[PR #6165/bf8f2950 backport][stable-6] Adding support for -p option to specify port(s) to scan (#6207)

Adding support for `-p` option to specify port(s) to scan (#6165) * Adding support for `-p` option to specify port(s) to scan * Adding changelog fragment file * Corrected appending options * Edit to doc section * Correction in documentation type * Fixed `:` use in doc breaking yaml * Update changelogs/fragments/6165-nmap-port.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/inventory/nmap.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/inventory/nmap.py Co-authored-by: Felix Fontein <felix@fontein.de> * Adding usage example * Adding comment to example that was missed * Breaking line up, was too long for sanity test 160 char limit * Still too long since spaces are counted * Changed type to string to work for a single entry as well as comma separated values * Update changelogs/fragments/6165-nmap-port.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/inventory/nmap.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit bf8f2950b4) Co-authored-by: barloff-st <42866449+barloff-st@users.noreply.github.com>
2024-09-14 20:13:21 +02:00 · 2023-03-19 13:54:53 +01:00 · 2023-03-19 13:54:53 +01:00 · 20bd0d130c
commit 20bd0d130c
parent e5ecaffa1a
2 changed files with 21 additions and 0 deletions
--- a/changelogs/fragments/6165-nmap-port.yml
+++ b/changelogs/fragments/6165-nmap-port.yml
@ -0,0 +1,2 @@
+minor_changes:
+ - nmap inventory plugin - add new option ``port`` for port specific scan (https://github.com/ansible-collections/community.general/pull/6165).
--- a/plugins/inventory/nmap.py
+++ b/plugins/inventory/nmap.py
@ -34,6 +34,13 @@ DOCUMENTATION = '''
            description: list of addresses to exclude
            type: list
            elements: string
+        port:
+            description:
+                - Only scan specific port or port range (C(-p)).
+                - For example, you could pass C(22) for a single port, C(1-65535) for a range of ports,
+                  or C(U:53,137,T:21-25,139,8080,S:9) to check port 53 with UDP, ports 21-25 with TCP, port 9 with SCTP, and ports 137, 139, and 8080 with all.
+            type: string
+            version_added: 6.5.0
        ports:
            description: Enable/disable scanning for open ports
            type: boolean
@ -81,6 +88,14 @@ plugin: community.general.nmap
 sudo: true
 strict: false
 address: 192.168.0.0/24
+
+# an nmap scan specifying ports and classifying results to an inventory group
+plugin: community.general.nmap
+address: 192.168.0.0/24
+exclude: 192.168.0.1, web.example.com
+port: 22, 443
+groups:
+  web_servers: "ports | selectattr('port', 'equalto', '443')"
 '''

 import os
@ -171,6 +186,10 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            if self._options['sudo']:
                cmd.insert(0, 'sudo')

+            if self._options['port']:
+                cmd.append('-p')
+                cmd.append(self._options['port'])
+
            if not self._options['ports']:
                cmd.append('-sP')