3

I am running a python script that executes nmap on a given set of parameters. The point is to automate this so i do not have to interact with the cli at all. Every time I run my script, I am prompted with the error message:

 'You requested a scan type which requires root priveleges.\nQUITTING!\n'

I understand that I can put "sudo" in front of my command, but the goal of my script is to not interact with the cli at all. I gave ownership of the script to my user, but still have the same error. Is there a way in which i can run nmap as a super user everytime without having to give the sudo command? All help appreciated!

John Wick
  • 131

2 Answers2

3

Nmap requires root permissions for many things (see below). Because of this, it is tempting to use various schemes (sudo NOPASSWD, setuid, etc.) to allow users to run it without providing a root password. But this is extremely dangerous, since it is trivial to use Nmap to launch any other command or shell. For example: nmap --script <(echo 'os.execute("/bin/sh")')

Fortunately, Nmap has experimental support for Linux capabilities. By installing Nmap with the CAP_NET_RAW, CAP_NET_ADMIN, and CAP_NET_BIND_SERVICE capabilities, you can more safely allow unprivileged users to run it. Nmap itself cannot detect that it has these capabilities, so you must use the --privileged option to inform it to try using them regardless of UID. More discussion is available in the link above.

Nmap requires root permissions for everything except:

  • TCP Connect scan (-sT)
  • Reverse-DNS name resolution
  • Host discovery ("ping") methods except for TCP Connect (-PS)
  • Service and Application Version Detection (-sV)
  • Most Nmap Scripting Engine (NSE) scripts
bonsaiviking
  • 451
0

One solution would be to add that specific command to sudoers file, 

Cmnd_Alias    NMAP = /path/to/nmap, /path/to/script

username      ALL=(ALL:ALL) NOPASSWD: NMAP

Something along this line would allow you to script your sudo commands, but not need to type a password for that command specifically. You could choose to just do it for that script / user combo so that everything in the script is run as root, or you could do it for the nmap command specifically, and have many sudo entries in your script.

Pick your poison...

ben-Nabiy Derush
  • 746