RFC: Should Nmap resolve and scan all addresses by default?

[Daniel Miller <bonsaiviking () gmail com>]

List,

You may have noticed that over the weekend I added the capability to scan
all resolved addresses for a target hostname. This feature was previously
only available through the resolveall NSE script [1], which was incapable
of setting the targetname for the resulting IPs, making it unsuitable for
scanning HTTP vhosts and TLS services requiring the Server Name Indication
(SNI) extension. All that is handled seamlessly now by appending "*all" to
the target name like so:

nmap example.com*all

-- equivalent to --

nmap --script resolveall --script-args newtargets example.com

The syntax is a bit clunky, and we plan to add a long option like
--resolveall in the near future. But there is an important question to
answer first, and we need feedback from you, our users and fellow Nmap
devs: Should this behavior be the default, or should it require an extra
option?

To be clear, here are the two options being considered, assuming that "
example.com" resolves to 5 distinct IP addresses:

A: Scan all resolved addresses by default.
Example: nmap example.com
Result: scans 5 IP addresses for example.com
To preserve current behavior: nmap --resolveone example.com

B: Scan only the first resolved address by default (current behavior)
Example: nmap --resolveall example.com
Result: scans 5 IP addresses for example.com
Otherwise no change to current behavior.

Please leave your feedback in reply.

Dan

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/