nmap inventory plugin: add skip_host_discovery option (#11955)

* feat(nmap inventory): add skip_host_discovery option (-Pn) Adds skip_host_discovery option to suppress nmap's default host discovery probes (TCP SYN to 80/443), which caused unexpected traffic when scanning remote hosts over VPN or through firewalls. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * changelog: add fragment for nmap skip_host_discovery option (#11955) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-11 12:14:08 +00:00 · 2026-05-10 20:20:08 +12:00 · 2026-05-10 20:20:08 +12:00 · 9f4c065915
commit 9f4c065915
parent 87a42725e0
2 changed files with 17 additions and 0 deletions
--- a/changelogs/fragments/11955-nmap-skip-host-discovery.yml
+++ b/changelogs/fragments/11955-nmap-skip-host-discovery.yml
@ -0,0 +1,4 @@
+minor_changes:
+  - nmap inventory plugin - add ``skip_host_discovery`` option to skip nmap host discovery phase (``-Pn``)
+    (https://github.com/ansible-collections/community.general/issues/7893,
+    https://github.com/ansible-collections/community.general/pull/11955).
--- a/plugins/inventory/nmap.py
+++ b/plugins/inventory/nmap.py
@ -95,6 +95,16 @@ options:
    type: boolean
    default: true
    version_added: 7.4.0
+  skip_host_discovery:
+    description:
+      - Skip nmap host discovery phase and treat all hosts as online (C(-Pn)).
+      - Useful when scanning remote hosts over VPN or through firewalls where nmap's default discovery probes
+        (TCP SYN to ports 80/443) are blocked but the target port is open.
+      - When V(false) (default), nmap performs host discovery before port scanning, which may send packets
+        to ports 80 and 443 regardless of the O(port) setting.
+    type: boolean
+    default: false
+    version_added: 13.0.0
  set_name_variable:
    description:
      - Set the C(name) variable for each host.
@ -264,6 +274,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
            if not self.get_option("use_arp_ping"):
                cmd.append("--disable-arp-ping")

+            if self.get_option("skip_host_discovery"):
+                cmd.append("-Pn")
+
            cmd.append(self.get_option("address"))
            try:
                # execute