Re: FW: Bug in default ZENMAP GUI

[Fyodor <fyodor () insecure org>]

On Fri, Jan 22, 2010 at 06:36:58PM -0700, David Fifield wrote:
> The default scan ("Intense scan") is
>
>       nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389

We picked this in August '08 [1] back when we only did 2 host
discovery probes by default.  But roughly a year later we expanded the
default to four probes, so maybe we should remove all these ugly
discovery options from the default now?  They could also be removed
from the many other shipped-by-default profiles which include them.
This would leave the default profile as "nmap -T4 -A -v -PE
[targets]".  One exception is that we should probably leave enhanced
discovery in the 'Slow comprehensive scan' profile, but we should
check David's discovery research stats to ensure the choices are
optimal.

Is anyoen opposed to this idea?  Anyone want to suggest other changes
to the existing profiles or new profiles we should add?  You can see
the current ones at
http://nmap.org/svn/zenmap/share/zenmap/config/scan_profile.usp:

[Intense scan]
command = nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389
description = An intense, comprehensive scan. The -A option enables OS detection (-O), version detection (-sV), script 
scanning (-sC), and traceroute (--traceroute). Without root privileges only version detection and script scanning are 
run. This is considered an intrusive scan.

[Intense scan plus UDP]
command = nmap -sS -sU -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389
description = Does OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute (--traceroute) in 
addition to scanning TCP and UDP ports.

[Intense scan, all TCP ports]
command = nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389
description = Scans all TCP ports, then does OS detection (-O), version detection (-sV), script scanning (-sC), and 
traceroute (--traceroute).

[Intense scan, no ping]
command = nmap -T4 -A -v -PN
description = Does an intense scan without checking to see if targets are up first. This can be useful when a target 
seems to ignore the usual host discovery probes.

[Ping scan]
command = nmap -sP -PE -PA21,23,80,3389
description = This scan only finds which targets are up and does not port scan them.

[Quick scan]
command = nmap -T4 -F
description = This scan is faster than a normal scan because it uses the aggressive timing template and scans fewer 
ports.

[Quick scan plus]
command = nmap -sV -T4 -O -F --version-light
description = A quick scan plus OS and version detection.

[Quick traceroute]
command = nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute
description = Traces the paths to targets without doing a full port scan on them.

[Regular scan]
command = nmap
description = A basic port scan with no extra options.

[Slow comprehensive scan]
command = nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all
description = This is a comprehensive, slow scan. Every TCP and UDP port is scanned. OS detection (-O), version 
detection (-sV), script scanning (-sC), and traceroute (--traceroute) are all enabled. Many probes are sent for host 
discovery. This is a highly intrusive scan.

Cheers,
Fyodor

[1] http://seclists.org/nmap-dev/2008/q3/540
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/