Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A request I hear a lot

From: jah <jah () zadkiel plus com>
Date: Sat, 13 Feb 2010 16:06:14 +0000
On 13/02/2010 15:35, Ron wrote:

In the #nmap channel (and other places), I often hear people say, "is there an easy to to find every server with port 
XX open?". Something like a -PS ping scan, but only listing the hosts that have the specific port open (not the ones 
that respond with RST). 

I realize it's fairly simple to do with grepable output, but I'm wondering if there's an easier way (or if anybody 
would consider writing a patch to make it easier)? It's a *very* common use case ("find all web servers", "find all 
vmware servers", etc)

  

I think --open was supposed to help with this.  Perhaps --open could be
modified to suppress the entire final output for any host where at least
one of the supplied ports is not open.

e.g.

nmap -sS -p80 --max-retries 1 -n -PN 192.168.1.1/24

Nmap scan report for 192.168.1.2
Host is up (0.00s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 192.168.1.3
Host is up (0.0020s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 192.168.1.122
Host is up (0.014s latency).
PORT   STATE  SERVICE
80/tcp closed http

Skipping SYN Stealth Scan against 192.168.1.15 because Windows does not
support scanning your own machine (localhost) this way.
Nmap scan report for 192.168.1.15
Host is up.
PORT   STATE   SERVICE
80/tcp unknown http

Nmap done: 256 IP addresses (4 hosts up) scanned in 6.20 seconds
---

With current --open:

nmap -sS -p80 --max-retries 1 -n -PN 192.168.1.1/24 --open

Nmap scan report for 192.168.1.2
Host is up (0.00s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 192.168.1.3
Host is up (0.00s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 192.168.1.122
Host is up (0.00s latency).
The 1 scanned port on 192.168.1.122 is closed

Skipping SYN Stealth Scan against 192.168.1.15 because Windows does not
support scanning your own machine (localhost) this way.
Nmap scan report for 192.168.1.15
Host is up.
PORT   STATE   SERVICE
80/tcp unknown http

Nmap done: 256 IP addresses (4 hosts up) scanned in 5.80 seconds
---

With a modified --open:

nmap -sS -p80 --max-retries 1 -n -PN 192.168.1.1/24 --open

Nmap scan report for 192.168.1.2
Host is up (0.00s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap scan report for 192.168.1.3
Host is up (0.00s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 256 IP addresses (4 hosts up, only 2 are shown) scanned in
5.80 seconds
---

Something like that?

jah
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: