Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[RFC] Partial results for timed-out hosts

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 12 Jan 2020 23:57:52 -0600
Hi, friends!

For a long time, Nmap users have been asking for a way to get partial
results for targets that have timed out during scanning as a result of the
-T5 or --host-timeout options (#64). Now, I think we have a good way to
deliver that feature, and I want to get feedback before committing it.

First, I need to point out another new feature that just got added, because
my proposal follows on from it: the "hosthint" XML output tag (#1858). This
new tag is emitted during host discovery as soon as a target is found to be
up, and contains the same identifying elements as the "host" tag. The
intent is to give some useful information before all the scan phases are
complete for the entire hostgroup. This feature was proposed and
implemented by Paul Miseiko at Rapid7.

The proposed partial output needs to be distinguished clearly from ordinary
output so that it is not interpreted as complete. The "hosthint" element is
already intended to contain a subset of the information in the final
output, so it naturally makes sense to use for this case, too. In the XML
data stream, a timed out host will be output within a "hosthint" element,
with all the same sub-tags and attributes as a completed host, as far as
they are available. Our existing output functions handle missing data very
well, so it was a simple change (patch attached).

In the Normal output stream (such as to STDOUT), the output resembles
ordinary output for a target, but features an extra output line at the
beginning: "Partial results for 192.0.2.1 due to host timeout:"

The Grepable output stream has the same "Host: 192.0.2.1 () Status:
Timeout" line, but then has a "Host: 192.0.2.1 () Status: Up" line and a
"Ports:" line as usual.

As much as possible, I want to hear feedback on the particulars of this
approach. I already know lots of folks are excited to get partial results
back from timed-out targets, so of course I'm excited, too. I just want to
know if this way of doing it will work for most users.

Dan

#1858 - hosthint feature: http://issues.nmap.org/1858
#64 - Nmap should log results when host timeout reached:
http://issues.nmap.org/64

Attachment: timeout-hosthint.patch, modifications to nmap.cc to print host
output when timeout is reached.

Attachment: timeout-hosthint.patch
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: