Re: List Scan Hosts and Ports

[MadHat Unspecific <madhat () unspecific com>]

Mark Davidson wrote:
> Hi All
>
> In nmap there is the functionality to list all the hosts that would be
> scanned with given parameters using the -sL option.
> I was wondering is there any possibility of being able to have the
> functionality to output a list of all the hosts and ports that would be
> scanned in a similar fashion?
> As I am currently working on a project that would benefit from this greatly
> or can anyone suggest a way of retrieving the ports that would be scanned in
> another way.
> I have looked at all the nmap options that I can find and the only way that
> I can find of getting a full list of the ports that would be scanned is to
> actually run the scan with debug on, then parse the output.

If you do the scan, you can use -v and use XML or grepable output and it
will list them.  It doesn't change from run to run as far as I know.

$ nmap -T4 -v -oG - 127.0.0.1
# Nmap 4.76 scan initiated Wed Jan 21 10:39:46 2009 as: nmap -T4 -v -oG
- 127.0.0.1
# Ports scanned:
TCP(1000;1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,...)
UDP(0;) PROTOCOLS(0;)
Host: 127.0.0.1 (localhost)     Ports: 22/open/tcp//ssh///,
25/open/tcp//smtp///, 80/open/tcp//http///, 631/open/tcp//ipp///,
3306/open/tcp//mysql///, 24800/open/tcp//unknown///     Ignored State:
closed (994)
# Nmap done at Wed Jan 21 10:39:46 2009 -- 1 IP address (1 host up)
scanned in 0.10 seconds


$ nmap -T4 -v -oX - 127.0.0.1
<?xml version="1.0" ?>
<?xml-stylesheet href="/usr/local/share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 4.76 scan initiated Wed Jan 21 10:40:54 2009 as: nmap -T4 -v
-oX - 127.0.0.1 -->
<nmaprun scanner="nmap" args="nmap -T4 -v -oX - 127.0.0.1"
start="1232556054" startstr="Wed Jan 21 10:40:54 2009" version="4.76"
xmloutputversion="1.02">
<scaninfo type="connect"  protocol="tcp" numservices="1000"
services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,..."
/>
<verbose level="1" />
<debugging level="0" />
<taskbegin task="Ping Scan" time="1232556054" />
<taskend task="Ping Scan" time="1232556054" extrainfo="1 total hosts" />
<taskbegin task="Connect Scan" time="1232556054" />
<taskend task="Connect Scan" time="1232556054" extrainfo="1000 total
ports" />
<host starttime="1232556054" endtime="1232556054"><status state="up"
reason="syn-ack"/>
<address addr="127.0.0.1" addrtype="ipv4" />
<hostnames><hostname name="localhost" type="PTR" /></hostnames>
<ports><extraports state="closed" count="994">
<extrareasons reason="conn-refused" count="994"/>
</extraports>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack"
reason_ttl="0"/><service name="ssh" method="table" conf="3" /></port>
<port protocol="tcp" portid="25"><state state="open" reason="syn-ack"
reason_ttl="0"/><service name="smtp" method="table" conf="3" /></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack"
reason_ttl="0"/><service name="http" method="table" conf="3" /></port>
<port protocol="tcp" portid="631"><state state="open" reason="syn-ack"
reason_ttl="0"/><service name="ipp" method="table" conf="3" /></port>
<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack"
reason_ttl="0"/><service name="mysql" method="table" conf="3" /></port>
<port protocol="tcp" portid="24800"><state state="open" reason="syn-ack"
reason_ttl="0"/><service name="unknown" method="table" conf="3" /></port>
</ports>
<times srtt="603" rttvar="271" to="100000" />
</host>
<runstats><finished time="1232556054" timestr="Wed Jan 21 10:40:54
2009"/><hosts up="1" down="0" total="1" />
<!-- Nmap done at Wed Jan 21 10:40:54 2009; 1 IP address (1 host up)
scanned in 0.07 seconds -->
</runstats></nmaprun>

-- 
MadHat (at) Unspecific.com
"The true man wants two things: danger and play.
 For that reason he wants woman, as the most dangerous plaything."
                          - Friedrich Nietzsche

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org