Nmap Development mailing list archives
Feature: per-target port specification (with patch!)
From: Jan Gocník <gocnik () dcit cz>
Date: Tue, 2 Apr 2019 15:07:15 +0200
Hey, I would like to propose a feature enabling specifying ports for each target separately. Rationale: It often happens that we already have an nmap scan of 200 machines, and we want to do a service scan on those same machines. Usually that forces us to scan the whole network for all the ports that appeared at least once. That is a big waste of time and bandwidth. What we want to have is essentially a rescan-like feature, that would rescan just ports that were found to be open before. User experience: Everywhere where you could specify a target (-iL file, command line) you can supply a "target^ports". It works with all the nmap magic ranges, so "192.168.1.1-255^22-60" works. The common ports (supplied with -p) are scanned on all targets. Implementation details: I tried to keep it so that if you don't use any "^" in the targets, the code path should remain largely the same, so there should be no regressions. However, I had to do some tuning in functions that expected they can just get the number of probes by multiplying common ports by targets. There's a small issue, in that the results of the scan are not sorted properly, as the target-specific ports get scanned last. Usage example: ===paste start=== $ nmap -v -Pn -n -p22 "165.227.141.119^80,443" "40.113.73.59^8080" Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-04-01 19:46 CEST Initiating SYN Stealth Scan at 19:46 Scanning 2 hosts [max 3 ports/host] Discovered open port 22/tcp Discovered open port 80/tcp Discovered open port 443/tcp Discovered open port 22/tcp Completed SYN Stealth Scan at 19:46, 1.45s elapsed (1626388576 total ports max) Nmap scan report for 165.227.141.119 Host is up (0.0090s latency). PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Nmap scan report for 40.113.73.59 Host is up (0.038s latency). PORT STATE SERVICE 22/tcp open ssh 8080/tcp filtered http-proxy Read data files from: /home/gocnik/nmap Nmap done: 2 IP addresses (2 hosts up) scanned in 1.52 seconds Raw packets sent: 6 (264B) | Rcvd: 4 (176B) ===paste end=== If done the usual way: $ nmap -v -Pn -n -p22,80,443,8080 165.227.141.119 40.113.73.59 [...] Raw packets sent: 10 (440B) | Rcvd: 6 (260B) The patch is against svn trunk at this moment (revision 37608). Looking forward to all comments! JaGoTu P.S.: Sorry if you recieve this e-mail twice, but the previous one apparently got caught in a moderation queue or something, as it doesn't show on seclists.org
Attachment:
nmap_pertarget_37608.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Feature: per-target port specification (with patch!) Jan Gocník (Apr 02)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Re: Feature: per-target port specification (with patch!) Jan Gocník (Apr 02)
- Message not available
- Re: Feature: per-target port specification (with patch!) Jan Gocník (Apr 08)
- Re: Feature: per-target port specification (with patch!) Robin Wood (Apr 08)
- Re: Feature: per-target port specification (with patch!) Jan Gocník (Apr 08)
- Re: Feature: per-target port specification (with patch!) Robin Wood (Apr 08)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Message not available
- Message not available
- Re: Feature: per-target port specification (with patch!) Jan Gocník (May 03)