feature request/discussion (--expected-ports)

[Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi team,

I've been using nmap to monitor port differences in hosts for years. Always parsing the output and
diffing.

But I was thinking, maybe a --expected-ports argument could be added, then nmap would warn? Maybe
this could be a post-scan nse script?

example:

nmap -sT --top-ports 1000 --expected-ports 80,443 $sometarget
nmap --script portdiff --script-args portdiff.expected=80,443 -sT --top-ports 1000 $sometarget

I haven't given this much thought, just wondering.

What do you think?

Have a nice week everybody!

- -- 
? Arturo "Buanzo" Busleiman ? - MUSICA: soundcloud.com/no-carrier
Independent Linux and Security Consultant - 16+y of IT exp. at your service .
OWASPer - http://www.buanzo.com.ar/pro/eng.html                             ..:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAlAfvJgACgkQAlpOsGhXcE1fzQCfX1wSMtQmGdcTQFaq04bGeUZO
LDkAniuhX9lrmVyjeexNJrnZTidZ4wI8
=AO9B
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/