Nmap Development mailing list archives
Re: minor fix + {ports} syntax
From: David Fifield <david () bamsoftware com>
Date: Fri, 5 Mar 2010 12:58:19 -0700
On Wed, Mar 03, 2010 at 05:48:41AM +0100, Anonymous Remailer (austria) wrote:
saludos, greengreat. ==PATCH 1== In scan_engine.cc, In one comment, correct the order of probe tries, to reflect the code: --- scan_engine.cc +++ scan_engine.cc @@ -2009,7 +2009,7 @@ return 0; } else if (USI->ping_scan) { /* This is ordered to try probes of higher effectiveness first: - -PE -PS -PA -PP -PU + -PE -PS -PA -PY -PM -PP -PU -PO -PT -PA is slightly better than -PS when combined with -PE, but give -PS an edge because it is less likely to be dropped by firewalls. */ if (USI->ptech.rawicmpscan) {
Here the code is slightly wrong, not the comment. According to out research, -PY should come after -PU. -PM should come last as it is the worst single probe. I'm still going to leave only the top five probes documented here, as the relative ordering of the less effective probes is not so important.
==PATCH 2== WORDING In nmap.cc, -p when associated with -PO is referred to protocol numbers: --- nmap.cc +++ nmap.cc @@ -1201,7 +1201,7 @@ } } else if (*optarg == 'O') { if (ports.proto_ping_count > 0) - fatal("Only one -PO option is allowed. Combine port ranges with commas."); + fatal("Only one -PO option is allowed. Combine protocol ranges with commas."); o.pingtype |= PINGTYPE_PROTO; if (*(optarg + 1) != '\0') { getpts_simple(optarg + 1, SCAN_PROTOCOLS, &ports.proto_ping_ports, &ports.proto_ping_count);
Good idea. I committed this.
==PATCH 3== COMMANDLINE PARSE FIX In nmap.cc, initialize scanflags value to -1 so that would return error on all malformed input eg "--scanflags A9": --- nmap.cc +++ nmap.cc @@ -127,7 +127,7 @@ /* parse the --scanflags argument. It can be a number >=0 or a string consisting of TCP flag names like "URGPSHFIN". Returns -1 if the argument is invalid. */ static int parse_scanflags(char *arg) { - int flagval = 0; + int flagval = -1; char *end = NULL; if (isdigit((int) (unsigned char) arg[0])) {
This is wrong. It makes it return -1 even for valid strings like SYN.
==PATCH 4== DOC In nmap.cc, add -PY to available probes in the error message: --- nmap.cc +++ nmap.cc @@ -1212,7 +1210,7 @@ assert(ports.proto_ping_count > 0); } } else { - fatal("Illegal Argument to -P, use -PN, -PO, -PI, -PB, -PE, -PM, -PP, -PA, -PU, -PT, or -PT80 (or whatever number you want for the TCP probe destination port)"); + fatal("Illegal Argument to -P, use -PN, -PO, -PI, -PB, -PE, -PM, -PP, -PA, -PU, -PT, -PY or -PT80 (or whatever port number you want to be probed)"); } break;
Good idea, committed.
==PATCH 5== FEATURE? In docs/nmap.1, docs/nmap.usage.txt, nmap.h, nmap.cc, advertise (where lacks thereof) the explicit indication of SCTP scan (-sY||-sZ) probe ports ie: "-pS:ports"
You only need to change nmap.cc. nmap.usage.txt and nmap.1 are generated automatically from the help output. I added the S: comment.
and add a port range syntax complement to the square brackets [] one; it is a quick hack based on Doug Hoyte's code. Curly brackets {}, make scan in the range of ports specified only the ones not present in nmap-services, in other words the obscure, less used ones:
I'm not so sure about this. There aren't that many named ports, so if you're looking for obscure ports you might as well scan them all. I don't think [] is commonly used either; it exists mainly as a fallback to previous behavior when you use a services file without frequency measurements. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- minor fix + {ports} syntax Anonymous Remailer (austria) (Mar 04)
- Re: minor fix + {ports} syntax David Fifield (Mar 05)