From 055b6afca1a08e1360a0427b1d36d4ee9031d43c Mon Sep 17 00:00:00 2001 From: david Date: Mon, 7 Jul 2008 07:25:48 +0000 Subject: [PATCH] Copyedit the index. --- docs/nmap-install.xml | 62 ++++++------- docs/refguide.xml | 196 ++++++++++++++++++++++++------------------ docs/scripting.xml | 32 +++---- 3 files changed, 162 insertions(+), 128 deletions(-) diff --git a/docs/nmap-install.xml b/docs/nmap-install.xml index 743ff0a50..1269b9c8d 100644 --- a/docs/nmap-install.xml +++ b/docs/nmap-install.xml @@ -1,6 +1,6 @@ -installation +installation Introduction @@ -20,7 +20,7 @@ mind. have it. Many free operating system distributions (including most Linux and BSD systems) come with Nmap, although it may not be installed by default. On Unix systems, open a terminal window and try executing the command -nmap . +nmap . If Nmap exists and is in your PATH, PATH environment variable you should see output similar to . @@ -28,6 +28,7 @@ you should see output similar to . version number of Nmap Checking for Nmap and determining its version number +example of @@ -75,7 +76,7 @@ Nmap offers more than a hundred command-line options, although many are obscure features or debugging controls that most users can ignore. Many graphical frontends have been created for those users who prefer a GUI interface. Nmap has traditionally included a simple GUI for Unix named NmapFENmapFE, but that was replaced in 2007 by Zenmap, -Zenmapadvantages ofwhich we had been developing since 2005. Zenmap is far more powerful and effective than NmapFE, particularly in results viewing. Zenmap's tab-based interface lets you search and sort +which we had been developing since 2005. Zenmap is far more powerful and effective than NmapFE, particularly in results viewing. Zenmap's tab-based interface lets you search and sort results, and also browse them in several ways (host details, raw Nmap output, and ports/hosts). It works on Microsoft Windows, Linux, Mac OS X, and other platforms. Zenmap is covered in depth in . The rest of this book focuses on command-line invocations of Nmap. @@ -265,7 +266,6 @@ SVN is most useful for Nmap developers and users who need a fix which hasn't yet been formally released. -Subversionchecking out from SVN write access is strictly limited to a few top Nmap developers, but everyone has read access to the repository. Check out the latest code using the command svn co --username guest @@ -286,7 +286,7 @@ url="http://cgi.insecure.org/mailman/listinfo/nmap-svn"/>. Unix Compilation and Installation from Source Code -Unixcompilation and installation +Unixinstalling on installationfrom source source code compilation @@ -434,7 +434,7 @@ error. Consider binary packages -binary packagesadvantages of +binary packages Binary packages of Nmap are available on most platforms and are usually easy to install. The downsides are that they may not be as up-to-date and you lose some of the flexibility of @@ -448,7 +448,7 @@ packages. Linux Distributions -Linux +Linuxinstalling on Linuxpopularity as Nmap platform @@ -474,10 +474,10 @@ the most common distributions. RPM-based Distributions (Red Hat, Mandrake, Suse, Fedora) RPM -Red Hat (Linux distribtion)RPM -Mandrake (Linux distribution)RPM -Suse (Linux distribution)RPM -Fedora (Linux distribution)RPM +Red Hat (Linux distribtion)installing on, with RPM> +Mandrake (Linux distribution)installing on, with RPM +Suse (Linux distribution)installing on, with RPM +Fedora (Linux distribution)installing on, with RPM I build RPM packages for every release of Nmap and post them to the Nmap download page at . @@ -536,10 +536,10 @@ reason there are no Zenmap source RPMs. Updating Red Hat, Fedora, Mandrake, and Yellow Dog Linux with Yum Yum -Red Hat (Linux distribtion)Yum -Mandrake (Linux distribution)Yum -Yellow Dog (Linux distribution)Yum -Fedora (Linux distribution)Yum +Red Hat (Linux distribtion)installing on, with Yum +Mandrake (Linux distribution)installing on, with Yum +Yellow Dog (Linux distribution)installing on, with Yum +Fedora (Linux distribution)installing on, with Yum The Red Hat, Fedora, Mandrake, and Yellow Dog Linux distributions have an application named Yum @@ -610,10 +610,10 @@ Complete! Debian Linux and Derivatives such as Ubuntu Debianinstalling on -UbuntuDebian +Ubuntuinstalling on LaMont Jones Jones, LaMont -does a fabulous job maintaining the Nmap .debinstallationfrom deb packages +does a fabulous job maintaining the Nmap .deb packages, including keeping them reasonably up-to-date. The proper upgrade/install command is apt-get install nmap. apt-get @@ -646,7 +646,7 @@ Because of this popularity and the fact that many Windows users do not have a compiler, binary executables are distributed for each major Nmap release. While it has improved dramatically, the Windows port is not quite as efficient or stable as -on Unix. Here are some known limitations:Windowslimitations +on Unix. Here are some known limitations: @@ -693,12 +693,11 @@ the CurrentControlSet\Services\Tcpip\Parameters entry under < years, Nmap was a Unix-only tool, and it would likely still be that way if not for their efforts. -Windowsinstallation on +Windowsinstalling on Windows users have three choices for installing Nmap, all of which are available from the -download page at .installationfrom Windows binaries +download page at . @@ -712,7 +711,7 @@ self-installer named specific release). Most Nmap users choose this option since it is so easy. Simply run the installer file and let it walk you through panels for choosing an install path and installing WinPcap. The -installer was created with the open source Nullsoft Scriptable Install System. After it completes, read for instructions on executing Nmap on the @@ -730,7 +729,9 @@ command-line binaries and associated files in a Zip archive. No graphical interface is included, so you need to run nmap.exe from a DOS/command window. Or you can download and install a superior command shell such as those included -with the free Cygwin system available from . Here are the step-by-step instructions for installing and executing the Nmap .zip binaries. +with the free Cygwin +Cygwin +system available from . Here are the step-by-step instructions for installing and executing the Nmap .zip binaries. Installing the Nmap zip binaries @@ -744,7 +745,7 @@ the Nmap executable and data files. Microsoft Windows XP and Vista include zip extraction—just right-click on the file in Explorer. If you do not have a Zip decompression program, there is one (called unzip) in Cygwin described -above, or you can download the open source and free 7-zip utility. Commercial alternatives are Winzip and PKZIP. @@ -815,7 +816,7 @@ interfaces: Make sure the user you are logged in as has administrative privileges -administrator (root) privileges +privileged users on the computer (user should be a member of the administrators group). Open a command/DOS Window. Though it can be found in the program menu tree, the simplest approach is to choose Start @@ -897,7 +898,7 @@ you have more flexibility in the build process. Apple Mac OS X -Mac OS X +Mac OS Xinstalling on Apple Mac OS XMac OS X Thanks to several people graciously donating shell accounts on @@ -1034,7 +1035,7 @@ install nmap. Nmap will be installed as /Applications/Utilities. Open it and you will see a terminal window. This is where you will type your commands. -rootwith sudo +sudo By default the root user is disabled on Mac OS X. To run a scan with root privileges prefix the command name with sudo, sudo @@ -1049,7 +1050,7 @@ an optional install on the Mac OS X installation discs. When Zenmap is started, a dialog is displayed requesting that you type your password. Users with administrator privileges -administrator (root) privileges +privileged users may enter their password to allow Zenmap to run as the root user and run more advanced scans. To run Zenmap in unprivileged mode, just select the @@ -1062,7 +1063,7 @@ scans. To run Zenmap in unprivileged mode, just select the BSDs -installationon BSDThe BSD flavors are well supported by Nmap, so you can simply +The BSD flavors are well supported by Nmap, so you can simply compile it from source as described in . This provides the normal advantages of always having the latest version and a flexible build process. If you prefer binary packages, @@ -1072,7 +1073,6 @@ popular applications. Instructions for installing Nmap on the most popular *BSD variants follow. OpenBSD Binary Packages and Source Ports Instructions -OpenBSDinstallation on According to the OpenBSD FAQ, users @@ -1219,3 +1219,5 @@ specified or other install-path option when first installing Nmap. The files relating to zenmap, nmapfe, and xnmap do not exist if you did not install the Zenmap frontend initially. + + diff --git a/docs/refguide.xml b/docs/refguide.xml index f5db48e18..1fbec192b 100644 --- a/docs/refguide.xml +++ b/docs/refguide.xml @@ -150,8 +150,12 @@ substitute for the in-depth documentation in the rest of this manual. Some obscure options aren't even included here. -summary of options + +summary of options +command-line optionsof Nmap &nmap-usage; + @@ -167,8 +171,8 @@ simplest case is to specify a target IP address or hostname for scanning. Sometimes you wish to scan a whole network of adjacent hosts. For this, Nmap supports CIDR-style addressing. -Classless Inter-Domain Routing (CIDR) -You can appendCIDR addressing +CIDR (Classless Inter-Domain Routing) +You can append /numbits to an IP address or hostname and Nmap will scan every IP address for which the first numbits are the same as for the reference @@ -252,9 +256,12 @@ you would expect. some network administrators bristle at unauthorized scans of their networks and may complain. Use this option at your own risk! If you find yourself really bored one rainy - afternoon, try the command nmap -sS -PS80 -iR 0 -p - 80 to locate random web servers for - browsing. + afternoon, try the command + nmap -sS -PS80 -iR 0 -p 80 + example of + example of + example of + to locate random web servers for browsing. @@ -262,7 +269,7 @@ you would expect. (Exclude hosts/networks) - + excluding targets @@ -280,7 +287,7 @@ you would expect. (Exclude list from file) - + This offers the same functionality as the @@ -347,7 +354,9 @@ you would expect. ping types) can be combined. You can increase your odds of penetrating strict firewalls by sending many probe types using different TCP ports/flags and ICMP codes. Also note that ARP - discovery () is done by default against + discovery () + + is done by default against targets on a local ethernet network even if you specify other options, because it is almost always faster and more effective. @@ -368,7 +377,7 @@ you would expect. (List Scan) - List scan + list scan The list scan is a degenerate form of host discovery @@ -425,7 +434,9 @@ you would expect. (using a connect() call) to port 80 on the target. When a privileged user tries to scan targets on a local ethernet network, ARP requests - () are used unless + () + + are used unless was specified. The option can be combined with any of the discovery probe types (the options, @@ -514,14 +525,14 @@ you would expect. On Unix boxes, only the privileged user root - authorized (root) user + privileged users is generally able to send and receive raw TCP packets. raw packets For unprivileged users, a workaround is automatically employed whereby the connect() system call is initiated against each target port. - unprivileged userslimitations on + unprivileged userslimitations of This has the effect of sending a SYN packet to the target host, in an attempt to establish a connection. If connect() returns @@ -573,7 +584,6 @@ you would expect. approach takes up few resources on the firewall/router and is widely supported by hardware and software filters. The Linux Netfilter/iptables - Netfilter iptables firewall software offers the convenience option to implement this @@ -701,7 +711,7 @@ you would expect. (IP Protocol Ping) - IP Protocol ping + IP protocol ping @@ -772,7 +782,7 @@ you would expect. (Trace path to host) - + traceroute @@ -844,7 +854,7 @@ even if this option is not specified. (Use system DNS resolver) - + @@ -866,7 +876,7 @@ even if this option is not specified. (Servers to use for reverse DNS queries) - + @@ -1017,7 +1027,7 @@ determine that you need a strut spring compressor, then you still have to pay thousands of dollars for it. Most of the scan types are only available to privileged users. -authorized (root) users +privileged users This is because they send and receive raw packets, raw packets which requires root @@ -1094,7 +1104,7 @@ error (type 3, code 1,2, 3, 9, 10, or 13) is received. (TCP connect scan) - connect() scan + connect scan TCP connect scan is the default TCP scan type when SYN scan is @@ -1131,7 +1141,7 @@ know that she has been connect scanned. (UDP scans) --sU + UDP scan @@ -1189,7 +1199,7 @@ hosts. - ; ; (TCP Null, FIN, and Xmas scans) + ; ; (TCP NULL, FIN, and Xmas scans) @@ -1286,7 +1296,7 @@ or 13), are labeled filtered. (TCP Window scan) -Window scan +window scan @@ -1350,7 +1360,7 @@ canned scan types offered. The option allows you to design your own scan by specifying arbitrary TCP flags. TCP flags Let your creative juices flow, while evading intrusion detection systems -intrusion detection systemsavoiding +intrusion detection systemsevading whose vendors simply paged through the Nmap man page adding specific rules! The argument can be a numerical @@ -1442,7 +1452,7 @@ underlying scan engine as the true port scanning methods. So it is close enough to a port scan that it belongs here. Besides being useful in its own right, protocol scan -demonstrates the power of open source software. While the fundamental +demonstrates the power of open-source software. While the fundamental idea is pretty simple, I had not thought to add it nor received any requests for such functionality. Then in the summer of 2000, Gerhard Rieger @@ -1575,7 +1585,8 @@ way. the port numbers are added to all protocol lists. - wildcards in port specificationsPorts can also be specified by name according to what the + port specificationwildcards in + Ports can also be specified by name according to what the port is referred to in the nmap-services. You can even use the wildcards * and ? with the names. For example, to scan FTP and all ports whose names begin with http, use . @@ -1592,7 +1603,7 @@ way. (Fast (limited port) scan) - + Specifies that you only wish to scan @@ -1604,7 +1615,10 @@ way. (about 1650 ports) isn't dramatic. The difference can be enormous if you specify your own tiny nmap-services file using the - or options. + or options. + + + @@ -1811,7 +1825,7 @@ way. (Trace version scan activity) - + This causes Nmap to print out extensive debugging info @@ -1823,8 +1837,10 @@ way. (RPC scan) - - RPC scan + + RPC scanRPC grinder + RPC grinder + This method works in conjunction with the various port @@ -1915,7 +1931,7 @@ way. (Enable OS detection) - + @@ -1931,7 +1947,7 @@ way. (Limit OS detection to promising targets) - + @@ -1947,8 +1963,8 @@ way. ; (Guess OS detection results) - - --osscan-guess + + @@ -1965,7 +1981,7 @@ way. (Set the maximum number of OS detection tries against a target) - + @@ -2106,7 +2122,7 @@ way. - + @@ -2121,7 +2137,7 @@ way. - + Runs a script scan (like ) with the scripts you have chosen rather than the defaults. Arguments can be script categories, single scripts or directories with scripts which are to be run against the target hosts instead of the default set. Nmap will try to interpret the arguments at first as categories and afterwards as files or directories. Absolute paths are used as is, relative paths are searched in the following places until found: @@ -2155,7 +2171,10 @@ categories. - script arguments + + + script arguments + script arguments lets you provide arguments to NSE scripts. Arguments are passed @@ -2177,11 +2196,9 @@ script knows about its special argument. - - - + @@ -2198,7 +2215,7 @@ script knows about its special argument. - + @@ -2485,7 +2502,7 @@ implements strict rate limiting. Another use of is to evade threshold based intrusion detection and prevention systems (IDS/IPS). -intrusion detection systemsavoiding +intrusion detection systemsevading @@ -2526,7 +2543,9 @@ faster than a network can support may lead to a loss of accuracy. In some cases, using a faster rate can make a scan take longer than it would with a slower rate. This is because Nmap's adaptive -retransmissionadaptive retransmission +retransmission +adaptive retransmissionretransmission +retransmission will detect the network congestion caused by an excessive scanning rate and increase the number of retransmissions in order to improve accuracy. So even though packets are sent at a higher rate, more packets are sent @@ -2608,7 +2627,7 @@ The template names are  (),  (). insane () timing template The first two are for IDS evasion. -intrusion detection systemsavoiding +intrusion detection systemsevading Polite mode slows down the scan to use less bandwidth and target machine resources. Normal mode is the default and so does nothing. Aggressive mode speeds scans up by @@ -2689,7 +2708,7 @@ setting the maximum TCP scan delay to 5 ms. Firewall/IDS Evasion and Spoofing firewallsbypassing - intrusion detection systemsavoiding + intrusion detection systemsevading Many Internet pioneers envisioned a global open network with a universal IP address space allowing virtual connections between any @@ -2757,8 +2776,8 @@ lists the relevant options and describes what they do. (fragment packets); (using the specified MTU) - - + + @@ -2776,7 +2795,9 @@ lists the relevant options and describes what they do. packets. Two with eight bytes of the TCP header, and one with the final four. Of course each fragment also has an IP header. Specify again to use 16 bytes per fragment - (reducing the number of fragments). Or you can specify + (reducing the number of fragments). + giving twice for small fragments + Or you can specify your own offset size with the option. Don't also specify if you use . The offset must be a multiple of 8. While fragmented packets won't get by @@ -2905,8 +2926,8 @@ lists the relevant options and describes what they do. (Spoof source port number) - - + + source port number @@ -2965,7 +2986,9 @@ support the option completely, as does UDP scan. bytes and ICMP echo requests are just 28. This option tells Nmap to append the given number of random bytes to most of the packets it sends. OS detection () packets - are not affected because accuracy there requires probe consistency, but most pinging and portscan packets + are not affected + no effect in OS detection + because accuracy there requires probe consistency, but most pinging and portscan packets support this. It slows things down a little, but can make a scan slightly less conspicuous. @@ -3006,9 +3029,9 @@ support the option completely, as does UDP scan. options. Simply pass the letter R, T, or U to request record-route, - record-route IP option + record route IP option record-timestamp, - record-timestamp IP option + record timestamp IP option or both options together, respectively. Loose or strict source routing source routing @@ -3041,7 +3064,7 @@ support the option completely, as does UDP scan. (Randomize target host order) - + randomization of hosts @@ -3060,7 +3083,9 @@ support the option completely, as does UDP scan. with a list scan (), randomize it with a Perl script, then provide the whole list to Nmap with - . + . + randomizing hosts with + @@ -3068,7 +3093,7 @@ support the option completely, as does UDP scan. (Spoof MAC address) - + spoofing MAC address @@ -3090,7 +3115,7 @@ support the option completely, as does UDP scan. (it is case insensitive). If a match is found, Nmap uses the vendor's OUI (3-byte prefix) organizationally unique identifier (OUI) - organizationally unique identifier (OUI)nmap-max-prefixes + organizationally unique identifier (OUI)nmap-mac-prefixes and fills out the remaining 3 bytes randomly. Valid argument examples are Apple, 0, 01:02:03:04:05:06, deadbeefcafe, 0020F2, and Cisco. This option only affects raw packet scans such as SYN scan or OS detection, not connection-oriented features such as version detection or the Nmap Scripting Engine. @@ -3359,7 +3384,7 @@ format is available (Output to all formats) - + As a convenience, you may specify to only see (Log errors/warnings to normal mode output file) - + @@ -3588,7 +3613,7 @@ overwhelming requests. Specify to only see (Set XSL stylesheet to transform XML output) - + @@ -3599,7 +3624,7 @@ overwhelming requests. Specify to only see named nmap.xsl nmap.xsl for viewing or translating XML output to HTML. - HTMLfrom XML output + HTML from XML output The XML output includes an xml-stylesheet directive which points to nmap.xml where it was initially installed by Nmap (or in the current @@ -3626,19 +3651,19 @@ overwhelming requests. Specify to only see (Load stylesheet from Nmap.Org) - + This convenience option is simply an alias for - . + . - (Omit XSL stylesheet declaration from XML) - + (Omit XSL stylesheet declaration from XML) + @@ -3663,7 +3688,7 @@ overwhelming requests. Specify to only see (Enable IPv6 scanning) - + IPv6 @@ -3710,7 +3735,9 @@ overwhelming requests. Specify to only see stands for yet. Presently this enables OS detection (), version scanning (), script scanning () and - traceroute (). More features may be + traceroute (). + features enabled by + More features may be added in the future. The point is to enable a comprehensive set of scan options without people having to remember a large set of flags. However, because script @@ -3725,7 +3752,7 @@ overwhelming requests. Specify to only see (Specify custom Nmap data file location) - + @@ -3738,6 +3765,8 @@ overwhelming requests. Specify to only see nmap-os-db. If the location of any of these files has been specified (using the or options), + + that location is used for that file. After that, Nmap searches these files in the directory specified with the option (if any). Any files not @@ -3756,7 +3785,7 @@ overwhelming requests. Specify to only see (Specify custom services file) - + @@ -3772,7 +3801,7 @@ overwhelming requests. Specify to only see (Specify custom service probes file) - + @@ -3787,7 +3816,7 @@ overwhelming requests. Specify to only see (Use raw ethernet sending) - + @@ -3809,7 +3838,7 @@ overwhelming requests. Specify to only see (Send at raw IP level) - + @@ -3823,14 +3852,15 @@ overwhelming requests. Specify to only see (Assume that the user is fully privileged) - + Tells Nmap to simply assume that it is privileged enough to perform raw socket sends, packet sniffing, and similar operations that usually require root privileges - authorized (root) users + privileged users + authorized usersprivileged users on Unix systems. By default Nmap quits if such operations are requested but geteuid() is not zero. is useful with Linux @@ -3839,7 +3869,7 @@ overwhelming requests. Specify to only see scans. Be sure to provide this option flag before any flags for options that require privileges (SYN scan, OS detection, etc.). The NMAP_PRIVILEGED environmental variable - NMAP_PRIVILEGED + NMAP_PRIVILEGED environment variable may be set as an equivalent alternative to . @@ -3848,7 +3878,8 @@ overwhelming requests. Specify to only see (Assume that the user lacks raw socket privileges) - + + unprivileged users @@ -3860,7 +3891,7 @@ overwhelming requests. Specify to only see This is useful for testing, debugging, or when the raw network functionality of your operating system is somehow broken. The NMAP_UNPRIVILEGED environmental variable - NMAP_UNPRIVILEGED + NMAP_UNPRIVILEGED environment variable may be set as an equivalent alternative to . @@ -3888,6 +3919,7 @@ overwhelming requests. Specify to only see (Start in interactive mode) + @@ -3903,7 +3935,7 @@ overwhelming requests. Specify to only see are usually more familiar and feature-complete. This option includes a bang (!) operator for executing shell commands, which is one of many reasons not to install Nmap setuid root. - setuid + setuid, why Nmap shouldn't be @@ -4039,7 +4071,6 @@ overwhelming requests. Specify to only see running. This requires root privileges because of the SYN scan and OS detection. - example of example of nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127 @@ -4067,7 +4098,6 @@ overwhelming requests. Specify to only see example of - example of example of example of nmap -PN -p80 -oX logs/pb-port80scan.xml -oG @@ -4080,7 +4110,7 @@ overwhelming requests. Specify to only see Bugs - bugs + bugs, reporting Like its author, Nmap isn't perfect. But you can help make it better by sending bug reports or even writing patches. If Nmap diff --git a/docs/scripting.xml b/docs/scripting.xml index ceb693a17..8b8403971 100644 --- a/docs/scripting.xml +++ b/docs/scripting.xml @@ -223,7 +223,7 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - safe script category + safe script category @@ -242,7 +242,7 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - intrusive script category + intrusive script category @@ -257,7 +257,7 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - malware script category + malware script category @@ -268,8 +268,8 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - version script category - version detectionversion script caetgory + version script category + version detectionversion script category @@ -285,7 +285,7 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - discovery script category + discovery script category @@ -297,7 +297,7 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - vuln script category + vuln script category @@ -308,7 +308,7 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - auth script category + auth script category @@ -319,7 +319,7 @@ Nmap finished: 1 IP address (1 host up) scanned in 0.907 seconds - default script category + default script category @@ -410,7 +410,7 @@ will try to interpret the arguments at first as categories and afterwards as files or directories. Absolute paths are used as is, relative paths are searched in the following places until found: data filesdirectory search order -scriptslocation of +scripts, location of --datadir/; NMAPDIR environment variable $NMAPDIR/; @@ -528,6 +528,7 @@ categories. Simple script scan. + example of $ nmap -sC hostname @@ -588,7 +589,7 @@ categories. <literal>license</literal> Field license script variable - license of scripts + copyrightof scripts Nmap is a community project and we welcome all sorts of code contributions, including NSE scripts. So if you write a @@ -1972,7 +1973,9 @@ if(s) code_to_be_done_on_match end - MAC address of the destination host (6-byte long binary + MAC address + MAC address + of the destination host (6-byte long binary string) or nil, if the host is not directly connected. @@ -2769,7 +2772,7 @@ nmap.get_port_state({ip="127.0.0.1"}, {number="80", protocol="tcp"}) raw packet network I/O. The greater flexibility comes, however, at the cost of a slightly more complex API. Receiving raw packets is accomplished via a wrapper around Libpcap - Libpcap + libpcap inside the Nsock library. Nsock In order to keep the @@ -3320,7 +3323,7 @@ local localip, localport = client_service:get_info() - action NSE variable + action script variable action = function(host, port) local owner = "" @@ -3474,7 +3477,6 @@ end This is what the output of this script looks like: - example of $ ./nmap -sV localhost -p 80