[RFC] Should --open prevent other scan phases (NSE, -sV, -O, etc.) from running?

[Daniel Miller <bonsaiviking () gmail com>]

List,

The --open option is intended to "Only show open (or possibly open) ports."
Nmap also interprets this as "hide all output for hosts with no open
ports." This is implemented in the following lines in nmap_main (nmap.cc):

        /* --open means don't show any hosts without open ports. */
        if (o.openOnly() && !currenths->ports.hasOpenPorts())
          continue;

The trouble here is that several scan phases could have been run on this
host and produced output that will never be shown. NSE (hostrule scripts),
traceroute, and even OS detection are attempted, with no possibility of the
output ever being shown to the end user.

There are two options that I would like feedback on:

First, we could use the same logic that is used to skip the output for a
host in order to skip the work of further scan phases. This changes Nmap's
behavior the most, but its output the least. It could considerably speed up
--open scans.

Second, we could change the logic for choosing to display output in order
to display hosts that have some useful output even if they have no open
ports and --open was specified. This would not slow down Nmap at all, since
the same work is being done, but it reduces the usefulness of the --open
option in conjunction with scans involving more than just a port scan (-A,
for instance).

I am leaning heavily towards the first option, but I would like input from
users and other devs before committing to it. Please let me know your
thoughts.

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/