-1

Is there any command on nmap or on some other tool which will stop scan and move on to a different IP on finding a single open port?

Need to perform this for host discovery on few assets which has ping disabled.

Eg: A particular asset has 80,443,445 enabled. Nmap detects port 80 open, doesn't probes 443,445 ports, instead moves on to the next defined target.

Rapt0r
  • 1
  • 1
  • 1
  • Why do you want this? Why not launch 3 scans in series, each on a single port? When there is a finding from one scan, remove the IP for the subsequent scans. I think this is a scripting exercise and not a "what is the command" type exercise. – schroeder Sep 24 '18 at 16:10
  • 1
    There are better ways to perform host discovery. Do more research on the topic, this isn't a good way to do it. – xorist Sep 24 '18 at 17:14
  • I know there are more ways to host discovery, this is specifically for environments where ping probes are disabled and where need is to find any responsive host without bringing down the delicate environment. We have faced outages at our end due to some devices going down on mere nmap probes. – Rapt0r Sep 25 '18 at 08:21

1 Answers1

0

This is exactly how Nmap's host discovery works. It sends the probes that were requested and stops probing each target as soon as it receives a definitive answer.

The probes sent by default (assuming appropriate privileges) are ICMP Echo Request (a.k.a. "ping"), TCP SYN to port 443, TCP ACK to port 80, and ICMP Timestamp Request. You can choose to use different probes by using the -P host discovery options.

If you don't want to perform a whole port scan, but only need the host discovery component, use the -sn option to turn off scanning. You can also use the -n option to avoid doing a reverse-DNS lookup on any targets that are found up.

bonsaiviking
  • 11,316
  • 1
  • 27
  • 50
  • I don't believe this is the case. I ran with discovery options and I can see in debug traffic that although nmap has connected, it will continue through your entire port list even with the options you have mentioned above. – Erkin Djindjiev Oct 27 '20 at 18:44
  • @ErkinDjindjiev It may send all the probes in parallel, or it may send more probes later if it has not processed all responses yet. But it will not wait for those later probes to complete once it has processed one valid response. – bonsaiviking Oct 27 '20 at 21:03
  • I tested this running Host Discovery on all ports with the -PS flag and watched it connect to ports I knew were open, and then it continued running until it had completed for all ports within my -PS range. – Erkin Djindjiev Oct 28 '20 at 18:20
  • @ErkinDjindjiev Sorry to hear it's not working as expected. You can file a complete bug report here and we will look into it: https://github.com/nmap/nmap/issues/new?template=nmap_bug.md – bonsaiviking Oct 28 '20 at 21:16