmap 
to load the file, resolve the contents through DNS, and exclude the result from the scan. You'd end up with a command 
that might look something like:

nmap -p 135-139,3389 -Pn --open --excludefile "domaincomputers.txt" 192.168.1.*

If there is an entry in the excludefile that cannot be resolved by DNS, nmap returns:

     Starting Nmap 6.40 ( http://nmap.org ) at 2013-11-27 10:47 Central Daylight Time

     Error resolving name "foo": No such host is known.


I understand the reasoning behind this behavior. I think it makes great sense to exit by default when an excludefile 
entry cannot be resolved. This could avoid a very bad day for someone who has a machine that won't tolerate a scan, or 
for a pentester who knows a particular host is very well monitored. In the above scenario however, the list may contain 
computers that are not resolvable, and that's okay for our purposes.

The feature I'm requesting is an additional option that, when specified, causes nmap to note entries that are not 
resolvable, as in the above output, but to continue parsing and resolving the excludefile. While I have used 
--excludefile,  I believe the --exclude option should logically also respond to such a command.

Thanks for nmap, and for your consideration.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Feature request: option to tolerate non-resolvable exclude/excl udefile entries michael (Dec 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]