Re: [FEATURE] Multible scan options in the same run

[Daniel Miller <bonsaiviking () gmail com>]

On 12/10/2013 08:02 AM, John Bond wrote:
> Hello All,
>
> d33tah just made a comment in IRC that it would be useful to run
> multiple TCP scan options in the same run and have all results shown.
>   Something a bit like the following example.
>
>
> nmap -sA -sT -sI -sF -sW -p 22 localhost
> Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-10 14:54 CET
> Nmap scan report for localhost (127.0.0.1)
> Host is up (0.000089s latency).
> PORT   STATE(sA)  STATE(sT) STATE(sI) STATE(sF)   STATE(sW)  SERVICE
> 22/tcp   unfiltered      open          unknown    open|filtered
> closed          ssh
>
> Nmap done: 1 IP address (1 host up) scanned in 0.04 second
>
> This would be very useful for working out the best scan type for a
> specific network or device and would love to see it implemented.
>
> John
I would not discourage someone from attempting to implement this, but I 
wouldn't recommend using it. When I try to help someone with an Nmap 
scan, the most common thing I end up doing is *removing* parts of their 
scan. I feel that an Nmap scan should be targeted to the kind of 
information that is desired, and that when people complain about Nmap's 
slowness, it is because they are trying to do too much (e.g. -A, 
--script all, etc.) at once.

Some considerations for the implementer:
* How will NSE portrules work when the port is in multiple states?
* How can this be made better than a shell script that runs each type in 
sequence?

Example Perl script is attached.

Dan

Attachment: scantypes.pl
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/