I'm trying to use nmap with a script which works with a normal scan. But when executing nmap -sn --script=...
it just finds the host (target) and stops.
What would the command be to scan the target with the script but not do a port scan?
I'm trying to use nmap with a script which works with a normal scan. But when executing nmap -sn --script=...
it just finds the host (target) and stops.
What would the command be to scan the target with the script but not do a port scan?
NSE (Nmap Scripting Engine) scripts are designed to run based on the return value of at least one of four functions (called Rules)defined in the script:
prerule()
- This function is run once at the beginning of the entire scan. If it returns true, then the action
function is called with no arguments.portrule(host, port)
- This function is run once for every open port on every host. If it returns true, then the action(host, port)
function is run for that host and port combination.hostrule(host)
- This function is run once for every host that is found to be up. If it returns true, then the action(host)
function is run for that host.postrule()
- This function works the same as the prerule
but is run after all hosts have been scanned.So when you scan with -sn
("skip port scan"), the portrule
scripts will not run at all, since there are "no open ports." The best way to do a targeted script scan is to determine what the relevant ports are and specify them with -p
. For instance, if I wanted to run ssh-hostkey
without doing a full port scan, I would do this: nmap -p 22 --script ssh-hostkey <targets>
© 2022 - 2024 — McMap. All rights reserved.