Re: A few UMIT problems/suggestions

[Kris Katterjohn <katterjohn () gmail com>]

Guilherme Polo wrote:
> Hello Kris,
>
> First of all, I'm not UMIT project admin but I'm participating as a
> SoC student in UMIT.

Hi! I'm an SoC student for Nmap, so we might be talking again :)

> > I have noticed a few things while testing out UMIT (off SVN):
> >
> > * I haven't done extensive testing yet, but at least on my Ubuntu box
> > when I try to Save the scan, I get a window pop up to choose where to
> > save the file and it just freaks out!  It's like there are two of them
> > sort of overlapping and it jumps between them or something.  It's hard
> > to explain and won't let me save the scan.  This is the only
> > window/option I've seen that this happens to, so I don't know how it
> > could be just me experiencing it because everything else seems to work fine.
>
> It doesn't happen here (but that was using my branch).

Hmm.. well, I don't know then :)

> > * I read the README, and it doesn't describe anything else to do, or
> > maybe it hasn't been done yet because it's something new and just in
> > SVN, but here it goes: When I click the Help button, my browser pops up
> > with the help.html that was installed. But none of the links works
> > because the XML files in the docs directory were installed, but the
> > help.html wants HTML versions of these files. Also, the nse_facilitator
> > one doesn't seem to be installed at all.
>
> That README is more like a "INSTALL" for now. If you test "a not SVN
> version" of UMIT, you will see that button Help won't open anything so
> Help still needs to be done.
>
> nse_facilitator in umit is another SoC student project, he will be
> doing this part.

That explains it :)

> > * Most of the port info under the Host Details tab after the scan is
> > done seems to be very wrong.  The "Openned" one is right, but the Closed
> > and Filtered ones always say 0 (no matter how many there are) and
> > Scanned just says the same amount as "Openned".
>
> Uhm, there are some xml test files and I opened then in UMIT and I saw
> Closed different than 0. If you can send some xml file it would be
> good. Those results are parsed from xml output.

I have attached an XML file for a scan, and when opening in UMIT, I 
still get 0 for filtered and closed when you can plainly see there are 
plenty of each :)

Does UMIT use the <extraports> XML directive (I think it's called) 
correctly? That's where it is in this scan.

This is a scan I did through Nmap and just opened through UMIT, so it 
messes up both ways (through UMIT or just passed to it).

> > * I killed UMIT (usual SIGTERM), but nmap still ran in the background.
>
> Yeh =) UMIT runs nmap in background with subprocess, but this could be
> fixed too of course.

Cool :)

> > Sorry, I would normally try to write up patches or something, but I
> > don't know Python much at all :)
>
> If you have some spare time you could write these bugs in umit
> bugtracker at sourceforge:
> http://sourceforge.net/tracker/?group_id=142490&atid=752647
>
> I don't know if UMIT members follows this list (I wasn't following
> too, but I woke up and decided to take a look in this list), that is
> why I answered. It is good to know more people is using and testing
> UMIT =)

Fyodor suggested that I send to nmap-dev, but I'll see about using the 
bugtracker as well.

> You're welcome to test my branch too ;)

:)

> Thanks.

Thanks a lot,
Kris Katterjohn

<?xml version="1.0" ?>
<?xml-stylesheet href="/usr/local/share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 4.21ALPHA5 scan initiated Fri Jun 15 22:42:50 2007 as: nmap -d -P0 -n -T4 -p- -oX localhost.xml localhost -->
<nmaprun scanner="nmap" args="nmap -d -P0 -n -T4 -p- -oX localhost.xml localhost" start="1181965370" startstr="Fri Jun 
15 22:42:50 2007" version="4.21ALPHA5" xmloutputversion="1.01">
<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535" />
<verbose level="1" />
<debugging level="1" />
<taskbegin task="SYN Stealth Scan" time="1181965371" />
<taskprogress task="SYN Stealth Scan" time="1181965401" percent="38.64" remaining="47" etc="1181965448" />
<taskend task="SYN Stealth Scan" time="1181965423" />
<host><status state="up" reason="localhost-response"/>
<address addr="127.0.0.1" addrtype="ipv4" />
<hostnames />
<ports><extraports state="filtered" count="35536" />
<extraports state="closed" count="29991" />
<extrareasons reason="no-responses" count="35536"/>
<extrareasons reason="resets" count="29991"/>
<port protocol="tcp" portid="21"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ftp" 
method="table" conf="3" /></port>
<port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ssh" 
method="table" conf="3" /></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="http" 
method="table" conf="3" /></port>
<port protocol="tcp" portid="2207"><state state="open" reason="syn-ack" reason_ttl="64"/></port>
<port protocol="tcp" portid="2208"><state state="open" reason="syn-ack" reason_ttl="64"/></port>
<port protocol="tcp" portid="3306"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="mysql" 
method="table" conf="3" /></port>
<port protocol="tcp" portid="6880"><state state="open" reason="syn-ack" reason_ttl="64"/></port>
<port protocol="tcp" portid="21923"><state state="open" reason="syn-ack" reason_ttl="64"/></port>
</ports>
</host>
<runstats><finished time="1181965423" timestr="Fri Jun 15 22:43:43 2007"/><hosts up="1" down="0" total="1" />
<!-- Nmap run completed at Fri Jun 15 22:43:43 2007; 1 IP address (1 host up) scanned in 52.844 seconds -->
</runstats></nmaprun>


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org