OS Scan & Print Port Output after host timeout

["Johnson, Greg" <JohnsonG () missouri edu>]

(1) After a host_timeout, could nmap be made to print port output it may have accumulated?  Nmap worked so hard to get 
that info, it's a pity to flush it away.  

Removing the "else" at nmap.c 1017 around the output functions works for me.  Less code, more results.  I don't see any 
need to make an option for this behavior, so long as the output indicates that a timeout occurred.

(2) I'd also like after a host_timeout, for nmap to try an os_scan if -O was requested.  Slashing from osscan.c 28 
lines that deal with global timeout gets me what I want.  Is it safe to presume that osscan.c will finish in a 
reasonably short time without these safeties?  Again, nmap with just a few seconds of TCP scan in my environment 
typically has enough open and closed ports that an os_scan will succeed.

(3) Finally, I'd like a SIGHUP to cause nmap to persevere as above:  do any os_scan, print port output, and continue 
with any subsequent host.  That requires a little restructuring nmap.c.

The reason for all this:  I'm auditing thousands of systems.  I want to minimize time to find classic vulnerabilities.  
I'll hunt trojans at lower priority.  

Thus, if a target is slow scanning--typically in the UDP phase--I want to timeout (8 minutes works for me), record 
partial results which tend to be quite useful, and move on to the next target.  

It's important to me that all outputs show when a target timed out, so I can perhaps put it in a slow scan queue.  I've 
been feeding the -v -v and -d -d outputs to a Perl script which identifies varying degrees of hard-to-scan 
targets--despite timeouts--by calculating total tcp-ports-per-second & udp-ports-per-second.

-- G Johnson





---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).