Can you reset NMAP privs?

Question

I am building a web app that uses some nmap flags, such as -O, which require a root user to run. Since I'm running this through a Java application, I don't want to run everything as root to accomplish this. Is it possible to change the nmap privs to all be non-root? Alternatively, what other options are there?

Answer 1

Nmap requires root privileges for some operations because the underlying OS requires them for the kinds of behavior Nmap uses: raw sockets and network sniffing, primarily. It's not something you can just change.

One option would be to only use the features of Nmap that do not require root. These features include:

• Reverse name resolution
• TCP host discovery (e.g. not ICMP ping or ARP)
• TCP Connect scan (-sT)
• Service version scan (-sV)
• Most NSE scripts (e.g. not the broadcast or sniffer scripts)

The features that require root are:

• ICMP and UDP host discovery
• TCP SYN, FIN, NULL, XMAS, and other scan modes
• UDP scan
• OS fingerprinting
• Traceroute
• A few NSE scripts

It's important to note that Nmap doesn't have protections to prevent a root user from executing arbitrary code. This means that it is very unsafe to use it as a setuid program or to allow a non-admin user to run it with sudo.

A little research has been done into running Nmap with Linux file capabilities. You can see how to do this on the Running nmap as an unprivileged user page on SecWiki.org.