diff --git a/CHANGELOG b/CHANGELOG index 74d43e374..de5761930 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,9 @@ # Nmap Changelog ($Id$); -*-text-*- +4.20ALPHA9 + +o Added --open option, which causes Nmap to show only open ports. + Ports in the states "open|closed" and "unfiltered" might be open, so + those are shown unless the host has an overwhelming number of them. o Nmap gen2 OS detection used to always do 2 retries if it fails to find a match. Now it normally does just 1 retry, but does 4 retries @@ -6,6 +11,10 @@ o Nmap gen2 OS detection used to always do 2 retries if it fails to new --max-os-tries option lets you specify a or higher maximum number of tries. +o Fixed a confusing error message which occured when you specified a + ping scan or list scan, but also specified -p (which is only used for + port scans). Thanks to Thomas Buchanan for the patch. + 4.20ALPHA8 o Integrated the newly submitted OS fingerprints. The DB now contains diff --git a/Makefile.in b/Makefile.in index e3d3a7a07..bc2460427 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,6 +1,6 @@ -export NMAP_VERSION = 4.20ALPHA8 +export NMAP_VERSION = 4.20ALPHA9 NMAP_NAME= Nmap -NMAP_URL= http://Insecure.Org +NMAP_URL= http://insecure.org NMAP_PLATFORM=@host@ prefix = @prefix@ exec_prefix = @exec_prefix@ diff --git a/NmapOps.cc b/NmapOps.cc index 47ea1bc01..f13b3e992 100644 --- a/NmapOps.cc +++ b/NmapOps.cc @@ -215,6 +215,7 @@ void NmapOps::Initialize() { extra_payload_length = 0; extra_payload = NULL; scan_delay = 0; + open_only = false; scanflags = -1; defeat_rst_ratelimit = 0; resume_ip.s_addr = 0; diff --git a/NmapOps.h b/NmapOps.h index 33c452a7a..eaa0fd797 100644 --- a/NmapOps.h +++ b/NmapOps.h @@ -167,6 +167,8 @@ class NmapOps { // setPacketTrace(false) has been called void setPacketTrace(bool pt) { pTrace = pt; } void setVersionTrace(bool vt) { vTrace = vt; } + bool openOnly() { return open_only; } + void setOpenOnly(bool oo) { open_only = oo; } int verbose; int randomize_hosts; int spoofsource; /* -S used */ @@ -242,6 +244,7 @@ class NmapOps { unsigned long host_timeout; /* Delay between probes, in milliseconds */ unsigned int scan_delay; + bool open_only; int scanflags; /* if not -1, this value should dictate the TCP flags for the core portscaning routine (eg to change a diff --git a/docs/nmap.1 b/docs/nmap.1 index ba8f9655c..0f8177ee7 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -2,7 +2,7 @@ .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" Instead of manually editing it, you probably should edit the DocBook XML .\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "NMAP" "1" "09/30/2006" "" "Nmap Reference Guide" +.TH "NMAP" "1" "10/01/2006" "" "Nmap Reference Guide" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -91,7 +91,7 @@ This options summary is printed when Nmap is run with no arguments, and the late \fI\%http://insecure.org/nmap/data/nmap.usage.txt\fR. It helps people remember the most common options, but is no substitute for the in\-depth documentation in the rest of this manual. Some obscure options aren't even included here. .PP .nf -Nmap 4.20ALPHA6 ( http://Insecure.Org ) +Nmap 4.20ALPHA8 ( http://Insecure.Org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. @@ -775,6 +775,11 @@ or .TP \fB\-\-osscan\-guess\fR; \fB\-\-fuzzy\fR (Guess OS detection results) When Nmap is unable to detect a perfect OS match, it sometimes offers up near\-matches as possibilities. The match has to be very close for Nmap to do this by default. Either of these (equivalent) options make Nmap guess more aggressively. Nmap will still tell you when an imperfect match is printed and display its confidence level (percentage) for each guess. +.TP +\fB\-\-max\-os\-tries\fR (Set the maximum number of OS detection tries against a target) +When Nmap performs OS detection against a target and fails to find a perfect match, it usually repeats the attempt. By default, Nmap tries five times if conditions are favorable for OS fingerprint submission, and twice when conditions aren't so good. Specifying a lower +\fB\-\-max\-os\-tries\fR +value (such as 1) speeds Nmap up, though you miss out on retries which could potentially identify the OS. Alternatively, a high value may be set to allow even more retries when conditions are favorable. This is rarely done, except to generate better fingerprints for submission and integration into the Nmap OS database. This option only affects second generation OS detection (\fB\-O2\fR, the default) and not the old system (\fB\-O1\fR). .SH "TIMING AND PERFORMANCE" .PP One of my highest Nmap development priorities has always been performance. A default scan (\fBnmap \fR\fB\fIhostname\fR\fR) of a host on my local network takes a fifth of a second. That is barely enough time to blink, but adds up when you are scanning tens or hundreds of thousands of hosts. Moreover, certain scan options such as UDP scanning and version detection can increase scan times substantially. So can certain firewall configurations, particularly response rate limiting. While Nmap utilizes parallelism and many advanced algorithms to accelerate these scans, the user has ultimate control over how Nmap runs. Expert users carefully craft Nmap commands to obtain only the information they care about while meeting their time constraints. diff --git a/nmap-os-db b/nmap-os-db index d8c60c2ad..86f6cd08e 100644 --- a/nmap-os-db +++ b/nmap-os-db @@ -83,7 +83,7 @@ IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) # Apple eMac G4 1.25GHz, Mac OS X 10.4.7 (uname -a: Darwin 8.7.8 Darwin Kernel Version 8.7.8: Fri May 26 15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power Maciontosh powerpc) Fingerprint Applie Mac OS X 10.4.7 Class Apple | Mac OS X | 10.4.X | general purpose -SEQ(SP=F4-F6%GCD=<7%ISR=108-10A%TI=I|RD%II=I%SS=S%TS=1) +SEQ(SP=AC-108%GCD=<7%ISR=EA-110%TI=I|RD%II=I%SS=S%TS=0|1|2) OPS(O1=|M5B4NW0NNT11%O2=|M5B4NW0NNT11%O3=|M5B4NW0NNT11%O4=|M5B4NW0NNT11%O5=|M5B4NW0NNT11%O6=|M5B4NNT11) WIN(W1=0|FFFF%W2=0|FFFF%W3=0|FFFF%W4=0|FFFF%W5=0|FFFF%W6=0|FFFF) ECN(R=Y%DF=N|Y%T=40%TG=40%W=0|FFFF%O=|M5B4NW0%CC=N%Q=) @@ -286,45 +286,6 @@ T7(R=Y%DF=N%T=FF%TG=FF%W=0%S=A%A=S%F=AR%O=%RD=0%Q=) U1(R=N) IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) -# Linux 2.4.20 #1473 Tue Nov 1 09:32:46 CET 2005 mips unknown, Sveasoft Firmware Version: Talisman/Basic 1.11-devsnap20051101, Linksys WRT54GS router -Fingerprint Linksys WRT54GS WAP (Linux 2.4.20 kernel) running Sveasoft Firmware -Class Linksys | Linux | 2.4.X | WAP -SEQ(SP=CA-CC%GCD=<7%ISR=CD-CF%TI=Z%II=I%TS=7) -OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) -WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) -ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=Y%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - -# Firmware Version 4.30.7, Linux 2.4.20 I believe - Linksys WRT54GL WAP (Linux kernel) -# Linux (slackware) 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i586 unknown -# Linux (slackware) 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i586 k6-2 i386 GNU/Linux -# Linux 2.4.27-2-386 #1 i686 GNU/Linux -# Linux 2.4.20-pre10-ac1 #1 SMP i686 Pentium II (Deschutes) GNU/Linux -Fingerprint Linux 2.4.20 - 2.4.31 or Linksys WRT54GL WAP (runs Linux) -Class Linux | Linux | 2.4.X | general purpose -Class Linksys | Linux | 2.4.X | WAP -SEQ(SP=BD-CF%GCD=<5%ISR=C4-D4%TI=Z%II=I%TS=7) -OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) -WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) -ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - # D-Link DI-824VUP Wireless VPN Router Firmware Version: v1.05, Mon, Apr 25 2005 Fingerprint D-Link DI-824VUP Wireless VPN Router Class D-Link | embedded || WAP @@ -426,6 +387,23 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Linux 2.4.20 #1473 Tue Nov 1 09:32:46 CET 2005 mips unknown, Sveasoft Firmware Version: Talisman/Basic 1.11-devsnap20051101, Linksys WRT54GS router +Fingerprint Linksys WRT54GS WAP (Linux 2.4.20 kernel) running Sveasoft Firmware +Class Linksys | Linux | 2.4.X | WAP +SEQ(SP=CA-CC%GCD=<7%ISR=CD-CF%TI=Z%II=I%TS=7) +OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=Y%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Linksys WRT54GS Firmware Version: v3.37.1, Oct. 18, 2004 Fingerprint Linksys WRT54GS WAP (Linux kernel) Class Linksys | Linux | 2.4.X | WAP @@ -443,6 +421,28 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=D0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=10%CD=S%SI=S%DLI=S) +# Firmware Version 4.30.7, Linux 2.4.20 I believe - Linksys WRT54GL WAP (Linux kernel) +# Linux (slackware) 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i586 unknown +# Linux (slackware) 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i586 k6-2 i386 GNU/Linux +# Linux 2.4.27-2-386 #1 i686 GNU/Linux +# Linux 2.4.20-pre10-ac1 #1 SMP i686 Pentium II (Deschutes) GNU/Linux +Fingerprint Linux 2.4.20 - 2.4.31 or Linksys WRT54GL WAP (runs Linux) +Class Linux | Linux | 2.4.X | general purpose +Class Linksys | Linux | 2.4.X | WAP +SEQ(SP=BD-CF%GCD=<5%ISR=C4-D4%TI=Z%II=I%TS=7) +OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Linux 2.4.29 i686 GNU/Linux (I am using Slackware 10.1 with the default kernel) Fingerprint Linux 2.4.29 (X86) (Slackware 10.1) Class Linux | Linux | 2.4.X | general purpose @@ -812,15 +812,16 @@ U1(DF=N%T=80%TG=80%TOS=0%IPL=B0%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) # Microsoft Windows XP Professional (all patches up to date 9/29/06) Winver: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2 +# Microsoft Windows XP version 5.1 (build 2600.xpsp_sp2_gdr.050301-1519: Service Pack 2) Fingerprint Microsoft Windows XP SP2 Class Microsoft | Windows | XP | general purpose -SEQ(SP=DC-100%GCD=<7%ISR=100-110%TI=I%II=I%SS=S%TS=0) +SEQ(SP=DA-100%GCD=<7%ISR=100-110%TI=I%II=I%SS=S%TS=0) OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS) -WIN(W1=FC00%W2=FC00%W3=FC80%W4=FD58%W5=FD58%W6=FC94) -ECN(R=Y%DF=Y%T=80%TG=80%W=FC00%O=M5B4NW0NNS%CC=N%Q=) +WIN(W1=FAF0|FC00%W2=FB90|FC00%W3=FC80%W4=FB40|FD58%W5=FB40|FD58%W6=FB8B|FC94) +ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0|FC00%O=M5B4NW0NNS%CC=N%Q=) T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=Y%T=80%TG=80%W=FC94%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=) +T3(R=Y%DF=Y%T=80%TG=80%W=FB8B|FC94%S=O%A=S+%F=AS%O=M5B4NW0NNT00NNS%RD=0%Q=) T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) diff --git a/nmap.cc b/nmap.cc index 10e54ddfc..c7cce1d00 100644 --- a/nmap.cc +++ b/nmap.cc @@ -258,6 +258,7 @@ printf("%s %s ( %s )\n" " -oA : Output in the three major formats at once\n" " -v: Increase verbosity level (use twice for more effect)\n" " -d[level]: Set or increase debugging level (Up to 9 is meaningful)\n" + " --open: Only show open (or possibly open) ports\n" " --packet-trace: Show all packets sent and received\n" " --iflist: Print host interfaces and routes (for debugging)\n" " --log-errors: Log errors/warnings to the normal-format output file\n" @@ -505,6 +506,7 @@ int nmap_main(int argc, char *argv[]) { {"max-hostgroup", required_argument, 0, 0}, {"min_hostgroup", required_argument, 0, 0}, {"min-hostgroup", required_argument, 0, 0}, + {"open", no_argument, 0, 0}, {"scanflags", required_argument, 0, 0}, {"defeat_rst_ratelimit", no_argument, 0, 0}, {"defeat-rst-ratelimit", no_argument, 0, 0}, @@ -638,6 +640,8 @@ int nmap_main(int argc, char *argv[]) { o.setMinHostGroupSz(atoi(optarg)); if (atoi(optarg) > 100) error("Warning: You specified a highly aggressive --min-hostgroup."); + } else if (optcmp(long_options[option_index].name, "open") == 0) { + o.setOpenOnly(true); } else if (strcmp(long_options[option_index].name, "scanflags") == 0) { o.scanflags = parse_scanflags(optarg); if (o.scanflags < 0) { @@ -1150,8 +1154,8 @@ int nmap_main(int argc, char *argv[]) { } } - if ((o.pingscan || o.listscan) && fastscan) { - fatal("The fast scan (-F) is incompatible with ping scan"); + if ((o.pingscan || o.listscan) && (portlist || fastscan)) { + fatal("You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan"); } if (portlist) { @@ -1170,10 +1174,6 @@ int nmap_main(int argc, char *argv[]) { ports = getfastports(o.TCPScan(), o.UDPScan()); } - if ((o.pingscan || o.listscan) && ports) { - fatal("You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan"); - } - #ifdef WIN32 if (o.sendpref & PACKET_SEND_IP) { error("WARNING: raw IP (rather than raw ethernet) packet sending attempted on Windows. This probably won't work. Consider --send-eth next time.\n"); diff --git a/nmap_winconfig.h b/nmap_winconfig.h index d2b13683d..73fb7200e 100644 --- a/nmap_winconfig.h +++ b/nmap_winconfig.h @@ -106,9 +106,9 @@ /* Without this, Windows will give us all sorts of crap about using functions like strcpy() even if they are done safely */ #define _CRT_SECURE_NO_DEPRECATE 1 -#define NMAP_VERSION "4.20ALPHA8" +#define NMAP_VERSION "4.20ALPHA9" #define NMAP_NAME "Nmap" -#define NMAP_URL "http://insecure.org/nmap" +#define NMAP_URL "http://insecure.org" #define NMAP_PLATFORM "i686-pc-windows-windows" #define NMAPDATADIR "c:\\nmap" /* FIXME: I really need to make this dynamic */ diff --git a/nmapfe/nmapfe_sig.c b/nmapfe/nmapfe_sig.c index 6ffea534a..e367ab305 100644 --- a/nmapfe/nmapfe_sig.c +++ b/nmapfe/nmapfe_sig.c @@ -236,9 +236,8 @@ static char *next_token(char *buf, char *token, int tokensz) static char *build_command() { -int size = 2560; /* this should be long enough ;-) */ static char *command = NULL; -static int command_size = 0; +int command_size = 2560; /* Find how much to malloc() */ // size = strlen(gtk_entry_get_text(GTK_ENTRY(opt.range_text))) + @@ -250,8 +249,8 @@ static int command_size = 0; // 2560; /* We get 60 from the chars required for each option */ - if (size > command_size) - command = realloc(command, size); + if (!command) + command = safe_malloc(command_size); strcpy(command, "nmap "); diff --git a/osscan.cc b/osscan.cc index b943bf44c..b9fddb667 100644 --- a/osscan.cc +++ b/osscan.cc @@ -1472,7 +1472,7 @@ o.current_scantype = OS_SCAN; if (o.verbose) { starttimems = o.TimeSinceStartMS(); - log_write(LOG_STDOUT|LOG_NORMAL|LOG_SKID, "Initiating gen1 OS Detection against %s at %.3fs\n", target->targetipstr(), starttimems / 1000.0); + log_write(LOG_STDOUT, "Initiating gen1 OS Detection against %s at %.3fs\n", target->targetipstr(), starttimems / 1000.0); } if (target->FPR1 == NULL) diff --git a/osscan2.cc b/osscan2.cc index dadba51de..025e4de49 100644 --- a/osscan2.cc +++ b/osscan2.cc @@ -2849,7 +2849,7 @@ OsScanInfo::OsScanInfo(vector &Targets) { #ifdef WIN32 if (Targets[targetno]->ifType() == devt_loopback) { - log_write(LOG_STDOUT, "Skipping OS Scan against %s because it doesn't work against your own machine (localhsot)\n", Targets[targetno]->NameIP()); + log_write(LOG_STDOUT, "Skipping OS Scan against %s because it doesn't work against your own machine (localhost)\n", Targets[targetno]->NameIP()); continue; } #endif diff --git a/output.cc b/output.cc index 5a1e93134..99f55e6b3 100644 --- a/output.cc +++ b/output.cc @@ -473,7 +473,12 @@ void printportoutput(Target *currenths, PortList *plist) { if (prevstate == PORT_UNKNOWN) log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "Not shown: "); else log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, ", "); - log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "%d %s %s", plist->getStateCounts(istate), statenum2str(istate), o.ipprotscan? "protocols": "ports"); + char desc[32]; + if (o.ipprotscan) + snprintf(desc, sizeof(desc), (plist->getStateCounts(istate) == 1)? "protocol" : "protocols"); + else + snprintf(desc, sizeof(desc), (plist->getStateCounts(istate) == 1)? "port" : "ports"); + log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "%d %s %s", plist->getStateCounts(istate), statenum2str(istate), desc); prevstate = istate; } if (prevstate != PORT_UNKNOWN) log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "\n"); diff --git a/portlist.cc b/portlist.cc index d8189c4a5..85715725c 100644 --- a/portlist.cc +++ b/portlist.cc @@ -678,10 +678,16 @@ bool PortList::isIgnoredState(int state) { state == PORT_FRESH) return false; /* Cannot be ignored */ + /* If openonly, we always ignore states that don't at least have open + as a possibility. */ + if (o.openOnly() && state != PORT_OPENFILTERED && state != PORT_UNFILTERED + && getStateCounts(state) > 0) + return true; + int max_per_state = 25; // Ignore states with more ports than this /* We will show more ports when verbosity is requested */ if (o.verbose || o.debugging) - max_per_state *= (o.verbose + 50 * o.debugging); + max_per_state *= (o.verbose + 20 * o.debugging); if (getStateCounts(state) > max_per_state) return true;