Flag to force disabled host discovery
mueller opened this issue · 1 comments
mueller commented
When scanning some machines the nmap option -Pn
is incorrectly disabled. This seems to be the case when pinging via ping
is working but nmap
does not recognize the host as up:
~ $ nmap 10.10.10.4
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-25 19:07 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
~ $ ping 10.10.10.4
PING 10.10.10.4 (10.10.10.4) 56(84) bytes of data.
64 bytes from 10.10.10.4: icmp_seq=1 ttl=127 time=36.2 ms
64 bytes from 10.10.10.4: icmp_seq=2 ttl=127 time=35.7 ms
64 bytes from 10.10.10.4: icmp_seq=3 ttl=127 time=35.2 ms
64 bytes from 10.10.10.4: icmp_seq=4 ttl=127 time=35.2 ms
For example, this is the case for the HTB box 'Legacy' and some other old boxes.
When this happens nmapAutomator.sh
will omit the -Pn
flag and therefore not find any open ports:
enum $ nmapAutomator.sh -t All -H 10.10.10.4
Running all scans on 10.10.10.4
Host is likely running Windows
---------------------Starting Port Scan-----------------------
---------------------Starting Script Scan-----------------------
No ports in port scan.. Skipping!
Whereas with the -Pn
flag, nmap
will find open ports:
~ $ nmap 10.10.10.4 -Pn
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-25 18:55 CEST
Nmap scan report for 10.10.10.4
Host is up (0.037s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 6.45 seconds
Is it possible to add a flag that forces the -Pn
nmap
option?
21y4d commented
You need to run it with sudo/as root for this flag to work