Nmap Development mailing list archives
Re: Feature: per-target port specification (with patch!)
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 2 Apr 2019 13:30:36 -0500
Jan, Thanks for this contribution. We've had many requests for this type of feature in the past, but have elected not to include it for a variety of reasons. There is an open discussion on our issue tracker that lays out some of the challenges in correctly implementing such a feature: http://issues.nmap.org/1217 It looks like your patch has tried to handle some of these situations, for example the "Ports scanned" output for Grepable output (and maybe XML, but it didn't look complete at first glance). If we are to do an actual code review and include this new feature, we would have to look for a complete solution that can handle the following situations: * The "Not shown: X ports" output for Normal output. * Properly formed XML output, with changes to the DTD and a "xmloutputversion" number increase. * Combination of this feature with existing --top-ports/port-ratio and -p options * Combination of this feature with CIDR subnetting and IPv4 octet ranges * Use of this feature along with advanced features like -O --traceroute and -sV Have you done any measurement of scans before and after adding this feature to determine the actual impact on scan times and bandwidth? Do you have a bandwidth target for your scans that Nmap is exceeding right now, and by how much? What does a typical nmap command line look like, and what performance options have you already tried? I look forward to hearing more about this from you and our other devs and users. Dan On Tue, Apr 2, 2019 at 8:07 AM Jan Gocník <gocnik () dcit cz> wrote:
Hey, I would like to propose a feature enabling specifying ports for each target separately. Rationale: It often happens that we already have an nmap scan of 200 machines, and we want to do a service scan on those same machines. Usually that forces us to scan the whole network for all the ports that appeared at least once. That is a big waste of time and bandwidth. What we want to have is essentially a rescan-like feature, that would rescan just ports that were found to be open before. User experience: Everywhere where you could specify a target (-iL file, command line) you can supply a "target^ports". It works with all the nmap magic ranges, so "192.168.1.1-255^22-60" works. The common ports (supplied with -p) are scanned on all targets. Implementation details: I tried to keep it so that if you don't use any "^" in the targets, the code path should remain largely the same, so there should be no regressions. However, I had to do some tuning in functions that expected they can just get the number of probes by multiplying common ports by targets. There's a small issue, in that the results of the scan are not sorted properly, as the target-specific ports get scanned last. Usage example: ===paste start=== $ nmap -v -Pn -n -p22 "165.227.141.119^80,443" "40.113.73.59^8080" Starting Nmap 7.70SVN ( https://nmap.org ) at 2019-04-01 19:46 CEST Initiating SYN Stealth Scan at 19:46 Scanning 2 hosts [max 3 ports/host] Discovered open port 22/tcp Discovered open port 80/tcp Discovered open port 443/tcp Discovered open port 22/tcp Completed SYN Stealth Scan at 19:46, 1.45s elapsed (1626388576 total ports max) Nmap scan report for 165.227.141.119 Host is up (0.0090s latency). PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Nmap scan report for 40.113.73.59 Host is up (0.038s latency). PORT STATE SERVICE 22/tcp open ssh 8080/tcp filtered http-proxy Read data files from: /home/gocnik/nmap Nmap done: 2 IP addresses (2 hosts up) scanned in 1.52 seconds Raw packets sent: 6 (264B) | Rcvd: 4 (176B) ===paste end=== If done the usual way: $ nmap -v -Pn -n -p22,80,443,8080 165.227.141.119 40.113.73.59 [...] Raw packets sent: 10 (440B) | Rcvd: 6 (260B) The patch is against svn trunk at this moment (revision 37608). Looking forward to all comments! JaGoTu P.S.: Sorry if you recieve this e-mail twice, but the previous one apparently got caught in a moderation queue or something, as it doesn't show on seclists.org _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Feature: per-target port specification (with patch!) Jan Gocník (Apr 02)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Re: Feature: per-target port specification (with patch!) Jan Gocník (Apr 02)
- Message not available
- Re: Feature: per-target port specification (with patch!) Jan Gocník (Apr 08)
- Re: Feature: per-target port specification (with patch!) Robin Wood (Apr 08)
- Re: Feature: per-target port specification (with patch!) Jan Gocník (Apr 08)
- Re: Feature: per-target port specification (with patch!) Robin Wood (Apr 08)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Re: Feature: per-target port specification (with patch!) Daniel Miller (Apr 02)
- Message not available
- Message not available
- Re: Feature: per-target port specification (with patch!) Jan Gocník (May 03)