diff --git a/nmap-payloads b/nmap-payloads
index 9138fcc7f..3e0c7f3c8 100644
--- a/nmap-payloads
+++ b/nmap-payloads
@@ -286,13 +286,13 @@ udp 17185
 # nmap-service-probes). These services typically run on a base port or a
 # few numbers higher.
 # Quake 2. Typical ports: 27910-97914.
-udp 27910,27911,27912,27913,27914 "\xff\xff\xff\xffstatus"
+udp 27910-27914 "\xff\xff\xff\xffstatus"
 # Quake 3. Typical ports:
 # 26000-26004: Nexuiz
 # 27960-27964: Various games
 # 30720-30724: Tremulous
 # 44400: Warsow
-udp 26000,26001,26002,26003,26004,27960,27961,27962,27963,27964,30720,30721,30722,30723,30724,44400 "\xff\xff\xff\xffgetstatus"
+udp 26000-26004,27960-27964,30720-30724,44400 "\xff\xff\xff\xffgetstatus"
 
 # Murmur 1.2.X (Mumble server)
 # UDP ping. "abcdefgh" is an identifier. See
diff --git a/payload.cc b/payload.cc
index c0caf33db..d6109d8b8 100644
--- a/payload.cc
+++ b/payload.cc
@@ -144,6 +144,7 @@
 #include "payload.h"
 #include "utils.h"
 #include "nmap_error.h"
+#include "scan_lists.h"
 
 extern NmapOps o;
 
@@ -186,49 +187,6 @@ struct token {
   size_t len;
 };
 
-/* Returns a malloc-allocated list of the ports in portlist. portlist must
-   contain one or more integers 0 <= p < 65536, separated by commas. */
-static unsigned short *parse_portlist(const char *portlist, unsigned int *count) {
-  uint32_t bitmap[65536 / 32];
-  unsigned short *result;
-  unsigned int i;
-  unsigned int p;
-
-  memset(bitmap, 0, sizeof(bitmap));
-  *count = 0;
-  for (;;) {
-    long l;
-    char *tail;
-
-    errno = 0;
-    l = strtol(portlist, &tail, 10);
-    if (portlist == tail || errno != 0 || l < 0 || l > 65535)
-      return NULL;
-    if (!(bitmap[l / 32] & (1 << (l % 32)))) {
-      bitmap[l / 32] |= (1 << (l % 32));
-      (*count)++;
-    }
-    if (*tail == '\0')
-      break;
-    else if (*tail == ',')
-      portlist = tail + 1;
-    else
-      return NULL;
-  }
-
-  assert(*count < 65536);
-  result = (unsigned short *) malloc(sizeof(*result) * *count);
-  if (result == NULL)
-    return NULL;
-  i = 0;
-  for (p = 0; p < 65536 && i < *count; p++) {
-    if (bitmap[p / 32] & (1 << (p % 32)))
-      result[i++] = p;
-  }
-
-  return result;
-}
-
 static unsigned long line_no;
 
 /* Get the next token from fp. The return value is the token type, or -1 on
@@ -284,7 +242,7 @@ static int next_token(FILE *fp, struct token *token) {
   } else {
     i = 0;
     token->text[i++] = c;
-    while ((c = fgetc(fp)) != EOF && (isalnum(c) || c == ',')) {
+    while ((c = fgetc(fp)) != EOF && (isalnum(c) || c == ',' || c == '-')) {
       if (i + 1 >= sizeof(token->text))
         return -1;
       token->text[i++] = c;
@@ -308,7 +266,7 @@ static int load_payloads_from_file(FILE *fp) {
   type = next_token(fp, &token);
   for (;;) {
     unsigned short *ports;
-    unsigned int count, p;
+    int count;
     std::string payload_data;
 
     while (type == TOKEN_NEWLINE)
@@ -325,7 +283,7 @@ static int load_payloads_from_file(FILE *fp) {
       fprintf(stderr, "Expected a port list at line %lu of %s.\n", line_no, PAYLOAD_FILENAME);
       return -1;
     }
-    ports = parse_portlist(token.text, &count);
+    getpts_simple(token.text, SCAN_UDP_PORT, &ports, &count);
     if (ports == NULL) {
       fprintf(stderr, "Can't parse port list \"%s\" at line %lu of %s.\n", token.text, line_no, PAYLOAD_FILENAME);
       return -1;
@@ -348,7 +306,7 @@ static int load_payloads_from_file(FILE *fp) {
         type = next_token(fp, &token);
     }
 
-    for (p = 0; p < count; p++) {
+    for (int p = 0; p < count; p++) {
       struct proto_dport key(IPPROTO_UDP, ports[p]);
       struct payload payload;