Movatterモバイル変換

Any or all of the Nmap data files may be replaced with versionscustomized to the user's liking. They can only be replaced in whole—you cannot specify changes that will be merged with the originalfiles at runtime. When Nmap looks for each file, it searches by namein many directories and selects the first one found. This is theanalogous to the way your Unix shell finds programs you ask to executeby searching through the directories in yourPATHoneat a time in order. The following list gives the Nmap directorysearch order. It shows that annmap-servicesfound in the directory specified by--datadirwill beused in preference to one found in~/.nmap/because the former is searched first.

Nmap does not check for files in the current working directory(.) forthe same security reasons that. should notappear first on your shell executionPATH. On ashared system, a malicious user could place bogus data files in ashared directory such as/tmp. Those filescould be malformed, causing Nmap to complain and exit, or they couldcause Nmap to skip important ports. If Nmap tried., other users who happened to run Nmapin that shared directory would get the bogus versions. This couldalso happen by accident if you inadvertently ran Nmap in a directorythat happened to have a file namednmap-services (or one of the other ones).Users who really want Nmap to try the current directory early mayset the environment variableNMAPDIR to. at their own risk.

This list shows the many choices users have when deciding how toreplace a file with their own customized version. The option Iusually recommend is to place the customized files in a specialdirectory named appropriately for the change. For example, annmap-services stripped to contain just thehundred most common ports could be placed in~/nmap-fewports. Then specify this directorywith the--datadir option. This ensures that thecustomized files are only used intentionally. Since the Nmapoutput-to-file formats include the Nmap command-line used, you willknow which files were used when reviewing the logs later.

Another option is to simply edit the original inNMAPDATADIR. This is rarely recommended, as the edited file willlikely be overwritten the next time Nmap is upgraded. Additionally,this makes it hard to use the original files if you suspect that yourreplacements are causing a problem. This also makes it difficult tocompare your version with the original to recall what you changed.

A third option is to place the customized files in your Unix~/.nmap directory. Of course you should onlyinsert files that you have changed. The others will still beretrieved fromNMAPDATADIR as usual. This is very convenient, as Nmapwill use the customized files implicitly whenever you run it. Thatcan be a disadvantage as well. Users sometimes forget the filesexist. When they upgrade Nmap to a version with newer data files, theold copies in~/.nmap will still be used,reducing the quality of results.

Setting theNMAPDIRenvironment variable to the directory with filesis another alternative. This can be useful when testing a new versionof Nmap. Suppose you obtain Nmap version 5.21, notice the huge listof changes, and decide to test it out before replacing your currentknown-working version. You might compile it in~/src/nmap-5.21, but execute it there and Nmaptries to read the data files from/usr/local/share/nmap. Those are the oldversions, since Nmap 5.21 has not yet been installed. Simply setNMAPDIR to~/src/nmap-5.21, testto your heart's content, and then perform themakeinstall. A disadvantage to usingNMAPDIRregularly is that the directory name is not recorded in Nmap outputfiles like it is when--datadir is usedinstead.