Question
I'm trying to use system to run nmap from a ruby program. I want to escape some of the arguments to prevent shell injection so I'm using the following form:
https://stackoverflow.com/questions/23219932
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansystem('nmap', '-sn', hostname)
This works fine, however I want to use the -oX - option to output xml to stdout. The following code doesn't seem to work though:
system('nmap', '-sn', '-oX -', hostname)
The -oX - argument seems to be ignored, can anyone suggest a workaround?
La solution
As system also escapes spaces in arguments, your system call with -oX - will effectively be called as
nmap "-sn" "-oX -" "example.com"
with the space being part of a single argument. It will thus not be considered a valid argument for nmap. To fix this, you actually have to pass it as two arguments. Here, the space in the single argument will not be escaped:
system('nmap', '-sn', '-oX', '-', hostname)
