#6 NMapProperties.getFullyFormattedCommand() not using sudoUser and sudoUserPassword properties

[Justin Cranford]

I integrated Nmap4j into my application for nmap TCP SYN scanning. I tested on Windows and it works. When I test on Linux it fails because my application is running as non-root user.

https://nmap.org/book/man-port-scanning-techniques.html

Almost all scan types for nmap require root privileges, so nmap4j should ideally support sudo. In NMapProperties.java, I see variables sudoUser and sudoUserPassword are present. However, they are private with no way to set them.

Ideally Nmap4j() constructor is overloaded to accept optional sudo user, or optional sudo user and password. The values would be passed through to NMapProperties.java, and NMapProperties.getFullyFormattedCommand() would construct the command using sudo user, or sudo user and password, as appropriate.

For me, the password is optional. I can add an entry to /etc/sudoers for my user to be able to run the nmap command without password. However, I am sure others would appreciate the option to specify the username and password. The end goal is the same, to have Nmap4J support privilege escalation required by nmap.