Results 1 to 3 of 3

Thread: nmap - including extra ports in the scan

  1. #1
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    2

    Default nmap - including extra ports in the scan

    I wrote a script to audit the firewalls / services visible "outside" from all of my employers networks. The networks host pretty different kind of services, and include both "normal" and custom ports. My problem is that currently I'm running out of time while scanning approximately two /24 networks a day (so my timeframe is 12h per network).

    The script breaks if the previous scan is still running when a new one starts...

    The firewall configurations differ quite a lot from one hosting center to another, in several of them we don't manage it ourselves. Currently I'm having to use the "assume hosts are up" switch to ensure all machines are actually scanned.

    We have quite a lot of services running on exotic ports, but also generic stuff. Now I could set the ports so that I'm only monitoring the ports I assume will be open, but I feel it's quite risky. All it takes is a few mistakes and I'll have something open to the internet that I don't detect. So what I would really want, is having all the default ports monitored, and add to this a few custom ranges.

    From what I've understood the only way to do this would be to edit the nmap-services file by hand and add the services (and custom frequency??) there? It seems quite cumbersome and prone to error, plus it would make updating nmap a nightmare.

    Is there any elegant solution to this? Somehow you would think it would be possible to add something like a -p +25000-25050 switch to have this range added to what will be scanned by default...

  2. #2
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    I asked this exact same thing about a month ago. If there is anyway to just add ports to the default list on the fly.

    Like nmap -p+4444,4445 x.x.x.x .. the short answer is no currently there is not. I did speak to one of the devs and they said throw a e-mail to nmap and they could probably put out a patch in a few days, but i never got around to it as i only needed it for a few scans.

    Your best bet .. is to do a default scan, then do another scan with your custom ports and combine the output either by hand or witha custom script depending on what you want.

    Alternatively you could do something like this ... grab all the default ports that nmap normaly uses and write it all out into a batch file, then just use that script to add in your ports like so

    #!/bin/sh
    nmap -P0 -n -sV -T4 -p 21,22,23,-snip-,80,1531,$1 $2 -oA outty

    Then just do ./nmap-script.sh 25000,250001 192.168.1.0/24
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  3. #3
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    2

    Default

    Thanks for the reply!

    I was considering splitting it into two scans, but I don't think there would be an easy way to combine the results. I also would not want to be running 4 scans a day if I can just manage with two. I'm currently exporting to xml and using ndiff on the results, then mailing the output to myself.

    I'll try emailing the devs and see what they say.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •