Nmap Development mailing list archives
[RFC] Should --open prevent other scan phases (NSE, -sV, -O, etc.) from running?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 17 May 2017 16:29:28 -0500
List, The --open option is intended to "Only show open (or possibly open) ports." Nmap also interprets this as "hide all output for hosts with no open ports." This is implemented in the following lines in nmap_main (nmap.cc): /* --open means don't show any hosts without open ports. */ if (o.openOnly() && !currenths->ports.hasOpenPorts()) continue; The trouble here is that several scan phases could have been run on this host and produced output that will never be shown. NSE (hostrule scripts), traceroute, and even OS detection are attempted, with no possibility of the output ever being shown to the end user. There are two options that I would like feedback on: First, we could use the same logic that is used to skip the output for a host in order to skip the work of further scan phases. This changes Nmap's behavior the most, but its output the least. It could considerably speed up --open scans. Second, we could change the logic for choosing to display output in order to display hosts that have some useful output even if they have no open ports and --open was specified. This would not slow down Nmap at all, since the same work is being done, but it reduces the usefulness of the --open option in conjunction with scans involving more than just a port scan (-A, for instance). I am leaning heavily towards the first option, but I would like input from users and other devs before committing to it. Please let me know your thoughts. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] Should --open prevent other scan phases (NSE, -sV, -O, etc.) from running? Daniel Miller (May 17)