Nmap Development mailing list archives
RFC: Should Nmap resolve and scan all addresses by default?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 8 Aug 2017 16:54:01 -0500
List, You may have noticed that over the weekend I added the capability to scan all resolved addresses for a target hostname. This feature was previously only available through the resolveall NSE script [1], which was incapable of setting the targetname for the resulting IPs, making it unsuitable for scanning HTTP vhosts and TLS services requiring the Server Name Indication (SNI) extension. All that is handled seamlessly now by appending "*all" to the target name like so: nmap example.com*all -- equivalent to -- nmap --script resolveall --script-args newtargets example.com The syntax is a bit clunky, and we plan to add a long option like --resolveall in the near future. But there is an important question to answer first, and we need feedback from you, our users and fellow Nmap devs: Should this behavior be the default, or should it require an extra option? To be clear, here are the two options being considered, assuming that " example.com" resolves to 5 distinct IP addresses: A: Scan all resolved addresses by default. Example: nmap example.com Result: scans 5 IP addresses for example.com To preserve current behavior: nmap --resolveone example.com B: Scan only the first resolved address by default (current behavior) Example: nmap --resolveall example.com Result: scans 5 IP addresses for example.com Otherwise no change to current behavior. Please leave your feedback in reply. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RFC: Should Nmap resolve and scan all addresses by default? Daniel Miller (Aug 08)
- Re: RFC: Should Nmap resolve and scan all addresses by default? Daniel Miller (Aug 08)
- Re: RFC: Should Nmap resolve and scan all addresses by default? jah (Aug 08)
- Re: RFC: Should Nmap resolve and scan all addresses by default? Paulino Calderon (Aug 08)
- Re: RFC: Should Nmap resolve and scan all addresses by default? nnposter (Aug 08)