This is for technical reasons; nmap-private-dev programs need to link
against objects files but they can't link against main.o because that
results in a duplicate definition of main.
the current directory, to avoid warnings like
Warning: File ./nmap-services exists, but Nmap is using /home/david/nmap/nmap-services for security and consistency reasons.
when . and /home/david/nmap are the same directory.
quoting of whitespace using double quotes and backslashes. This
allows recovering the original command line array even when
arguments contain whitespace. [David]
timespec doesn't contain a unit. This check was supposed to be done everywhere
but it was missing for --scan-delay and --max-scan-delay. Even if you entered a
time like "10h", which is supposed to disable the warning, it would complain
and tell you to use "10hms".
o Add two new Script scan phases:
Script Pre-scanning phase: before any Nmap scan operation, activated by the new "prerule".
Script Post-scanning phase: after all Nmap scan operations, activated by the new "postrule".
o New environment variables:
SCRIPT_PATH
SCRIPT_NAME
SCRIPT_TYPE: the type of the rule that activated the script.
-A: Enables OS detection and Version detection, Script scanning and Traceroute
to
-A: Enable OS detection, version detection, script scanning, and traceroute
factor of 1000. I realized there is a bad ambiguity in
The default unit for --host-timeout is seconds (since April 2010),
so your time of "10000" is 2.8 hours.
It could be interpreted as "seconds since April 2010" which is a strange
way to specify a length of time and would be confusing if you took it
that way. I have changed it to
Since April 2010, the default unit for --host-timeout is seconds,
so your time of "10000" is 2.8 hours.
says that the function could be outdated if IANA keeps assigning IP ranges,
but I update this function many times per year (usually consisting of more
than one IP block per update). So in case I somehow slack on my unofficial
job of updating this function, I note that it needs frequent attention.
tval2msecs and tval2secs. This affects the following options:
Nmap:
--host-timeout
--max-rtt-timeout --min-rtt-timeout --initial-rtt-timeout
--scan-delay --max-scan-delay
--stats-every
Ncat:
-d --delay
-i --idle-timeout
-w --wait
Nping:
--delay
--host-timeout
--icmp-orig-time --icmp-recv-time --icmp-trans-time
Some sanity checks have been added when it looks like someone is using
the old default of milliseconds. For example,
$ ./nmap --host-timeout 10000
The default unit for --host-timeout is seconds (since April 2010), so your time of "10000" is 2.8 hours. If this is what you want, use "10000s".
QUITTING!
$ ./nmap --scan-delay 1000
The default unit for --scan-delay is seconds (since April 2010), so your time of "1000" is 16.7 minutes. Use "1000ms" for 1000 milliseconds.
QUITTING!
Times with a unit are always taken at face value and will avoid the
error message.
See http://seclists.org/nmap-dev/2010/q2/159 for discussion.
latter would allow you to do this:
$ nmap --max-os-tries 1s localhost
Bogus --max-os-tries argument specified, must be between 1 and 50 (inclusive)
QUITTING!
Because the "1s" became 1000.
atoi isn't right for option parsing because it doesn't catch errors, but
it's what the rest of the option parsing code uses.
was to hide command line arguments from the process list. It had
been broken (would segfault during the second scan) since before May
2009 until February 2010 and was rarely used. The fact that it was
broken was reported by Juan Carlos Castro y Castro.
See http://seclists.org/nmap-dev/2009/q2/464 and
http://seclists.org/nmap-dev/2010/q1/688 for report and discussion.
