Versions Compared

Old Version 13

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version Current

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

AttributeDescription
ping

Must Respond To Ping. If set, Nmap will fist attempt to send and listen for an ICMP response. If the device does not respond, no further scanning will occur.

Previously a device did not have to respond to a ping for Open-AudIT to continue scanning.

service_version

Use Service Version Detection. When a detected port is detected as open, if set to 'y', Nmap will query the target device in an attempt to determine the version of the service running on this port.

This can be useful when identifying unclassified devices. This was not previously used.

open|filteredAn open|filtered port is considered closed (and will not trigger device detection) using the default UltraFast options.

Previously, Open-AudIT considered an Nmap response of "open|filtered" as a device responding on this port.

This has caused some customers issues where firewalls respond on behalf of a non-existing device, and hence cause false positive device detection. We now have this attribute available to set per scan.

filtered

A filtered port is considered open closed (and will not trigger device detection) using the default UltraFast options.

timingThe standard Nmap timing options. Previously set at T4 (aggressive).
nmap_tcp_portsTop Nmap TCP Ports. The top 10, 100, 1000 ports to scan as per Nmaps "top ports" options. Previously we scanned the Top 1000 ports (the Nmap standard).
nmap_udp_portsTop Nmap UDP Ports. The top 10, 100, 1000 ports to scan as per Nmaps "top ports" options. Previously we scanned UDP 161 (snmp) only.
tcp_portsCustom TCP Ports. Any specific ports we would liuke scanned in addition to the Top TCP Ports. Comma seperated, no spaces.
udp_portsCustom UDP Ports. Any specific ports we would liuke scanned in addition to the Top UDP Ports. Comma seperated, no spaces.

The below fields can be overwritten by an individual discovery, while still "using" a discovery_scan_options item for these if they're not set in the discovery (changed as at 4.0.3, see above).
timeoutTimeout per Target. Wait for X seconds for a target response.
exclude_tcpExclude any ports listed from being scanned. Comma seperated, no spaces.
exclude_udpExclude any ports listed from being scanned. Comma seperated, no spaces.
exclude_ipExclude IP Addresses (individual IP - 192.168.1.20, ranges - 192.168.1.30-40 or subnets - 192.168.1.100/30) listed from being scanned. Comma seperated, no spaces.
ssh_portsScan for this port(s) and if detected open, use this port for SSH communication. This is added to the list of Custom TCP POrts above, so there is no need to include it in that listr as well. Comma seperated, no spaces.

...