PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

New option --unique to prevent scanning same address twice. See #2180

Browse Source
This commit is contained in:
dmiller
2020-11-15 04:57:44 +00:00
parent 7400723efa
commit 0de714e8d3
6 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
#Nmap Changelog ($Id$); -*-text-*- #Nmap Changelog ($Id$); -*-text-*-
o New Nmap option --unique will prevent Nmap from scanning the same IP address
twice, which can happen when different names resolve to the same address. [Daniel Miller]
o [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output o [NSE][GH#2175] Fixed NSE so it will not consolidate all port script output
for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller] for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller]

1
NmapOps.cc
View File

@@ -298,6 +298,7 @@ void NmapOps::Initialize() {
deprecated_xml_osclass = false; deprecated_xml_osclass = false;
always_resolve = false; always_resolve = false;
resolve_all = false; resolve_all = false;
unique = false;
dns_servers = NULL; dns_servers = NULL;
implicitARPPing = true; implicitARPPing = true;
numhosts_scanned = 0; numhosts_scanned = 0;

1
NmapOps.h
View File

@@ -304,6 +304,7 @@ class NmapOps {
bool mass_dns; bool mass_dns;
bool always_resolve; bool always_resolve;
bool resolve_all; bool resolve_all;
bool unique;
char *dns_servers; char *dns_servers;
/* Do IPv4 ARP or IPv6 ND scan of directly connected Ethernet hosts, even if /* Do IPv4 ARP or IPv6 ND scan of directly connected Ethernet hosts, even if

3
nmap.cc
View File

@@ -593,6 +593,7 @@ void parse_options(int argc, char **argv) {
{"version-all", no_argument, 0, 0}, {"version-all", no_argument, 0, 0},
{"system-dns", no_argument, 0, 0}, {"system-dns", no_argument, 0, 0},
{"resolve-all", no_argument, 0, 0}, {"resolve-all", no_argument, 0, 0},
{"unique", no_argument, 0, 0},
{"log-errors", no_argument, 0, 0}, {"log-errors", no_argument, 0, 0},
{"deprecated-xml-osclass", no_argument, 0, 0}, {"deprecated-xml-osclass", no_argument, 0, 0},
{(char*)k, no_argument, 0, 0}, {(char*)k, no_argument, 0, 0},
@@ -844,6 +845,8 @@ void parse_options(int argc, char **argv) {
o.dns_servers = strdup(optarg); o.dns_servers = strdup(optarg);
} else if (strcmp(long_options[option_index].name, "resolve-all") == 0) { } else if (strcmp(long_options[option_index].name, "resolve-all") == 0) {
o.resolve_all = true; o.resolve_all = true;
} else if (strcmp(long_options[option_index].name, "unique") == 0) {
o.unique = true;
} else if (strcmp(long_options[option_index].name, "log-errors") == 0) { } else if (strcmp(long_options[option_index].name, "log-errors") == 0) {
/*Nmap Log errors is deprecated and is now always enabled by default. /*Nmap Log errors is deprecated and is now always enabled by default.
This option is left in so as to not break anybody's scanning scripts. This option is left in so as to not break anybody's scanning scripts.

10
targets.cc
View File

@@ -423,7 +423,7 @@ bail:
return NULL; return NULL;
} }
static Target *next_target(HostGroupState *hs, const struct addrset *exclude_group, static Target *next_target(HostGroupState *hs, struct addrset *exclude_group,
struct scan_lists *ports, int pingtype) { struct scan_lists *ports, int pingtype) {
struct sockaddr_storage ss; struct sockaddr_storage ss;
size_t sslen; size_t sslen;
@@ -473,10 +473,14 @@ tryagain:
if (t == NULL) if (t == NULL)
goto tryagain; goto tryagain;
if (o.unique) {
// Use the exclude list to avoid scanning this IP again if the user requested it.
addrset_add_spec(exclude_group, t->targetipstr(), o.af(), 0);
}
return t; return t;
} }
static void refresh_hostbatch(HostGroupState *hs, const struct addrset *exclude_group, static void refresh_hostbatch(HostGroupState *hs, struct addrset *exclude_group,
struct scan_lists *ports, int pingtype) { struct scan_lists *ports, int pingtype) {
int i; int i;
bool arpping_done = false; bool arpping_done = false;
@@ -570,7 +574,7 @@ static void refresh_hostbatch(HostGroupState *hs, const struct addrset *exclude_
nmap_mass_rdns(hs->hostbatch, hs->current_batch_sz); nmap_mass_rdns(hs->hostbatch, hs->current_batch_sz);
} }
Target *nexthost(HostGroupState *hs, const struct addrset *exclude_group, Target *nexthost(HostGroupState *hs, struct addrset *exclude_group,
struct scan_lists *ports, int pingtype) { struct scan_lists *ports, int pingtype) {
if (hs->next_batch_no >= hs->current_batch_sz) if (hs->next_batch_no >= hs->current_batch_sz)
refresh_hostbatch(hs, exclude_group, ports, pingtype); refresh_hostbatch(hs, exclude_group, ports, pingtype);

2
targets.h
View File

@@ -106,7 +106,7 @@ public:
}; };
/* ports is used to pass information about what ports to use for host discovery */ /* ports is used to pass information about what ports to use for host discovery */
Target *nexthost(HostGroupState *hs,const struct addrset *exclude_group, Target *nexthost(HostGroupState *hs, struct addrset *exclude_group,
struct scan_lists *ports, int pingtype); struct scan_lists *ports, int pingtype);
int load_exclude_file(struct addrset *exclude_group, FILE *fp); int load_exclude_file(struct addrset *exclude_group, FILE *fp);
int load_exclude_string(struct addrset *exclude_group, const char *s); int load_exclude_string(struct addrset *exclude_group, const char *s);