--- nmap.cc.orig 2003-02-24 21:51:56.000000000 -0500 +++ nmap.cc 2003-02-24 21:24:08.000000000 -0500 @@ -136,7 +136,7 @@ size_t j, argvlen; FILE *inputfd = NULL; char *host_spec; - short fastscan=0, randomize=1, resolve_all=0; + short randomize=1, resolve_all=0; short quashargv = 0; int numhosts_scanned = 0; char **host_exp_group; @@ -171,6 +171,7 @@ int option_index; struct option long_options[] = { + {"fastscan", required_argument, 0, 'F'}, {"version", no_argument, 0, 'V'}, {"verbose", no_argument, 0, 'v'}, {"debug", optional_argument, 0, 'd'}, @@ -231,7 +232,7 @@ /* OK, lets parse these args! */ optind = 1; /* so it can be called multiple times */ - while((arg = getopt_long_only(argc,fakeargv,"6b:D:d::e:Ffg:hIi:M:m:NnOo:P:p:qRrS:s:T:Vv", long_options, &option_index)) != EOF) { + while((arg = getopt_long_only(argc,fakeargv,"6b:D:d::e:F::fg:hIi:M:m:NnOo:P:p:qRrS:s:T:Vv", long_options, &option_index)) != EOF) { switch(arg) { case 0: if (strcmp(long_options[option_index].name, "max_rtt_timeout") == 0) { @@ -367,6 +368,11 @@ } else if (strcmp(long_options[option_index].name, "vv") == 0) { /* Compatability hack ... ugly */ o.verbose += 2; + } else if (strcmp(long_options[option_index].name, "fastscan") == 0) { + o.fastscan = 1; + if (optarg != NULL) { + strcpy(o.fastscanfilename,optarg); + } } else { fatal("Unknown long option (%s) given@#!$#$", long_options[option_index].name); } @@ -417,7 +423,12 @@ break; case 'e': strncpy(o.device, optarg,63); o.device[63] = '\0'; break; - case 'F': fastscan++; break; + case 'F': + o.fastscan = 1; + if (optarg != NULL) { + strcpy(o.fastscanfilename,optarg); + } + break; case 'f': o.fragscan++; break; case 'g': o.magic_port = atoi(optarg); @@ -623,15 +634,15 @@ if (!o.interactivemode) log_write(LOG_STDOUT|LOG_SKID, "\nStarting %s V. %s ( %s )\n", NMAP_NAME, NMAP_VERSION, NMAP_URL); - if ((o.pingscan || o.listscan) && fastscan) { + if ((o.pingscan || o.listscan) && o.fastscan) { fatal("The fast scan (-F) is incompatible with ping scan"); } - if (fastscan && ports) { + if (o.fastscan && ports) { fatal("You can specify fast scan (-F) or explicitly select individual ports (-p), but not both"); - } else if (fastscan && o.ipprotscan) { + } else if (o.fastscan && o.ipprotscan) { ports = getfastprots(); - } else if (fastscan) { + } else if (o.fastscan) { ports = getfastports(o.TCPScan(), o.UDPScan()); } @@ -1243,7 +1254,7 @@ "Some Common Options (none are required, most can be combined):\n" "* -O Use TCP/IP fingerprinting to guess remote operating system\n" " -p ports to scan. Example range: '1-1024,1080,6666,31337'\n" - " -F Only scans ports listed in nmap-services\n" + " -F[file] Only scans ports listed in optional file else uses nmap-services\n" " -v Verbose. Its use is recommended. Use twice for greater effect.\n" " -P0 Don't ping hosts (needed to scan www.microsoft.com and others)\n" "* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys\n" --- services.cc.orig 2003-02-24 21:52:05.000000000 -0500 +++ services.cc 2003-02-24 21:07:23.000000000 -0500 @@ -64,6 +64,10 @@ struct service_list *current, *previous; int res; + // if no fastscanfilename specified then do standard nmap-services file handling... + + if (strcmp(o.fastscanfilename,"") == 0) { + if (nmap_fetchfile(filename, sizeof(filename), "nmap-services") == -1) { #ifndef WIN32 error("Unable to find nmap-services! Resorting to /etc/services"); @@ -88,6 +92,12 @@ #endif } + // no need to search for specified fastscanfilename + } + else { + strcpy(filename,o.fastscanfilename); + } + fp = fopen(filename, "r"); if (!fp) { fatal("Unable to open %s for reading service information", filename); @@ -191,7 +201,7 @@ if (!services_initialized) if (nmap_services_init() == -1) - fatal("Getfastports: Coudn't get port numbers"); + fatal("Getdefaultports: Coudn't get port numbers"); bzero(usedports, sizeof(usedports)); for(bucket = 1; bucket < 1025; bucket++) { --- protocols.cc.orig 2003-02-24 21:52:20.000000000 -0500 +++ protocols.cc 2003-02-24 21:19:13.000000000 -0500 @@ -63,11 +63,21 @@ struct protocol_list *current, *previous; int res; + // if no fastscanfilename specified then do standard nmap protocols file handling... + + if (strcmp(o.fastscanfilename,"") == 0) { + if (nmap_fetchfile(filename, sizeof(filename), "nmap-protocols") == -1) { error("Unable to find nmap-protocols! Resorting to /etc/protocol"); strcpy(filename, "/etc/protocols"); } + // no need to search for specified fastscanfilename + } + else { + strcpy(filename,o.fastscanfilename); + } + fp = fopen(filename, "r"); if (!fp) { fatal("Unable to open %s for reading protocol information", filename); --- NmapOps.cc.orig 2003-02-24 21:52:39.000000000 -0500 +++ NmapOps.cc 2003-02-24 20:44:05.000000000 -0500 @@ -153,6 +153,8 @@ nmap_stdout = stdout; gettimeofday(&start_time, NULL); pTrace = false; + fastscan = 0; + strcpy(fastscanfilename,""); } bool NmapOps::TCPScan() { --- NmapOps.h.orig 2003-02-24 21:52:45.000000000 -0500 +++ NmapOps.h 2003-02-24 17:00:37.000000000 -0500 @@ -110,6 +110,10 @@ FIN scan into a PSH scan. Sort of a hack, but can be very useful sometimes. */ + // store fastscan flag and filename in options class for easy access + int fastscan; + char fastscanfilename[512]; + struct in_addr resume_ip; /* The last IP in the log file if user requested --restore . Otherwise restore_ip.s_addr == 0. Also