Add the --resolve-all option

nmap · Dec 6, 2017 · f148855 · f148855
1 parent d9b66b2
commit f148855
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 11 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o Add the --resolve-all option to resolve and scan all IP addresses of a host.
+ This essentially replaces the resolveall NSE script. [Daniel Miller]
+
 o [NSE] VNC scripts now support Apple Remote Desktop authentication (auth type
  30) [Daniel Miller]
 
@@ -97,11 +100,6 @@ o [NSE] New script http-jsonp-detection Attempts to discover JSONP endpoints in
  web servers. JSONP endpoints can be used to bypass Same-origin Policy
  restrictions in web browsers. [Vinamra Bhatia]
 
-o Nmap can now resolve and scan all IP addresses of a host. Instead of using
- the resolveall NSE script, append "*all" to a target hostname:
- nmap example.com*all another.example.com*all/24
- [Daniel Miller]
-
 o [GH#957] Fix reporting of zlib and libssh2 versions in "nmap --version". We
  were always reporting the version number of the included source, even when a
  different version was linked. [Pavel Zhukov]

diff --git a/NmapOps.cc b/NmapOps.cc
@@ -364,6 +364,7 @@ void NmapOps::Initialize() {
  mass_dns = true;
  deprecated_xml_osclass = false;
  always_resolve = false;
+ resolve_all = false;
  dns_servers = NULL;
  implicitARPPing = true;
  numhosts_scanned = 0;

diff --git a/NmapOps.h b/NmapOps.h
@@ -371,6 +371,7 @@ class NmapOps {
  std::map<std::string, std::string> loaded_data_files;
  bool mass_dns;
  bool always_resolve;
+ bool resolve_all;
  char *dns_servers;
 
  /* Do IPv4 ARP or IPv6 ND scan of directly connected Ethernet hosts, even if

diff --git a/TargetGroup.cc b/TargetGroup.cc
@@ -381,7 +381,7 @@ static NetBlock *parse_expr_without_netmask(const char *hostexp, int af) {
  return NULL;
  }
 
- NetBlockHostname *netblock_hostname = new NetBlockHostname(hostn, af, resolveall);
+ NetBlockHostname *netblock_hostname = new NetBlockHostname(hostn, af, resolveall || o.resolve_all);
  free(hostn);
  return netblock_hostname;
 }

diff --git a/docs/refguide.xml b/docs/refguide.xml
@@ -169,9 +169,7 @@ simplest case is to specify a target IP address or hostname for scanning.</para>
  via the Domain Name System (DNS) to determine the IP address to scan. If the
  name resolves to more than one IP address, only the first one will be
  scanned. To make Nmap scan all the resolved addresses instead of only the
- first one, append <literal>*all</literal>
- <indexterm><primary>*all</primary></indexterm> to the hostname like so:
- <literal>example.com*all</literal>
+ first one, use the <option>--resolve-all</option> option.
 </para>
 
 <para>Sometimes you wish to scan a whole network of adjacent hosts. For
@@ -961,6 +959,21 @@ Traceroute works by sending packets with a low TTL (time-to-live) in an attempt
  </listitem>
  </varlistentry>
 
+ <varlistentry>
+ <term>
+ <option>--resolve-all</option> (Scan each resolved address)
+ <indexterm><primary><option>--resolve-all</option></primary></indexterm>
+ </term>
+ <listitem>
+ <para>If a hostname target resolves to more than one address, scan
+ all of them. The default behavior is to only scan the first
+ resolved address. Regardless, only addresses in the appropriate
+ address family will be scanned: IPv4 by default, IPv6 with
+ <option>-6</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+
  <varlistentry>
  <term>
  <option>--system-dns</option> (Use system DNS resolver)

diff --git a/nmap.cc b/nmap.cc
@@ -683,6 +683,7 @@ void parse_options(int argc, char **argv) {
  {"version-all", no_argument, 0, 0},
  {"system_dns", no_argument, 0, 0},
  {"system-dns", no_argument, 0, 0},
+ {"resolve-all", no_argument, 0, 0},
  {"log_errors", no_argument, 0, 0},
  {"log-errors", no_argument, 0, 0},
  {"deprecated_xml_osclass", no_argument, 0, 0},
@@ -941,6 +942,8 @@ void parse_options(int argc, char **argv) {
  o.mass_dns = false;
  } else if (optcmp(long_options[option_index].name, "dns-servers") == 0) {
  o.dns_servers = strdup(optarg);
+ } else if (optcmp(long_options[option_index].name, "resolve-all") == 0) {
+ o.resolve_all = true;
  } else if (optcmp(long_options[option_index].name, "log-errors") == 0) {
  /*Nmap Log errors is deprecated and is now always enabled by default.
  This option is left in so as to not break anybody's scanning scripts.

diff --git a/scripts/resolveall.nse b/scripts/resolveall.nse
@@ -120,7 +120,7 @@ preaction = function()
  else
  table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
  end
- table.insert(output, "Scanning 'hostname*all' will scan all resolved addresses for 'hostname' without using this script.")
+ table.insert(output, "Use the --resolve-all option to scan all resolved addresses without using this script.")
  return xmloutput, stdnse.format_output(true, output)
 end
 
@@ -152,7 +152,7 @@ hostaction = function(host)
  else
  table.insert(output, "Use the 'newtargets' script-arg to add the results as targets")
  end
- table.insert(output, ("Scanning '%s*all' will scan all resolved addresses without using this script."):format(host.targetname))
+ table.insert(output, ("Use the --resolve-all option to scan all resolved addresses without using this script."):format(host.targetname))
  return xmloutput, stdnse.format_output(true, output)
 end