o Nmap now saves the target name (if any) specified on the command

line, since this can differ from the reverse DNS results.  It can be
  particularly important when doing HTTP tests against virtual hosts.
  The data can be accessed from target->HostName() from Nmap proper
  and host.targetname from NSE scripts.  The NSE HTTP library now uses
  this for the Host header.  Thanks to Sven Klemm for adding this
  useful feature.

CHANGELOG

@@ -1,5 +1,13 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Nmap now saves the target name (if any) specified on the command
+  line, since this can differ from the reverse DNS results.  It can be
+  particularly important when doing HTTP tests against virtual hosts.
+  The data can be accessed from target->HostName() from Nmap proper
+  and host.targetname from NSE scripts.  The NSE HTTP library now uses
+  this for the Host header.  Thanks to Sven Klemm for adding this
+  useful feature.
+
 o Added NSE HTTP library which allows scripts to easily fetch URLs
   with http.get_url() or create more complex requests with
   http.request().  There is also an http.get() function which takes

Target.cc

@@ -119,6 +119,7 @@ Target::Target() {
 
 void Target::Initialize() {
   hostname = NULL;
+  targetname = NULL;
   memset(&seq, 0, sizeof(seq));
   distance = -1;
   FPR1 = NULL;
@@ -169,6 +170,9 @@ void Target::FreeInternal() {
   if (hostname)
     free(hostname);
 
+  if (targetname)
+    free(targetname);
+
   if (nameIPBuf) {
     free(nameIPBuf);
     nameIPBuf = NULL;
@@ -221,6 +225,7 @@ void Target::setTargetSockAddr(struct sockaddr_storage *ss, size_t ss_len) {
     /* We had an old target sock, so we better blow away the hostname as
        this one may be new. */
     setHostName(NULL);
+    setTargetName(NULL);
   }
   memcpy(&targetsock, ss, ss_len);
   targetsocklen = ss_len;
@@ -308,6 +313,16 @@ void Target::setHostName(char *name) {
   }
 }
 
+void Target::setTargetName(char *name) {
+  if (targetname) {
+    free(targetname);
+    targetname = NULL;
+  }
+  if (name) {
+    targetname = strdup(name);
+  }
+}
+
  /* Generates a printable string consisting of the host's IP
      address and hostname (if available).  Eg "www.insecure.org
      (64.71.184.53)" or "fe80::202:e3ff:fe14:1102".  The name is

Target.h

@@ -176,6 +176,16 @@ class Target {
   /* This next version returns a STATIC buffer -- so no concurrency */
   const char *NameIP();
 
+  /* Give the name from the last setTargetName() call, which is the 
+   name of the target given on the command line if it's a named
+   host. */
+  const char *TargetName() { return targetname; }
+  /* You can set to NULL to erase a name.  The targetname is blown
+     away when you setTargetSockAddr(), so make sure you do these in proper
+     order
+  */
+  void setTargetName(char *name);
+
   /* If the host is directly connected on a network, set and retrieve
      that information here.  directlyConnected() will abort if it hasn't
      been set yet.  */
@@ -246,6 +256,7 @@ class Target {
   unsigned int flags; /* HOST_UP, HOST_DOWN, HOST_FIREWALLED, HOST_BROADCAST (instead of HOST_BROADCAST use wierd_responses */
   struct timeout_info to;
   char *hostname; // Null if unable to resolve or unset
+  char * targetname; // The name of the target host given on the commmand line if it is a named host
 
 #ifndef NOLUA
   ScriptResults scriptResults;

TargetGroup.cc

@@ -168,7 +168,7 @@ int TargetGroup::parse_expr(const char * const target_expr, int af) {
   char *hostexp = strdup(target_expr);
   struct hostent *target;
   unsigned long longtmp;
-  int namedhost = 0;
+  namedhost = 0;
 
   if (targets_type != TYPE_NONE)
     Initialize();

TargetGroup.h

@@ -134,6 +134,8 @@ class TargetGroup {
   char get_targets_type() {return targets_type;};
   /* get the netmask */
   int get_mask() {return netmask;};
+  /* is the current expression a named host */
+  int get_namedhost() {return namedhost;};
   /* Skip an octet in the range array */
   int skip_range(_octet_nums octet);
  private:
@@ -160,6 +162,8 @@ class TargetGroup {
 		  the fields are not valid */
   unsigned long ipsleft; 
 
+  // is the current target expression a named host
+  int namedhost;
 };
 
 class HostGroupState {

docs/scripting.xml

@@ -1526,6 +1526,16 @@ if(s) code_to_be_done_on_match end
 	      </para>
 	    </listitem>
 	  </varlistentry>
+	  <varlistentry>
+	    <term><option>host.targetname</option>
+	      <indexterm><primary>host.targetname</primary></indexterm></term>
+	    <listitem>
+	      <para>Contains the name of the host as specified on the commandline.
+		If the target given on the commandline contains a netmask or is an IP
+		address the value of the field is <literal>nil</literal>.
+	      </para>
+	    </listitem>
+	  </varlistentry>
 	  <varlistentry>
 	    <term><option>host.directly_connected</option>
 	      <indexterm><primary>host.directly_connected</primary></indexterm></term>

nse_nmaplib.cc

@@ -180,7 +180,7 @@ void set_version(lua_State* l, struct serviceDeductions sd) {
 	}
 }
 
-/* set host ip and host name onto the
+/* set host ip, host name and target name onto the
  * table which is currently on the stack
  * set name of the os run by the host onto the
  * table which is currently on the stack
@@ -199,6 +199,11 @@ void set_hostinfo(lua_State* l, Target *currenths) {
 	lua_pushstring(l, strncpy(hostname, currenths->HostName(), 1024));
 	lua_setfield(l, -2, "name");
 
+	if ( currenths->TargetName() ) { // else nil
+		lua_pushstring(l, strncpy(hostname, currenths->TargetName(), 1024));
+		lua_setfield(l, -2, "targetname");
+	}
+
 	if(currenths->directlyConnectedOrUnset() != -1){
 	    lua_pushboolean(l, currenths->directlyConnected());
 	    lua_setfield(l, -2, "directly_connected");

nselib/http.lua

@@ -72,7 +72,7 @@ request = function( host, port, data, options )
   options = options or {}
 
   if type(host) == 'table' then
-    host = ( host.name ~= '' and host.name ) or host.ip
+    host = host.targetname or ( host.name ~= '' and host.name ) or host.ip
   end
 
   local protocol = 'tcp'

targets.cc

@@ -497,6 +497,13 @@ do {
       hs->hostbatch[hidx] = new Target();
       hs->hostbatch[hidx]->setTargetSockAddr(&ss, sslen);
 
+      /* put target expression in target if we have a named host without netmask */
+      if ( hs->current_expression.get_targets_type() == TargetGroup::IPV4_NETMASK  &&
+	  hs->current_expression.get_namedhost() &&
+	  !strchr( hs->target_expressions[hs->next_expression-1], '/' ) ) {
+	hs->hostbatch[hidx]->setTargetName(hs->target_expressions[hs->next_expression-1]);
+      }
+
       /* We figure out the source IP/device IFF
 	 1) We are r00t AND
 	 2) We are doing tcp or udp pingscan OR