Change -sP from "ping scan" to "don't port scan" in the documentation,

while still mentioning that "ping scan" is a common term. Mention the use of -PN and -sP together to run NSE host scripts without ping and port scanning.
2025-12-31 03:49:01 +00:00 · 2009-07-17 23:47:11 +00:00
parent a3391d5401
commit 0746a7a28a
2 changed files with 44 additions and 8 deletions
--- a/docs/scripting.xml
+++ b/docs/scripting.xml
@@ -194,6 +194,22 @@ Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
          are generally only used for script debugging and development.  Script scanning is also included as part of the <option>-A</option> (aggressive scan) option.
    </para>

+    <para>
+    Script scanning is normally done in combination with a port scan,
+    because scripts may be run or not run depending on the port states
+    found by the scan. With the <option>-sP</option> option it is
+    possible to run a script scan without a port scan, only host
+    discovery. In this case only host scripts will be eligible to run.
+    To run a script scan with neither a host discovery nor a port scan,
+    use the <option>-PN -sP</option> options together with
+    <option>-sC</option> or <option>--script</option>. Every host will
+    be assumed up and still only host scripts will be run. This
+    technique is useful for scripts like
+    <filename>whois.nse</filename><indexterm><primary><filename>whois.nse</filename></primary></indexterm>
+    that only use the remote system's address and don't require it to be
+    up.
+    </para>
+
    <para>
    Scripts are not run in a sandbox and thus could accidentally or
    maliciously damage your system or invade your privacy.  Never run
@@ -766,6 +782,21 @@ local username = nmap.registry.args.user
          scripts.</para>
          </listitem>
        </varlistentry>
+        <varlistentry>
+          <term><command>nmap -sP -sC example.com</command></term>
+          <listitem>
+          <para>A script scan without a port scan; only host scripts are
+          eligible to run.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><command>nmap -PN -sP -sC example.com</command></term>
+          <listitem>
+          <para>A script scan without host discovery or a port scan. All
+          hosts are assumed up and only host scripts are eligible to
+          run.</para>
+          </listitem>
+        </varlistentry>
        <varlistentry>
          <indexterm><primary><option>--script-trace</option></primary><secondary>example of</secondary></indexterm>
          <term><command>nmap --script smb-os-discovery --script-trace example.com</command></term>