File: scanpbnj-man.html

package info (click to toggle)
pbnj 2.04-2
links: PTS
area: main
in suites: etch, etch-m68k
size: 640 kB
ctags: 309
sloc: perl: 4,838; xml: 748; sh: 109; makefile: 37
file content (1255 lines) | stat: -rwxr-xr-x 22,161 bytes
parent folder | download | duplicates (2)
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of SCANPBNJ.MAN.1</TITLE>
</HEAD><BODY>
<H1>SCANPBNJ.MAN.1</H1>
Section: User Contributed Perl Documentation (1)<BR>Updated: 2006-11-14<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>

<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>



<PRE>
 ScanPBNJ - a program for running Nmap scans and storing the results in 
 a PBNJ 2.0 database.

</PRE>


<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<A NAME="ixAAC"></A>


<PRE>
 scanpbnj [Options] {target specification}

</PRE>


<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<A NAME="ixAAD"></A>


<PRE>
 ScanPBNJ performs an Nmap scan and then stores the results in
 a database. The ScanPBNJ stores information about the machine that has
 been scanned. ScanPBNJ stores the IP Address, Operating System,
 Hostname and a localhost bit. The localhost bit, is simply a single
 bit which is 1 when the target machine is localhost, otherwise it is
 0. It also stores two timestamps for the machine table. The first is
 a human readable version and the second is the unix time. Both of
 these timestamp correspond to the first time that the machine was
 scanned.

</PRE>


<P>



<PRE>
 ScanPBNJ stores information about the services that are found to be
 running on the target machine. ScanPBNJ stores typical information
 about the service, by storing the port and protocol. Also, ScanPBNJ
 stores version, product and service state information about each
 service. The service state can either be up or down. Two timestamps 
 are also inserted for each instance of every service. The first is a 
 human readable version and the second is the unix time. Both of 
 these timestamp correspond to the time that the service was scanned.

</PRE>


<P>



<PRE>
 This tool can give an admin a clear network layout with of
 all the machines with all the services they are running.

</PRE>


<P>



<PRE>
 Apart of PBNJ 2.0 suite of tools to monitor changes on a network.

</PRE>


<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>

<A NAME="ixAAE"></A>


<PRE>
 Usage: scanpbnj [Options] {target specification}

</PRE>


<P>



<PRE>
 Target Specification:
   Can be a IP Address, hostname, network etc.
   Ex: microsoft.com, 10.0.0.0/24, 192.168.1.1, 10.0.0.0-100
   -i  --iplist &lt;iplist&gt;    Scan using a list of IPs from a file
   -x  --xml &lt;xml-file&gt;     Parse scan/info from Nmap XML file

</PRE>


<P>



<PRE>
 Scan Options:
   -a  --args &lt;args&gt;        Execute Nmap with args (needs quotes)
   -e  --extraargs &lt;args&gt;   Add args to the default args (needs quotes)
       --inter &lt;interface&gt;  Perform scan with non default interface
   -m  --moreports &lt;ports&gt;  Add ports to scan ex: 8080 or 3306,5900-5910
   -n  --nmap &lt;path&gt;        Path to Nmap executable 
   -p  --pingscan           Ping Target then scan the alive host(s)
       --udp                Add UDP to the scan arguments
       --rpc                Add RPC to the scan arguments
   -r  --range &lt;range&gt;      Ports for scan [def 1-1025]

</PRE>


<P>



<PRE>
        --diffbanner        Parse changes of the banner

</PRE>


<P>



<PRE>
 Config Options:
  -d    --dbconfig &lt;config&gt; Config for results database [def config.yaml]
        --configdir &lt;dir&gt;   Directory for the database config file

</PRE>


<P>



<PRE>
        --data &lt;file&gt;       SQLite Database override [def data.dbl]
        --dir &lt;dir&gt;         Directory for SQLite or CSV files [def .]

</PRE>


<P>



<PRE>
 General Options:
       --nocolors           Don't Print Colors
       --test &lt;level&gt;       Testing information
       --debug &lt;level&gt;      Debug information 
   -v  --version            Display version
   -h  --help               Display this information

</PRE>


<P>



<PRE>
 Send Comments to Joshua D. Abraham ( <A HREF="mailto:jabra@ccs.neu.edu">jabra@ccs.neu.edu</A> )

</PRE>


<A NAME="lbAF">&nbsp;</A>
<H2>THINGS TO NOTE</H2>

<A NAME="ixAAF"></A>


<PRE>
 * ScanPBNJ requires root privileges to perform a scan.

</PRE>


<P>



<PRE>
 * If you do not pass a specific ports range, 1-1025 is used.

</PRE>


<P>



<PRE>
 * If there are configs in the current directory, they are used 
 instead of those in the user's config directory.

</PRE>


<P>



<PRE>
 * ScanPBNJ does not modify previous database entries. It simply
 inserts new information when a change is found.

</PRE>


<P>



<PRE>
 * One thing that should be done when performing scans is to make
 sure to use the same ports or you will get false positives.

</PRE>


<A NAME="lbAG">&nbsp;</A>
<H2>EXAMPLE SINGLE SCAN</H2>

<A NAME="ixAAG"></A>


<PRE>
 1) Scan a class B network on ports 1-9000

</PRE>


<P>



<PRE>
     sudo ./scanpbnj -r 1-9000 10.0.0.0/16

</PRE>


<P>



<PRE>
 2) Scan an IP Address on ports 1-9000

</PRE>


<P>



<PRE>
     sudo ./scanpbnj -r 1-9000 10.0.0.100

</PRE>


<A NAME="lbAH">&nbsp;</A>
<H2>EXAMPLE AUTOMATED SCANS</H2>

<A NAME="ixAAH"></A>


<PRE>
 The following examples can be added to /etc/crontab

</PRE>


<P>



<PRE>
 1) Scan a Class C network every 2 hours

</PRE>


<P>



<PRE>
 30 */2 * * *   root scanpbnj 10.0.0.\*

</PRE>


<P>



<PRE>
 2) Scan a Class C network everyday at 2:30

</PRE>


<P>



<PRE>
 30 2 * * *     root scanpbnj 10.0.0.\*

</PRE>


<A NAME="lbAI">&nbsp;</A>
<H2>TARGET SPECIFICATION</H2>

<A NAME="ixAAI"></A>


<PRE>
 The target specified is a typical method of probing the network. 
 Therefore, any of the following can be used:
 (e.g. 10.0.0.1, 10.0.0.1-254, 10.0.0.0/24 or 10.0.0.\* ). 
 The first example is simply an IP address. The second example is 
 the scanning of a range. The third is a range in CIDR notation. 
 The fourth example is the IP with the star which specifies to scan 
 255 hosts. This is the same format that Nmap uses with the only 
 exception being the \* on the last octet. This is needed because it 
 needs to not interpret the star when it is being executed.

</PRE>


<P>



<PRE>
 Another option, is to use a hostname or domain name. ScanPBNJ will 
 then resolve the name to the correct IP address. If you pass a 
 debug flag with level 1 or greater, ScanPBNJ will display what IP 
 address, the hostname resolved too.

</PRE>


<A NAME="lbAJ">&nbsp;</A>
<H2>-i &lt;iplist&gt;  Scan using a list of IPs from a file

</H2>

<A NAME="ixAAJ"></A>


<PRE>
 The iplist option is useful when you have a specific list of IPs to
 scan. This will perform a full scan of the IPs that are specified. 
 This option is similar to using -sL with Nmap. The results of
 the scan are inserted into the database.

</PRE>


<A NAME="lbAK">&nbsp;</A>
<H2>-x &lt;xml-file&gt;  Parse scan/info from Nmap <FONT SIZE="-1">XML</FONT> file</H2>

<A NAME="ixAAK"></A>


<PRE>
 This option is useful when you can't perform the scan yourself or 
 you don't want ScanPBNJ to perform the scan. Another situation where 
 this is useful, is if you have an XML file that was done in the past 
 and you want to extract information from it, possibly to compare 
 with what is currently being run on the target. ScanPBNJ parses the 
 Nmap XML file and extracts the information about the host(s) and 
 service(s) then inserts the results into the database.

</PRE>


<A NAME="lbAL">&nbsp;</A>
<H2>SCAN OPTIONS</H2>

<A NAME="ixAAL"></A>
<A NAME="lbAM">&nbsp;</A>
<H2>-a --args &lt;args&gt;</H2>

<A NAME="ixAAM"></A>


<PRE>
 ** NOTE ** This option needs quotes around the passed arguments

</PRE>


<P>



<PRE>
 This option will bypass the default arguments that are used in
 scanning with Nmap. This can be used to do a particular type of scan
 that is not possible by simply adding extra arguments. For example,
 if you want to only scan UDP ports and still do version
 identification and OS detection, you would do so using the following
 notation:

</PRE>


<P>



<PRE>
  sudo scapbnj -a &quot;-A -O -sU&quot;  localhost

</PRE>


<A NAME="lbAN">&nbsp;</A>
<H2>-e --extraargs &lt;args&gt;</H2>

<A NAME="ixAAN"></A>


<PRE>
 ** NOTE ** This option needs quotes around the passed arguments

</PRE>


<P>



<PRE>
 This option will add additional arguments onto the default scan 
 arguments. This is most useful in doing scans where time optimization 
 is needed. Therefore, these arguments will be added and then used in 
 the scan.

</PRE>


<A NAME="lbAO">&nbsp;</A>
<H2>--inter &lt;intface&gt;</H2>

<A NAME="ixAAO"></A>


<PRE>
 This option sets an alternative interface for performing the scan. 
 This is useful when you have multiple interfaces on a machine 
 with restrictions on which devices can access certain IP or IP ranges.

</PRE>


<A NAME="lbAP">&nbsp;</A>
<H2>-m --moreports &lt;ports&gt;</H2>

<A NAME="ixAAP"></A>


<PRE>
 This options adds additional ports to the range of ports to scan.
 Individual port numbers are OK, as are ranges separated by a
 hyphen (e.g. 1-1023,5800,5900,8080).

</PRE>


<P>



<PRE>
 For example:

</PRE>


<P>



<PRE>
  sudo scanpbnj -m 7000-7500,8080  localhost

</PRE>


<P>



<PRE>
 This scan would scan the default range as well 7000-7500 and 8080.

</PRE>


<A NAME="lbAQ">&nbsp;</A>
<H2>-n --nmap &lt;alternative-nmap-path&gt;</H2>

<A NAME="ixAAQ"></A>


<PRE>
 Use an alternative Nmap rather than Nmap located in the your path.  
 This is useful if you have multiple version of Nmap installed on
 a system or if you are testing a new version of Nmap. Remember that if
 you are using a newly compiled version of Nmap that you need to 
 export NMAPDIR to the location that Nmap was compiled in. Thus, if
 you have compiled Nmap in your homedir, use the following notation:

</PRE>


<P>



<PRE>
  export NMAPDIR=$HOME/nmap-VERSION/

</PRE>


<P>



<PRE>
  sudo scanpbnj -n $HOME/nmap-VERISON/ localhost

</PRE>


<A NAME="lbAR">&nbsp;</A>
<H2>-p   Ping Target then scan the host(s) that are alive</H2>

<A NAME="ixAAR"></A>


<PRE>
 The ping scan is a useful method of only scanning the host that are
 responding to ICMP echo requests. This scan basically takes the host
 that respond to ICMP echo requests and then performs a scan only on
 those hosts. Therefore, no time is wasted in scanning hosts that do
 not respond. The results of the scan are then inserted into the 
 database.

</PRE>


<A NAME="lbAS">&nbsp;</A>
<H2>--udp  Add <FONT SIZE="-1">UDP</FONT> to the scan arguments</H2>

<A NAME="ixAAS"></A>


<PRE>
 Perform a UDP scan, in addition to the default scan.

</PRE>


<P>



<PRE>
  sudo scanpbnj --udp localhost

</PRE>


<P>



<PRE>
 If you want to only perform a UDP scan you need to set the specific
 arguments for the scan.

</PRE>


<P>



<PRE>
  sudo scanpbnj -a &quot;-vv -O -P0 1-1025 -sVU&quot; localhost

</PRE>


<A NAME="lbAT">&nbsp;</A>
<H2>--rpc  Add <FONT SIZE="-1">RPC</FONT> to the scan arguments</H2>

<A NAME="ixAAT"></A>


<PRE>
 Perform a RPC scan in addition to the default scan.

</PRE>


<P>



<PRE>
  sudo scanpbnj --udp localhost

</PRE>


<P>



<PRE>
 If you want to only perform a RPC scan you need to set the specific
 arguments for the scan.

</PRE>


<P>



<PRE>
  sudo scanpbnj -a &quot;-vv -O -P0 1-1025 -sVR&quot; localhost

</PRE>


<A NAME="lbAU">&nbsp;</A>
<H2>-r --range &lt;ports&gt;</H2>

<A NAME="ixAAU"></A>


<PRE>
 Ports for scan [default 1-1025]

</PRE>


<P>



<PRE>
 This option specifies which ports you want to scan and overrides the
 default. Individual port numbers are OK, as are ranges separated by a
 hyphen (e.g. 1-1023,5800,5900,8080 ).

</PRE>


<P>



<PRE>
 Thus, a scan like this is ok.

</PRE>


<P>



<PRE>
  sudo scanpbnj -r 22,25,80,100-200  localhost

</PRE>


<P>



<PRE>
 Also, if you have leave off the number after the hyphen it will scan
 all from the start port to 65535.

</PRE>


<P>



<PRE>
 For example:

</PRE>


<P>



<PRE>
  sudo scanpbnj -r 22,25- localhost

</PRE>


<A NAME="lbAV">&nbsp;</A>
<H2>--diffbanner</H2>

<A NAME="ixAAV"></A>


<PRE>
 Parse changes of the banner

</PRE>


<P>



<PRE>
 This options enables ScanPBNJ to do comparisons on the banner. The
 reason this is not on by default is that it could show changes in
 services that are not are important to the user. However, this option
 is useful to a security professional who is looking for any changes
 that occur so that they can be verified.

</PRE>


<A NAME="lbAW">&nbsp;</A>
<H2>DATABASE OPTIONS</H2>

<A NAME="ixAAW"></A>
<A NAME="lbAX">&nbsp;</A>
<H2>-d --dbconfig &lt;file&gt;</H2>

<A NAME="ixAAX"></A>


<PRE>
 Config for results database [default config.yaml]

</PRE>


<P>



<PRE>
 This option is used to specify an alternative config.yaml file.

</PRE>


<A NAME="lbAY">&nbsp;</A>
<H2>--configdir &lt;dir&gt;</H2>

<A NAME="ixAAY"></A>


<PRE>
 Directory for Config file [default . ]

</PRE>


<P>



<PRE>
 This option is used to specify an alternative directory for the 
 config.yaml file.

</PRE>


<A NAME="lbAZ">&nbsp;</A>
<H2>--data &lt;file&gt;</H2>

<A NAME="ixAAZ"></A>


<PRE>
 SQLite Database override [default data.dbl ]

</PRE>


<P>



<PRE>
 This option is used when you want to change the name of the SQLite
 database file that is generated.

</PRE>


<A NAME="lbBA">&nbsp;</A>
<H2>--dir &lt;dir&gt;</H2>

<A NAME="ixABA"></A>


<PRE>
 Directory for SQLite or CSV files [default . ]

</PRE>


<P>



<PRE>
 This option is used when you want the database to be generated in a
 different directory.

</PRE>


<A NAME="lbBB">&nbsp;</A>
<H2>GENERAL OPTIONS</H2>

<A NAME="ixABB"></A>
<A NAME="lbBC">&nbsp;</A>
<H2>--nocolors</H2>

<A NAME="ixABC"></A>


<PRE>
 The default results from ScanPBNJ print the useful changes with colors 
 This options will simply not print the colors.

</PRE>


<A NAME="lbBD">&nbsp;</A>
<H2>--test &lt;level&gt;</H2>

<A NAME="ixABD"></A>


<PRE>
 Increases the Test level, causing ScanPBNJ to print testing information 
 about the scan in progress. Using the Test level is mostly only using 
 for testing. This will also print the debugging information so it can 
 get rather lengthy. The greater the Test level the more output will be 
 given.

</PRE>


<P>



<PRE>
 This option is also used for reporting bugs. All bug reports should
 be submitted using --test 1 and an additional report may be needed 
 depending on the issue.

</PRE>


<A NAME="lbBE">&nbsp;</A>
<H2>--debug &lt;level&gt;</H2>

<A NAME="ixABE"></A>


<PRE>
 Increases the Debug level, causing ScanPBNJ to print more information 
 about the scan in progress. Nmap scanning arguments are shown as well 
 as the ip address if you are scanning a domain name. This option is 
 used to give the user more information about what the scanner is doing. 
 The higher the debug level the more output the user will receive.

</PRE>


<A NAME="lbBF">&nbsp;</A>
<H2>-v --version</H2>

<A NAME="ixABF"></A>


<PRE>
 Prints the ScanPBNJ version number and exits.

</PRE>


<A NAME="lbBG">&nbsp;</A>
<H2>-h --help</H2>

<A NAME="ixABG"></A>


<PRE>
 Prints a short help screen with the command flags.  Running ScanPBNJ
 without any arguments does the same thing.

</PRE>


<A NAME="lbBH">&nbsp;</A>
<H2>DEFAULT SCAN</H2>

<A NAME="ixABH"></A>


<PRE>
 Here are the default arguments that are used during a default scan:

</PRE>


<P>



<PRE>
 -vv -O -P0 -sSV -p 1-1025

</PRE>


<A NAME="lbBI">&nbsp;</A>
<H2>FILES</H2>

<A NAME="ixABI"></A>


<PRE>
 PBNJ's data files are stored in ScanPBNJ and OutputPBNJ. When either
 of these programs is run the configuration files will be generated
 for the user if they don't already exists and placed in the
 $HOME/.pbnj-2.0 directory. Again, if there is a configuration file 
 in the current directory it is used instead of the version in the
 configuration directory.

</PRE>


<P>



<PRE>
 $HOME/.pbnj-2.0/config.yaml - holds settings for connecting to
 the database which store the information from PBNJ scans.

</PRE>


<P>



<PRE>
 $HOME/.pbnj-2.0/query.yaml - lists all queries that can be used to
 retrieve information from the database. Also, includes the name and
 description for each query. This is only generated when you executed
 OutputPBNJ.

</PRE>


<P>



<PRE>
 For Windows, the pbnj-2.0 config directory is in the APPDATA
 directory, which contains both config.yaml and query.yaml. Depending
 on your environment, the APPDATA directory may be a different location
 from other environments. Therefore, when the configs are executed for
 the first time they will display the path where the configs were 
 generated.

</PRE>


<A NAME="lbBJ">&nbsp;</A>
<H2>FEATURE REQUESTS</H2>

<A NAME="ixABJ"></A>


<PRE>
 Any feature requests should be reported to the online 
 feature-request-tracking system available on the web at :  
 <A HREF="http://sourceforge.net/tracker/?func=add">http://sourceforge.net/tracker/?func=add</A>&amp;group_id=149390&amp;atid=774489
 Before requesting a feature, please check to see if the features has 
 already been requested.

</PRE>


<A NAME="lbBK">&nbsp;</A>
<H2>BUG REPORTS</H2>

<A NAME="ixABK"></A>


<PRE>
 Any bugs found should be reported to the online bug-tracking system
 available on the web at : 
 <A HREF="http://sourceforge.net/tracker/?func=add">http://sourceforge.net/tracker/?func=add</A>&amp;group_id=149390&amp;atid=774488.  
 Before reporting a bug, please check to see if the bug has already been
 reported.

</PRE>


<P>



<PRE>
 When reporting PBNJ bugs, it is important to include a reliable way to
 reproduce the bug, version number of PBNJ and Nmap, OS  
 name and version, and any relevant hardware specs. And of course, 
 patches to rectify the bug are even better.

</PRE>


<A NAME="lbBL">&nbsp;</A>
<H2>SUPPORTED DATABASES</H2>

<A NAME="ixABL"></A>


<PRE>
 The following databases are supported:

</PRE>


<P>



<PRE>
 * SQLite [default]
 * MySQL 
 * Postgres
 * CSV

</PRE>


<A NAME="lbBM">&nbsp;</A>
<H2>DATABASE SCHEMA</H2>

<A NAME="ixABM"></A>


<PRE>
 The following is the SQLite version of the database schema:

</PRE>


<P>



<PRE>
 CREATE TABLE machines (
            mid INTEGER PRIMARY KEY AUTOINCREMENT,
            ip TEXT,
            host TEXT,
            localh INTEGER,
            os TEXT,
            machine_created TEXT,
            created_on TEXT);
 CREATE TABLE services (
            mid INTEGER,
            service TEXT,
            state TEXT,
            port INTEGER,
            protocol TEXT,
            version TEXT,
            banner TEXT,
            machine_updated TEXT,
            updated_on TEXT);

</PRE>


<A NAME="lbBN">&nbsp;</A>
<H2>SEE ALSO</H2>

<A NAME="ixABN"></A>


<PRE>
 <A HREF="/cgi-bin/man/man2html?1+outputpbnj">outputpbnj</A>(1), <A HREF="/cgi-bin/man/man2html?1+genlist">genlist</A>(1), <A HREF="/cgi-bin/man/man2html?1+nmap">nmap</A>(1)

</PRE>


<A NAME="lbBO">&nbsp;</A>
<H2>AUTHORS</H2>

<A NAME="ixABO"></A>


<PRE>
 Joshua D. Abraham ( <A HREF="mailto:jabra@ccs.neu.edu">jabra@ccs.neu.edu</A> )

</PRE>


<A NAME="lbBP">&nbsp;</A>
<H2>LEGAL NOTICES</H2>

<A NAME="ixABP"></A>


<PRE>
 This program is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 General Public License for more details at
 <A HREF="http://www.gnu.org/copyleft/gpl.html,">http://www.gnu.org/copyleft/gpl.html,</A> or in the COPYING file included
 with PBNJ.

</PRE>


<P>



<PRE>
 It should also be noted that PBNJ has occasionally been known to
 crash poorly written applications, TCP/IP stacks, and even operating
 systems.  While this is extremely rare, it is important to keep in
 mind.  PBNJ should never be run against mission critical systems
 unless you are prepared to suffer downtime. We acknowledge here that
 PBNJ may crash your systems or networks and we disclaim all liability
 for any damage or problems PBNJ could cause.

</PRE>


<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">THINGS TO NOTE</A><DD>
<DT><A HREF="#lbAG">EXAMPLE SINGLE SCAN</A><DD>
<DT><A HREF="#lbAH">EXAMPLE AUTOMATED SCANS</A><DD>
<DT><A HREF="#lbAI">TARGET SPECIFICATION</A><DD>
<DT><A HREF="#lbAJ">-i &lt;iplist&gt;  Scan using a list of IPs from a file</A><DD>
<DT><A HREF="#lbAK">-x &lt;xml-file&gt;  Parse scan/info from Nmap <FONT SIZE="-1">XML</FONT> file</A><DD>
<DT><A HREF="#lbAL">SCAN OPTIONS</A><DD>
<DT><A HREF="#lbAM">-a --args &lt;args&gt;</A><DD>
<DT><A HREF="#lbAN">-e --extraargs &lt;args&gt;</A><DD>
<DT><A HREF="#lbAO">--inter &lt;intface&gt;</A><DD>
<DT><A HREF="#lbAP">-m --moreports &lt;ports&gt;</A><DD>
<DT><A HREF="#lbAQ">-n --nmap &lt;alternative-nmap-path&gt;</A><DD>
<DT><A HREF="#lbAR">-p   Ping Target then scan the host(s) that are alive</A><DD>
<DT><A HREF="#lbAS">--udp  Add <FONT SIZE="-1">UDP</FONT> to the scan arguments</A><DD>
<DT><A HREF="#lbAT">--rpc  Add <FONT SIZE="-1">RPC</FONT> to the scan arguments</A><DD>
<DT><A HREF="#lbAU">-r --range &lt;ports&gt;</A><DD>
<DT><A HREF="#lbAV">--diffbanner</A><DD>
<DT><A HREF="#lbAW">DATABASE OPTIONS</A><DD>
<DT><A HREF="#lbAX">-d --dbconfig &lt;file&gt;</A><DD>
<DT><A HREF="#lbAY">--configdir &lt;dir&gt;</A><DD>
<DT><A HREF="#lbAZ">--data &lt;file&gt;</A><DD>
<DT><A HREF="#lbBA">--dir &lt;dir&gt;</A><DD>
<DT><A HREF="#lbBB">GENERAL OPTIONS</A><DD>
<DT><A HREF="#lbBC">--nocolors</A><DD>
<DT><A HREF="#lbBD">--test &lt;level&gt;</A><DD>
<DT><A HREF="#lbBE">--debug &lt;level&gt;</A><DD>
<DT><A HREF="#lbBF">-v --version</A><DD>
<DT><A HREF="#lbBG">-h --help</A><DD>
<DT><A HREF="#lbBH">DEFAULT SCAN</A><DD>
<DT><A HREF="#lbBI">FILES</A><DD>
<DT><A HREF="#lbBJ">FEATURE REQUESTS</A><DD>
<DT><A HREF="#lbBK">BUG REPORTS</A><DD>
<DT><A HREF="#lbBL">SUPPORTED DATABASES</A><DD>
<DT><A HREF="#lbBM">DATABASE SCHEMA</A><DD>
<DT><A HREF="#lbBN">SEE ALSO</A><DD>
<DT><A HREF="#lbBO">AUTHORS</A><DD>
<DT><A HREF="#lbBP">LEGAL NOTICES</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 04:31:10 GMT, November 15, 2006
</BODY>
</HTML>