Re: status line in nmap

[ian.vitek () ixsecurity com]

Yo!
We at iXsecurity have problems when pentesting firewalls. We want to know how
long time the scan will take (with our timing switches).
Therefor have we added a -c switch to nmap. There is still problems with resends
(firewalled ports) but the solution below is acceptable.
The output is two status rows updated every second:
--------------------------------------------------------
root@trapper:/hacktools# nmap -sS -p 1- -c -n 10.0.0.1

Starting nmap V. 2.54BETA7IAN ( www.insecure.org/nmap/ )
Tried: 25080 (0 resends)
P/S:  3582.86 ETS:      11

--------------------------------------------------------

Legend:
Tried=ports tried
resends=firewalled resends or similar (setting a port to PORT_FRESH)
P/S=ports per second
ETS=Estimated Time of Scan in seconds


The cursor is moved to the "T" in Tried so if something is written (verbose
output or results) the two status rows is overwritten and the next status
information continues at the end.
Nothing is written to the log.
This is only tested on standard unix terminals. The "\e[28D\e[A" is taken from
the linux termcap file.
Can this be included into the next nmap version?
Best regards
//Ian Vitek, iXsecurity
Cell: +46-70-2293917
PS: See Fyodors remarks below.

scan_engine.c 2.54BETA7
=======================
531a532,533
>   int itimes = 0;
>   int iresends = 0;
544a547
>   int lastcheckedtime;
707a711
>   lastcheckedtime = starttime;
914a919,926
>             if (o.count) {
>               itimes++;
>               if ( time(NULL) != lastcheckedtime ) {
>                 lastcheckedtime = time(NULL);
>                 log_write(LOG_STDOUT, "Tried: %5d (%d resends)      \nP/S:
%8.2f ETS: %7.0f \e[28D\e[A", itimes , iresends ,  (double) ( itimes ) / ( 1 +
lastcheckedtime - starttime ) , (double) ( o.numports - itimes + iresends ) / (
(double) itimes / ( 1 + lastcheckedtime - starttime ) ) );
>                 log_flush(LOG_STDOUT);
>               }
>             }
1042a1055
>           iresends++;
1241a1255,1257
>   int lastcheckedtime;
>   int itimes = 0;
>   int iresends = 0;
1345a1362
>   lastcheckedtime = starttime;
1427a1445,1452
>             if (o.count) {
>               itimes++;
>               if ( time(NULL) != lastcheckedtime ) {
>                 lastcheckedtime = time(NULL);
>                 log_write(LOG_STDOUT, "Tried: %5d (%d resends)      \nP/S:
%8.2f ETS: %7.0f \e[28D\e[A", itimes , iresends ,  (double) itimes / ( 1 +
lastcheckedtime - starttime ) , (double) ( o.numports - itimes + iresends ) / (
(double) ( itimes + iresends ) / ( 1 + lastcheckedtime - starttime ) ) );
>                 log_flush(LOG_STDOUT);
>               }
>             }
1648a1674
>       iresends++;



===================================================

I am a Unix freak. 8) This meens that I can't, not jet, do WinNT CMD.EXE cursor
moves or XML tagging :(
The status line is now working for TCP/Syn/X/Null/Fin/RPC scans. Shouldn't be to
hard to implement it to FTP-bounce.

To time the whole scan I need to count computers done. This is not done in the
scan_engine.c... Well I do not have the time to implement this feature.

Thanks for a good tool!
//Ian Vitek, iXsecurity
PS: hackers () guardianit se is hackers () ixsecurity com, pentesters (whitehat
hackers) at ixsecurity.


---------------------------------------------------

Neat!  You might want to send that to nmap-dev () insecure org (the latter is
much smaller -- only about 200 people vs. 11,000 in the hackers list).

I would love to add this sort of functionality to Nmap, but it has to be
full featured and general.  But if you have time, it would certainly be a
useful contribution.  Here are some of the things I think would be
important in such a feature:

-- It should work on the large majority of terminal types -- this
includes normal VT100, Xterm, and console terminals.  Maybe your
"\e[28D\e[A" is portable enough already.  Otherwise something link ncurses
or curses should probably be used (and ./configure should just disable the
feature if the *curses library isn't available)

-- It should provide the capability for later support by Nmap GUIs.  This
probably just means outputing an XML tag every 10 seconds or so giving the
current status info that you are printing to the terminal.

-- It should support all the scan types (even though some of the estimates
might not be so good on some of them).

-- It would be very nice (although probably not essential) if it gave an
idea of estimated time for the whole Nmap run to finish, rather than just
the current scan.

By the way, who are Hackers () guardianit se ?

Cheers,
-F




---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).