From 9f4c065915c8d50e81115e334dc3be5947acb8fd Mon Sep 17 00:00:00 2001 From: Alexei Znamensky <103110+russoz@users.noreply.github.com> Date: Sun, 10 May 2026 20:20:08 +1200 Subject: [PATCH] nmap inventory plugin: add `skip_host_discovery` option (#11955) * feat(nmap inventory): add skip_host_discovery option (-Pn) Adds skip_host_discovery option to suppress nmap's default host discovery probes (TCP SYN to 80/443), which caused unexpected traffic when scanning remote hosts over VPN or through firewalls. Co-Authored-By: Claude Sonnet 4.6 * changelog: add fragment for nmap skip_host_discovery option (#11955) Co-Authored-By: Claude Sonnet 4.6 --------- Co-authored-by: Claude Sonnet 4.6 --- .../fragments/11955-nmap-skip-host-discovery.yml | 4 ++++ plugins/inventory/nmap.py | 13 +++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 changelogs/fragments/11955-nmap-skip-host-discovery.yml diff --git a/changelogs/fragments/11955-nmap-skip-host-discovery.yml b/changelogs/fragments/11955-nmap-skip-host-discovery.yml new file mode 100644 index 0000000000..1b2325751f --- /dev/null +++ b/changelogs/fragments/11955-nmap-skip-host-discovery.yml @@ -0,0 +1,4 @@ +minor_changes: + - nmap inventory plugin - add ``skip_host_discovery`` option to skip nmap host discovery phase (``-Pn``) + (https://github.com/ansible-collections/community.general/issues/7893, + https://github.com/ansible-collections/community.general/pull/11955). diff --git a/plugins/inventory/nmap.py b/plugins/inventory/nmap.py index 5c234137f0..8e6f612044 100644 --- a/plugins/inventory/nmap.py +++ b/plugins/inventory/nmap.py @@ -95,6 +95,16 @@ options: type: boolean default: true version_added: 7.4.0 + skip_host_discovery: + description: + - Skip nmap host discovery phase and treat all hosts as online (C(-Pn)). + - Useful when scanning remote hosts over VPN or through firewalls where nmap's default discovery probes + (TCP SYN to ports 80/443) are blocked but the target port is open. + - When V(false) (default), nmap performs host discovery before port scanning, which may send packets + to ports 80 and 443 regardless of the O(port) setting. + type: boolean + default: false + version_added: 13.0.0 set_name_variable: description: - Set the C(name) variable for each host. @@ -264,6 +274,9 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable): if not self.get_option("use_arp_ping"): cmd.append("--disable-arp-ping") + if self.get_option("skip_host_discovery"): + cmd.append("-Pn") + cmd.append(self.get_option("address")) try: # execute