Re: Port Exclusion option?

[Daniel Miller <bonsaiviking () gmail com>]

On 02/05/2012 09:06 PM, Fyodor wrote:
> On Fri, Feb 03, 2012 at 11:53:04AM -0500, Mike Santillana wrote:
> > If I manually put in ports (like for a full port scan), for example -p0-
> > will the ~/.nmap file prevent port, let's say 80 and 443, from being
> > scanned?
> No, it won't cause that problem.  A portlist provided on the command
> line takes precedence over Nmap's default
> top-1000-ports-in-nmap-services behavior.
>
> Cheers,
> Fyodor
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
Sorry for the late followup, but I got thinking about this and came up 
with a perl script to reverse a port spec (minus the T: and U: 
specifiers, but that's out of scope). So combining this with the 
behavior of --top-ports, which selects the top N ports *from the list of 
ports given or the default* and scans them, you can replicate the exact 
behavior of port exclusion. For instance:

nmap $(./notports.pl 80,443,6000-6010) $TARGET

Substituting the output of the script, this is the command that is run:

nmap -p0-79,81-442,444-5999,6011- --top-ports 987 $TARGET

The 987 comes from 1000 ports (default) minus 13 excluded ports. Script 
is attached.

Dan

Attachment: notports.pl
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/