Adds -z option for Ncat

[tremblerz]

No description provided.

[tremblerz]

@bonsaiviking Any better way to blacklist most of the incompatible options ?

[dmiller-nmap]

This is well on its way. A few points of feedback:

1. -z also works for SCTP and even Unix sockets, so it's not true that it "only works for TCP."
2. Traditional netcat has a workaround for UDP that involves sending a single null byte ('\0') and treating a ECONNREFUSED as the false condition and everything else as true. It's ok if you don't implement this right away, but we should open a subsequent issue documenting the deficiency.
3. We don't need another long option (--zero), just add it as a short option.
4. We should suppress the "Ncat: Connection refused" message when using -z because it's usually used with scripting and the extra output will probably be objected to by someone. Netcat does not produce any output with -z.
5. There's not a real better way to blacklist, but some of these probably don't matter. We want to blacklist ones that change the behavior, not the timing. Here's my list:
   • Any of the exec options: -c, -e, --lua-exec
   • -l, but don't explicitly check for things that only have meaning when -l is given, like -k, --chat, etc.

[dmiller-nmap]

To add a short argument, you don't need to add to the long_options array, just make sure it's included in the string argument to getopt_long (which it is below).

[tremblerz]

@bonsaiviking Thanks for review, I have pushed correction for this. I am little doubtful over the implementation of UDP scan, here are few reasons why -

1. Netcat reports all those UDP ports as open which do not reply with ECONNREFUSED. Implication - Link to paste
2. What should be the time-limit to wait for ECONNREFUSED, I am thinking to implement it by setting up the value of o.idletimeout internally.

I also think that connect_report() shouldn't be called here if o.proto==IPPROTO_UDP.

This is the LINK to capture performed for Netcat. First five frames correspond to command nc -zuv google.com 21 while next four correspond to nc -zuv google.com 80. Payload sent by them is 58(Hex) that is equivalent to "X", any particular reason for it ?

[tremblerz]

I've kept 2s as time limit here.

[dmiller-nmap]

We shouldn't hard-code this. We should be able to use either o.conntimeout or o.idletimeout instead. I lean towards conntimeout because we're waiting for a "connection" instead of a "read," though with UDP they're essentially the same thing.

[dmiller-nmap]

Why is exit code 2 for this? ncat/util.c has this comment for the die and bye functions:

/* Exit status 2 indicates a program error other than a network error. */

So I think we should try to have the exit code be 1 in this case.

[tremblerz]

I am trying but have not been able to catch the reason for getting the error code as 2. Strangely, it prints error code as 1 when tried manually like ./ncat -zv localhost 5000 then echo $?

[dmiller-nmap]

Missing die on this line.

[dmiller-nmap]

Looks great! @tremblerz commit this as soon as you fix the missing die statement on line 3149.