Nmap Development mailing list archives
Re: A request I hear a lot
From: jah <jah () zadkiel plus com>
Date: Sat, 13 Feb 2010 16:06:14 +0000
On 13/02/2010 15:35, Ron wrote:
In the #nmap channel (and other places), I often hear people say, "is there an easy to to find every server with port XX open?". Something like a -PS ping scan, but only listing the hosts that have the specific port open (not the ones that respond with RST). I realize it's fairly simple to do with grepable output, but I'm wondering if there's an easier way (or if anybody would consider writing a patch to make it easier)? It's a *very* common use case ("find all web servers", "find all vmware servers", etc)
I think --open was supposed to help with this. Perhaps --open could be modified to suppress the entire final output for any host where at least one of the supplied ports is not open. e.g. nmap -sS -p80 --max-retries 1 -n -PN 192.168.1.1/24 Nmap scan report for 192.168.1.2 Host is up (0.00s latency). PORT STATE SERVICE 80/tcp open http Nmap scan report for 192.168.1.3 Host is up (0.0020s latency). PORT STATE SERVICE 80/tcp open http Nmap scan report for 192.168.1.122 Host is up (0.014s latency). PORT STATE SERVICE 80/tcp closed http Skipping SYN Stealth Scan against 192.168.1.15 because Windows does not support scanning your own machine (localhost) this way. Nmap scan report for 192.168.1.15 Host is up. PORT STATE SERVICE 80/tcp unknown http Nmap done: 256 IP addresses (4 hosts up) scanned in 6.20 seconds --- With current --open: nmap -sS -p80 --max-retries 1 -n -PN 192.168.1.1/24 --open Nmap scan report for 192.168.1.2 Host is up (0.00s latency). PORT STATE SERVICE 80/tcp open http Nmap scan report for 192.168.1.3 Host is up (0.00s latency). PORT STATE SERVICE 80/tcp open http Nmap scan report for 192.168.1.122 Host is up (0.00s latency). The 1 scanned port on 192.168.1.122 is closed Skipping SYN Stealth Scan against 192.168.1.15 because Windows does not support scanning your own machine (localhost) this way. Nmap scan report for 192.168.1.15 Host is up. PORT STATE SERVICE 80/tcp unknown http Nmap done: 256 IP addresses (4 hosts up) scanned in 5.80 seconds --- With a modified --open: nmap -sS -p80 --max-retries 1 -n -PN 192.168.1.1/24 --open Nmap scan report for 192.168.1.2 Host is up (0.00s latency). PORT STATE SERVICE 80/tcp open http Nmap scan report for 192.168.1.3 Host is up (0.00s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 256 IP addresses (4 hosts up, only 2 are shown) scanned in 5.80 seconds --- Something like that? jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- A request I hear a lot Ron (Feb 13)
- Re: A request I hear a lot jah (Feb 13)