Excluding hosts from your scans

There will be situations where host exclusion is necessary to avoid scanning certain machines. For example, you may lack the authorization, or it may be that the host has already been scanned and you want to save some time. Nmap implements an option to exclude a host or list of hosts to help you in these cases.

This recipe describes how to exclude hosts from your Nmap scans.

How to do it...

Open your terminal and type the following command:

# nmap -sV -O --exclude 192.168.1.102,192.168.1.254 192.168.1.1/24

You should see the scan results of all the available hosts in the private network 192.168.1.1-255, excluding the IPs 192.168.1.254 and 192.168.1.102, as shown in the following example:

# nmap -sV -O --exclude 192.168.1.102,192.168.1.254 192.168.1.1/24 


Nmap scan report for 192.168.1.101 
Host is up (0.019s latency). 
Not shown: 996 closed ports 
PORT     STATE    SERVICE VERSION 
21/tcp   filtered ftp 
53/tcp   filtered domain 
554/tcp  filtered rtsp 
3306/tcp filtered mysql 
MAC Address: 00:23:76:CD:C5:BE (HTC) 
Too many fingerprints match this host to give specific OS details 
Network Distance: 1 hop 

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . 
Nmap done: 254 IP addresses (1 host up) scanned in 18.19 seconds

How it works...

The arguments -sV -O --exclude 192.168.1.102,192.168.1.254 192.168.1.1/1 tell Nmap to perform a service detection scan (-sV) with an OS fingerprinting (-O) of all the 256 IPs (192.168.1.1/24) in this private network, excluding the machines with the IPs 192.168.102 and 192.168.1.254 (--exclude 192.168.1.102,192.168.1.254), respectively.

There's more...

The argument --exclude also support IP ranges, as shown in the following examples:

# nmap -sV -O --exclude 192.168.1-100 192.168.1.1/24 
# nmap -sV -O --exclude 192.168.1.1,192.168.1.10-20 192.168.1.1/24

Excluding a host list from your scans

Nmap also supports the argument --exclude-file <filename> in order to exclude the targets listed in <filename>:

# nmap -sV -O --exclude-file dontscan.txt 192.168.1.1/24

See also

  • The Hiding our traffic with additional random data recipe
  • The Forcing DNS resolution recipe
  • The Scanning IPv6 addresses recipe
  • The Gathering network information with broadcast scripts recipe
  • The Scanning using specific port ranges recipe in Chapter 1, Nmap Fundamentals
  • The Spoofing the origin IP of a port scan recipe in Chapter 3, Gathering Additional Host Information
  • The Excluding hosts from yours scans recipe
  • The Skipping tests to speed up long scans recipe in Chapter 7, Scanning Large Networks
  • The Adjusting timing parameters recipe in Chapter 7, Scanning Large Networks
  • The Selecting the correct timing template recipe in Chapter 7, Scanning Large Networks
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.21.21.47