Nmap Development mailing list archives
Re: How can I let nmap scan parallely on the combination of ip:port?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 11 Mar 2015 08:25:15 -0500
Hongyi, This idea gets brought up occasionally, but it's not something that Nmap supports. Here's a transcript from a chat I had with someone on IRC in December about the same thing: rw-> anyone know a way to pass host:port in a file, like -iL, but with ports too? bonsaiviking> rw-: Nmap doesn't support that. You'd have to shell-script it to run multiple Nmaps bonsaiviking> to put it another way: All hosts listed get all ports listed scanned. rw-> yeah, was trying to avoid scripting it. how much of an undertaking do you expect it would be to patch the code myself? bonsaiviking> rw-: depends how comfortable you are with C++. Right now, the ports to be scanned are stored in a single static structure bonsaiviking> nmap.cc:470:struct scan_lists ports = { 0 }; rw-> i see a Target class with a PortList member, thought it might be that easy :P bonsaiviking> no, that stores the results rw-> ah bonsaiviking> If you turned the struct into a dynamic array of struct scan_lists bonsaiviking> or not. You might get away with just one. bonsaiviking> and just overwrite it each time you get a new spec from the list bonsaiviking> You could do that in targets.cc, in next_target bonsaiviking> but since ports is static to nmap.cc, you'd have to have a function to do that. bonsaiviking> It ends up being pretty invasive. You're not the first person to ask about it, but I've never gotten a good reason for wanting to do it in the first place. bonsaiviking> If you have a list of hosts and ports you know are open, why scan them? bonsaiviking> If you are trying to check for changes, why don't you care about newly-opened ports (instead of newly-closed) bonsaiviking> in which case you'd need to scan more than just the few ports per host. rw-> a colleague is experimenting with distributed scans, so we take in a master list of host:port and divy them up between the scanners rw-> might end up just scanning the entire collection of ports for the given hosts with -p, even if some hosts don't have that port in the spec rw-> it's mainly academic at this point but still fun to think about bonsaiviking> In that case, performance-wise, you'd want to avoid splitting a single host among multiple nmap instances bonsaiviking> Since Nmap keeps track of network quality and host responsiveness, it's duplicated effort to scan one host from multiple places bonsaiviking> unless you're looking to avoid detection, in which case you'd want as few probes from each scanner as possible, bonsaiviking> and you'd be using very slow timing options anyway, so performance doesn't matter bonsaiviking> For the same reason, unless your scanners are in different regions, it's usually better to just run one nmap scan at a time, unless you're using different options for each. bonsaiviking> That way the single scan gets as much data about packet drops as possible, and it doesn't compete with the other instances. rw-> it's an attempt to avoid getting blocked/throttled by IPS devices for the "discovery" portion of pen tests rw-> we get better/faster complete scans when we manually split up the hosts over a few boxes, just trying to automate the process a bit As I mentioned there, the only solution is to use some sort of script to arrange hosts according to the port you want to scan. Usually, your input file will not have very many different ports, so you can usually gather a list of hosts for each port and scan those. Alternatively, you can accumulate all the specified ports into one argument to the -p option and scan those ports across all hosts; this is usually not as slow as you might think, but you should check how many different ports would be scanned this way before scanning. As a comparison, Nmap's -F option scans 100 ports and calls that a "fast" scan. Dan On Wed, Mar 11, 2015 at 4:12 AM, Hongyi Zhao <hongyi.zhao () gmail com> wrote:
Hi all, I have a huge file include the ip:port information which I want to use nmap to scanning. The issue is nmap just can read the ip from file with `-iL files' method. And the ports to be scanned can give in the -p switch. In my case, the specific port is belong to specific ip, and if I let nmap to scan all of the possible ports for each ip, than it will time consuming. So, I just want to let the nmap only scan the combinations of ip:port given in my file with the `--min-parallelism' parameter, is this possible? Regards -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- How can I let nmap scan parallely on the combination of ip:port? Hongyi Zhao (Mar 11)
- Re: How can I let nmap scan parallely on the combination of ip:port? Daniel Miller (Mar 11)
- Re: How can I let nmap scan parallely on the combination of ip:port? Hongyi Zhao (Mar 11)
- Re: How can I let nmap scan parallely on the combination of ip:port? Daniel Miller (Mar 11)