Re: Qscan in NSE: qscan.nse

[Brandon Enright <bmenrigh () ucsd edu>]

On Thu, 8 Apr 2010 18:02:47 -0500
Ron <ron () skullsecurity net> wrote:

> So, I'm using qscan for the first time and it's been running 12
> minutes longer than any other script so far, with absolutely no debug
> output. It looks like it's sequentially scanning ports and it's up to
> 7000 or so (I'm doing all ports). 
>
> We should maybe look at how we can make this run faster, or more
> parallel, or only against ports that were detected as open/closed. 
>
> Thoughts?

Only run Qscan against open ports?

I noticed the huge performance hit when Qscan first made it into SVN
too.  My current scans look something like:

nmap -p- -O -sV --script=all --allports --version-all -T5
--max-parallelism 512 --min-rate 200 --max-rate 4000 --min-rtt-timeout
10 --host-timeout 120m --nogcc <16 hosts here>

Which of course can take a long time.  When Qscan was introduced my
scans started taking 8 times longer (on average).  That means Qscan was
7/8ths of the time in the above scan!

I don't think this is a terrible problem though, I don't need to run
Qscan on every box we have.  If Qscan takes a long time to get good
results when I really want them, I'm okay with that.

Sure though, if we can make it faster we should.

Brandon

Attachment: signature.asc
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/