Flag to force disabled host discovery

[mueller]

When scanning some machines the nmap option -Pn is incorrectly disabled. This seems to be the case when pinging via ping is working but nmap does not recognize the host as up:

~ $ nmap 10.10.10.4
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-25 19:07 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds

~ $ ping 10.10.10.4
PING 10.10.10.4 (10.10.10.4) 56(84) bytes of data.
64 bytes from 10.10.10.4: icmp_seq=1 ttl=127 time=36.2 ms
64 bytes from 10.10.10.4: icmp_seq=2 ttl=127 time=35.7 ms
64 bytes from 10.10.10.4: icmp_seq=3 ttl=127 time=35.2 ms
64 bytes from 10.10.10.4: icmp_seq=4 ttl=127 time=35.2 ms

For example, this is the case for the HTB box 'Legacy' and some other old boxes.

When this happens nmapAutomator.sh will omit the -Pn flag and therefore not find any open ports:

enum $ nmapAutomator.sh -t All -H 10.10.10.4

Running all scans on 10.10.10.4

Host is likely running Windows

---------------------Starting Port Scan-----------------------

---------------------Starting Script Scan-----------------------

No ports in port scan.. Skipping!

Whereas with the -Pn flag, nmap will find open ports:

~ $ nmap 10.10.10.4 -Pn
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-25 18:55 CEST
Nmap scan report for 10.10.10.4
Host is up (0.037s latency).
Not shown: 997 filtered ports
PORT     STATE  SERVICE
139/tcp  open   netbios-ssn
445/tcp  open   microsoft-ds
3389/tcp closed ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 6.45 seconds

Is it possible to add a flag that forces the -Pn nmap option?

[21y4d]

You need to run it with sudo/as root for this flag to work