Issue with nmap flag input

projectdiscovery / naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

https://projectdiscovery.io

MIT License

4.7k stars 548 forks source link

Issue with nmap flag input #400

Closed ehsandeep closed 1 year ago

ehsandeep commented 2 years ago

Naabu version:

master,dev

Current Behavior:

nmap binary being accepted in the input.

Example:

echo hackerone.com | naabu -p 80 -nmap-cli "nmap -sV" -silent

Expected Behavior:

nmap cmd should be accepted as input and substitute to nmap

Example:

echo hackerone.com | naabu -p 80 -nmap-cli "-sV" -silent

Mzack9999 commented 2 years ago

@ehsandeep I think initially this was the idea. Still, later, it was opted to accept generic commands (nmap can be located anywhere or be available under aliases) and append the list of space-separated ips with -p and comma-separated ports for post-processing purposes. Do you think we should only execute the nmap binary?

Mzack9999 commented 1 year ago

^ @ehsandeep could you confirm?

ehsandeep commented 1 year ago

^ @ehsandeep could you confirm?

Yes, as part of this feature, we should keep limited to nmap binary and execute only if nmap is configured / available to the users path, otherwise we can error it out.