Add the --resolve-all option

CHANGELOG

@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o Add the --resolve-all option to resolve and scan all IP addresses of a host.
+  This essentially replaces the resolveall NSE script. [Daniel Miller]
+
 o [NSE] VNC scripts now support Apple Remote Desktop authentication (auth type
   30) [Daniel Miller]
 
@@ -97,11 +100,6 @@ o [NSE] New script http-jsonp-detection Attempts to discover JSONP endpoints in
   web servers. JSONP endpoints can be used to bypass Same-origin Policy
   restrictions in web browsers. [Vinamra Bhatia]
 
-o Nmap can now resolve and scan all IP addresses of a host. Instead of using
-  the resolveall NSE script, append "*all" to a target hostname:
-    nmap example.com*all another.example.com*all/24
-  [Daniel Miller]
-
 o [GH#957] Fix reporting of zlib and libssh2 versions in "nmap --version". We
   were always reporting the version number of the included source, even when a
   different version was linked. [Pavel Zhukov]

NmapOps.cc

@@ -364,6 +364,7 @@ void NmapOps::Initialize() {
   mass_dns = true;
   deprecated_xml_osclass = false;
   always_resolve = false;
+  resolve_all = false;
   dns_servers = NULL;
   implicitARPPing = true;
   numhosts_scanned = 0;

NmapOps.h

@@ -371,6 +371,7 @@ class NmapOps {
   std::map<std::string, std::string> loaded_data_files;
   bool mass_dns;
   bool always_resolve;
+  bool resolve_all;
   char *dns_servers;
 
   /* Do IPv4 ARP or IPv6 ND scan of directly connected Ethernet hosts, even if

TargetGroup.cc

@@ -381,7 +381,7 @@ static NetBlock *parse_expr_without_netmask(const char *hostexp, int af) {
     return NULL;
   }
 
-  NetBlockHostname *netblock_hostname = new NetBlockHostname(hostn, af, resolveall);
+  NetBlockHostname *netblock_hostname = new NetBlockHostname(hostn, af, resolveall || o.resolve_all);
   free(hostn);
   return netblock_hostname;
 }

docs/refguide.xml

@@ -169,9 +169,7 @@ simplest case is to specify a target IP address or hostname for scanning.</para>
   via the Domain Name System (DNS) to determine the IP address to scan. If the
   name resolves to more than one IP address, only the first one will be
   scanned. To make Nmap scan all the resolved addresses instead of only the
-  first one, append <literal>*all</literal>
-  <indexterm><primary>*all</primary></indexterm> to the hostname like so:
-  <literal>example.com*all</literal>
+  first one, use the <option>--resolve-all</option> option.
 </para>
 
 <para>Sometimes you wish to scan a whole network of adjacent hosts. For
@@ -961,6 +959,21 @@ Traceroute works by sending packets with a low TTL (time-to-live) in an attempt
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>
+          <option>--resolve-all</option> (Scan each resolved address)
+          <indexterm><primary><option>--resolve-all</option></primary></indexterm>
+        </term>
+        <listitem>
+          <para>If a hostname target resolves to more than one address, scan
+            all of them. The default behavior is to only scan the first
+            resolved address. Regardless, only addresses in the appropriate
+            address family will be scanned: IPv4 by default, IPv6 with
+            <option>-6</option>.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>
           <option>--system-dns</option> (Use system DNS resolver)

nmap.cc

@@ -683,6 +683,7 @@ void parse_options(int argc, char **argv) {
     {"version-all", no_argument, 0, 0},
     {"system_dns", no_argument, 0, 0},
     {"system-dns", no_argument, 0, 0},
+    {"resolve-all", no_argument, 0, 0},
     {"log_errors", no_argument, 0, 0},
     {"log-errors", no_argument, 0, 0},
     {"deprecated_xml_osclass", no_argument, 0, 0},
@@ -941,6 +942,8 @@ void parse_options(int argc, char **argv) {
           o.mass_dns = false;
         } else if (optcmp(long_options[option_index].name, "dns-servers") == 0) {
           o.dns_servers = strdup(optarg);
+        } else if (optcmp(long_options[option_index].name, "resolve-all") == 0) {
+          o.resolve_all = true;
         } else if (optcmp(long_options[option_index].name, "log-errors") == 0) {
           /*Nmap Log errors is deprecated and is now always enabled by default.
           This option is left in so as to not break anybody's scanning scripts.

scripts/resolveall.nse

@@ -120,7 +120,7 @@ preaction = function()
   else
     table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
   end
-  table.insert(output, "Scanning 'hostname*all' will scan all resolved addresses for 'hostname' without using this script.")
+  table.insert(output, "Use the --resolve-all option to scan all resolved addresses without using this script.")
   return xmloutput, stdnse.format_output(true, output)
 end
 
@@ -152,7 +152,7 @@ hostaction = function(host)
   else
     table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
   end
-  table.insert(output, ("Scanning '%s*all' will scan all resolved addresses without using this script."):format(host.targetname))
+  table.insert(output, ("Use the --resolve-all option to scan all resolved addresses without using this script."):format(host.targetname))
   return xmloutput, stdnse.format_output(true, output)
 end