-A: Enables OS detection and Version detection, Script scanning and Traceroute
to
-A: Enable OS detection, version detection, script scanning, and traceroute
factor of 1000. I realized there is a bad ambiguity in
The default unit for --host-timeout is seconds (since April 2010),
so your time of "10000" is 2.8 hours.
It could be interpreted as "seconds since April 2010" which is a strange
way to specify a length of time and would be confusing if you took it
that way. I have changed it to
Since April 2010, the default unit for --host-timeout is seconds,
so your time of "10000" is 2.8 hours.
says that the function could be outdated if IANA keeps assigning IP ranges,
but I update this function many times per year (usually consisting of more
than one IP block per update). So in case I somehow slack on my unofficial
job of updating this function, I note that it needs frequent attention.
tval2msecs and tval2secs. This affects the following options:
Nmap:
--host-timeout
--max-rtt-timeout --min-rtt-timeout --initial-rtt-timeout
--scan-delay --max-scan-delay
--stats-every
Ncat:
-d --delay
-i --idle-timeout
-w --wait
Nping:
--delay
--host-timeout
--icmp-orig-time --icmp-recv-time --icmp-trans-time
Some sanity checks have been added when it looks like someone is using
the old default of milliseconds. For example,
$ ./nmap --host-timeout 10000
The default unit for --host-timeout is seconds (since April 2010), so your time of "10000" is 2.8 hours. If this is what you want, use "10000s".
QUITTING!
$ ./nmap --scan-delay 1000
The default unit for --scan-delay is seconds (since April 2010), so your time of "1000" is 16.7 minutes. Use "1000ms" for 1000 milliseconds.
QUITTING!
Times with a unit are always taken at face value and will avoid the
error message.
See http://seclists.org/nmap-dev/2010/q2/159 for discussion.
latter would allow you to do this:
$ nmap --max-os-tries 1s localhost
Bogus --max-os-tries argument specified, must be between 1 and 50 (inclusive)
QUITTING!
Because the "1s" became 1000.
atoi isn't right for option parsing because it doesn't catch errors, but
it's what the rest of the option parsing code uses.
was to hide command line arguments from the process list. It had
been broken (would segfault during the second scan) since before May
2009 until February 2010 and was rarely used. The fact that it was
broken was reported by Juan Carlos Castro y Castro.
See http://seclists.org/nmap-dev/2009/q2/464 and
http://seclists.org/nmap-dev/2010/q1/688 for report and discussion.
to verify their correctness and to check more than just the table in
ipv4-address-space. Beyond comment changes and some code movement:
* 198.51.100.0/24 and 203.0.113.0/24 are reserved by RFC5737 (Jan 2010)
* Fix 198.18.0.0/15, which was implemented wrongly. This goes back a while
and was handled somewhat like 198.18.0.0/18.
is used. See discussion at http://seclists.org/nmap-dev/2010/q1/837.
In this patch, all output formats are treated the same. So if a host
isn't shown in normal output, it's not shown in XML output either.
This establishes a more regular syntax for some options that disable
phases of a scan:
-n no reverse DNS
-Pn no host discovery
-sn no port scan
Also, the -sP was possibly misleading because the 'P' suggests "ping
scan," when you can now do more than just pinging when you disable port
scanning. For example, -sC -sn and -sn -Pn --traceroute make sense.
Warning: --min-parallelism and --max-parallelism are ignored with --scan-delay.
It was checking o.min_parallelism against -1, when its default value is
0.
file again when it needs it. This is called from nmap_free_mem, because
cp_free (also called by nmap_free_mem) invalidates members of the
services data structures.
In normal use this doesn't matter. It only matters when reinvoking the
engine several times with --interactive.
This always goes to XML and grepable output. It goes to normal in
interactive output in verbose mode. The format for printing a down host
is changed slightly:
Nmap scan report for 1.1.1.1 [host down]
just handle it in the normal program flow. A problem with having two
pieces of code doing the same thing was that they varied a bit; if you
ran -sP --traceroute you wouldn't get the "Final times for host" output
because that was left out of one of the output loops. Another problem
was that the special-case logic assumed that traceroute was the only
thing that could happen after a port scan, which is not true because
script scanning can happen too. Running -sP --traceroute --script=all
would not run any scripts. Now it run asn-query and whois as expected.
numbers in a collision-free way for a full 2^32 cycle. This allows
Nmap to generate random IPs with -iR that don't have duplicates.
See:
http://seclists.org/nmap-dev/2009/q3/0695.html
How this is done is documented in the code.
