quoting of whitespace using double quotes and backslashes. This
allows recovering the original command line array even when
arguments contain whitespace. [David]
timespec doesn't contain a unit. This check was supposed to be done everywhere
but it was missing for --scan-delay and --max-scan-delay. Even if you entered a
time like "10h", which is supposed to disable the warning, it would complain
and tell you to use "10hms".
o Add two new Script scan phases:
Script Pre-scanning phase: before any Nmap scan operation, activated by the new "prerule".
Script Post-scanning phase: after all Nmap scan operations, activated by the new "postrule".
o New environment variables:
SCRIPT_PATH
SCRIPT_NAME
SCRIPT_TYPE: the type of the rule that activated the script.
-A: Enables OS detection and Version detection, Script scanning and Traceroute
to
-A: Enable OS detection, version detection, script scanning, and traceroute
factor of 1000. I realized there is a bad ambiguity in
The default unit for --host-timeout is seconds (since April 2010),
so your time of "10000" is 2.8 hours.
It could be interpreted as "seconds since April 2010" which is a strange
way to specify a length of time and would be confusing if you took it
that way. I have changed it to
Since April 2010, the default unit for --host-timeout is seconds,
so your time of "10000" is 2.8 hours.
says that the function could be outdated if IANA keeps assigning IP ranges,
but I update this function many times per year (usually consisting of more
than one IP block per update). So in case I somehow slack on my unofficial
job of updating this function, I note that it needs frequent attention.
tval2msecs and tval2secs. This affects the following options:
Nmap:
--host-timeout
--max-rtt-timeout --min-rtt-timeout --initial-rtt-timeout
--scan-delay --max-scan-delay
--stats-every
Ncat:
-d --delay
-i --idle-timeout
-w --wait
Nping:
--delay
--host-timeout
--icmp-orig-time --icmp-recv-time --icmp-trans-time
Some sanity checks have been added when it looks like someone is using
the old default of milliseconds. For example,
$ ./nmap --host-timeout 10000
The default unit for --host-timeout is seconds (since April 2010), so your time of "10000" is 2.8 hours. If this is what you want, use "10000s".
QUITTING!
$ ./nmap --scan-delay 1000
The default unit for --scan-delay is seconds (since April 2010), so your time of "1000" is 16.7 minutes. Use "1000ms" for 1000 milliseconds.
QUITTING!
Times with a unit are always taken at face value and will avoid the
error message.
See http://seclists.org/nmap-dev/2010/q2/159 for discussion.
latter would allow you to do this:
$ nmap --max-os-tries 1s localhost
Bogus --max-os-tries argument specified, must be between 1 and 50 (inclusive)
QUITTING!
Because the "1s" became 1000.
atoi isn't right for option parsing because it doesn't catch errors, but
it's what the rest of the option parsing code uses.
was to hide command line arguments from the process list. It had
been broken (would segfault during the second scan) since before May
2009 until February 2010 and was rarely used. The fact that it was
broken was reported by Juan Carlos Castro y Castro.
See http://seclists.org/nmap-dev/2009/q2/464 and
http://seclists.org/nmap-dev/2010/q1/688 for report and discussion.
to verify their correctness and to check more than just the table in
ipv4-address-space. Beyond comment changes and some code movement:
* 198.51.100.0/24 and 203.0.113.0/24 are reserved by RFC5737 (Jan 2010)
* Fix 198.18.0.0/15, which was implemented wrongly. This goes back a while
and was handled somewhat like 198.18.0.0/18.
is used. See discussion at http://seclists.org/nmap-dev/2010/q1/837.
In this patch, all output formats are treated the same. So if a host
isn't shown in normal output, it's not shown in XML output either.
This establishes a more regular syntax for some options that disable
phases of a scan:
-n no reverse DNS
-Pn no host discovery
-sn no port scan
Also, the -sP was possibly misleading because the 'P' suggests "ping
scan," when you can now do more than just pinging when you disable port
scanning. For example, -sC -sn and -sn -Pn --traceroute make sense.
Warning: --min-parallelism and --max-parallelism are ignored with --scan-delay.
It was checking o.min_parallelism against -1, when its default value is
0.
