Nmap Development mailing list archives
Re: Port Exclusion option?
From: "Dewhirst, Rob" <robdewhirst () gmail com>
Date: Tue, 31 Jan 2012 11:51:59 -0600
I was waiting for someone else to speak up, but since you asked, yes I would really like this. For normal scans the built-in default 1000 ports are fine, but in that list is a couple ports that generate erroneous results in our environment. The byproduct is nmap thinks every IP address has a host behind it. (it's our environment, not nmap causing this issue) I would prefer to just exclude one or two ports from the default rather than specify a range around them. On Tue, Jan 31, 2012 at 11:09 AM, Mike Santillana <msantillana () gdssecurity com> wrote:
Yeah, I feel that's too much work and it's just for the service scan. Does anyone else feel like this would be a useful addition? Regards, Mike -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Daniel Miller Sent: Tuesday, January 31, 2012 10:15 AM To: nmap-dev () insecure org Subject: Re: Port Exclusion option? On 01/30/2012 06:26 PM, Mike Santillana wrote:Hello - I was wondering if port exclusion functionality can be introduced into nmap. I tried looking around the web and read the man pages many times,butI found no solution using nmap (besides making a tedious script to do it for me) Example usage: Let's say we begin the penetration test doing an initial scan for web services, just to get some results for us to review as well as the sites that they may reveal. After we get our initial results, I generally liketostart doing a broader scan or perhaps a full scan, depending on thescope,while I review manually inspect each site, take notes, etc. I'd like tobeable to start a broader scan excluding already scanned ports. I'd prefer not to scan 80,443,8080,8081 and any other targeted ports again when Ido afull port scan. This can save considerable amount of time I feel. Also, what if I do -top-ports 100. I'd like to exclude those top 100 portswhileI do a full scan. If anyone has any other solution to this, please let me know. Otherwise, I'd like to propose that this functionality be included. Regards _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/The only restriction that I know of is to add an Exclude directive to your nmap-service-probes file, but that won't avoid the port scan, just the version detection phase. Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Port Exclusion option? Mike Santillana (Jan 30)
- Re: Port Exclusion option? Daniel Miller (Jan 31)
- RE: Port Exclusion option? Mike Santillana (Jan 31)
- Re: Port Exclusion option? Dewhirst, Rob (Jan 31)
- Re: Port Exclusion option? Fyodor (Feb 03)
- Re: Port Exclusion option? Dewhirst, Rob (Feb 03)
- RE: Port Exclusion option? Mike Santillana (Feb 03)
- Re: Port Exclusion option? Fyodor (Feb 05)
- RE: Port Exclusion option? Mike Santillana (Jan 31)
- Re: Port Exclusion option? Daniel Miller (Jan 31)