Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: exclude targets

From: David Fifield <david () bamsoftware com>
Date: Tue, 17 Nov 2009 18:40:20 -0700
On Sat, Nov 07, 2009 at 02:34:47PM +0100, Si Stransky wrote:

Are --exclude --excludefile supposed to actually work with random scan
-iR x? If not it should be forbidden to call such command (warn user
and gracefully exit)
I noticed there is a thing when excluding very large netblocks in a
random scan: the thing is that if -for example- 300 IPs are requested
from command line (-iR 300) and there is an exclusion (--exclude
bignetblock) it may happen that the hosts actually scanned are less
than 300; the count on randomly generated IPs seems to be made before
leaving out excluded hosts. I really don't know if it would make sense
to fix it, so that the check would be made after having excluded
unwanted hosts, resulting in the exact number of hosts requested from
command (if enough IPs are left unexcluded of course).


Yes, --exclude and -iR work together, but you're correct, you may get
fewer random hosts than you asked for. The filtering step is done after
the addresses are generated (actually this is done in chunks). When I
need a list of random IPs I usually need them to be repeatable anyway,
so I generate IPs in several rounds until I have enough and store them
in a file.


Another handy feature would be having the possibility to include only
a range of hosts in the random scan. Something like: nmap -iR n
10.198.250-255.0-255 should scan, from a fixed pool of IPs, n number
of hosts always 'randomly different' every time it is called.
Combining the two features - including hosts, excluding hosts -and
random processing a fixed max number of hosts (or even all, as -iR 0)
would make nmap even more versatile but I understand from the code
that it would need too many things rewrited as for target parsing,
calculating and random generation, so as I am only a casual user I
give up. What do you think about patching it?


This has been discussed before. I think it's a good idea. There are two
algorithms that would work to implement this at
http://seclists.org/nmap-dev/2008/q3/416.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: