nmap skip port scan but execute --script?
Asked Answered
B

1

8

I'm trying to use nmap with a script which works with a normal scan. But when executing nmap -sn --script=... it just finds the host (target) and stops.

What would the command be to scan the target with the script but not do a port scan?

Breastpin answered 12/9, 2014 at 4:29 Comment(0)
W
8

NSE (Nmap Scripting Engine) scripts are designed to run based on the return value of at least one of four functions (called Rules)defined in the script:

  • prerule() - This function is run once at the beginning of the entire scan. If it returns true, then the action function is called with no arguments.
  • portrule(host, port) - This function is run once for every open port on every host. If it returns true, then the action(host, port) function is run for that host and port combination.
  • hostrule(host) - This function is run once for every host that is found to be up. If it returns true, then the action(host) function is run for that host.
  • postrule() - This function works the same as the prerule but is run after all hosts have been scanned.

So when you scan with -sn ("skip port scan"), the portrule scripts will not run at all, since there are "no open ports." The best way to do a targeted script scan is to determine what the relevant ports are and specify them with -p. For instance, if I wanted to run ssh-hostkey without doing a full port scan, I would do this: nmap -p 22 --script ssh-hostkey <targets>

Wolter answered 12/9, 2014 at 14:29 Comment(2)
This sounds like a design flaw.Niggling
Yeah I thought it should be provided a option to run only script without port-scanning.Freak

© 2022 - 2024 — McMap. All rights reserved.