Nmap Development mailing list archives
Re: Output File Bug
From: David Fifield <david () bamsoftware com>
Date: Sun, 24 May 2009 20:12:31 -0600
On Fri, May 22, 2009 at 03:33:38PM +0100, Sebastien J. wrote:
I've been running conficker scans for a client and discovered something that is part user-error part bug. The command I've been running (using nmap 4.85BETA9) is: nmap -PN -T4 -p139,445 -n -v -oN [filename] --script=smb-check-vulns --script-args safe=1 [targetnetworks] At some point during my scans I wanted to stop writing out to a file, so I removed the file name without being careful to remove -oN. This resulted in a file being written called "--script", and the scan completing but not running the scripts correctly (since nmap didn't register --script as an actual option). Instead I would probably expect nmap to do one of two things: a) write out a file anyway with some kind of default name (nmap_date_time), or b) quit and demand a file name. Since almost nobody would begin a filename with a '-', it may be safe to check for this in the string that follows -oN (or -oSomething), and do one of the two above if this is the case.
Thank you for reporting this. It does seem to be an easy mistake to make. My first impression is that nothing should be changed. Most command-line programs work the way Nmap does here. Option (a) is not possible in general because there's no reliable way to guess whether the thing that follows -oN is a file name or not. Option (b) is reasonable, but it would have to be a warning not an error. Things like this are nice for interative use but they increase the burden on writers of programs and libraries that run Nmap. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Output File Bug Sebastien J. (May 22)
- Re: Output File Bug David Fifield (May 24)