Output File Bug

["Sebastien J." <s.j () mac com>]

Hi Devs,

I've been running conficker scans for a client and discovered something that is part user-error part bug.

The command I've been running (using nmap 4.85BETA9) is:

nmap -PN -T4 -p139,445 -n -v -oN [filename] --script=smb-check-vulns --script-args safe=1 [targetnetworks]

At some point during my scans I wanted to stop writing out to a file, so I removed the file name without being careful 
to remove -oN. This resulted in a file being written called "--script", and the scan completing but not running the 
scripts correctly (since nmap didn't register --script as an actual option).

Instead I would probably expect nmap to do one of two things: a) write out a file anyway with some kind of default name 
(nmap_date_time), or b) quit and demand a file name. Since almost nobody would begin a filename with a '-', it may be 
safe to check for this in the string that follows -oN (or -oSomething), and do one of the two above if this is the case.

Hope this helps, and thanks in advance.

Sincerely,
Sebastien

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org