Re: [BUG] Nmap host specification parsing

[David Fifield <david () bamsoftware com>]

On Sun, Jun 14, 2009 at 03:43:12AM +0300, ithilgore wrote:
> It applies to the latest svn version and the problem is that when
> you put an extra comma ',' after any host, then Nmap adds an
> additional target to the list. The target is the IP that corresponds
> to 0 for the least significant byte and for the rest of the bytes to
> the same class network as the host before the comma.
>
> $ nmap -sL -n 10.0.0.1, 10.0.0.2
>
> Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2009-06-14 03:33 EEST
>
> Host 10.0.0.1 not scanned
> Host 10.0.0.0 not scanned
> Host 10.0.0.2 not scanned
> Nmap done: 3 IP addresses (0 hosts up) scanned in 0.00 seconds

I found some other undocumented syntax supported by Nmap a while ago.

http://seclists.org/nmap-dev/2009/q1/0451.html

We talked about having Nmap use the Ncat code a little bit, because the
Ncat code has tests and fewer quirks. Ncat's addrset code doesn't
support host enumeration, but there's nothing in the design to keep that
from being implemented.

http://seclists.org/nmap-dev/2009/q1/0494.html
http://nmap.org/svn/ncat/test/test-addrset.sh

So if it helps, you could use the Ncat code in Ncrack, or just port the
Ncat code into TargetGroup.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org