Nmap Development mailing list archives

Re: Bug in NSE core, I think

From: Patrick Donnelly <batrick () batbytes com>
Date: Tue, 25 Aug 2009 20:40:48 -0400

Hi Ron,

On Tue, Aug 25, 2009 at 8:19 PM, Ron<ron () skullsecurity net> wrote:

I believe I found a bug in the NSE core. It comes up when scanning multiple
hosts on the same ip address. For example, here is the script running
against multiple sites hosted on my ip address:

--
$ ./nmap --script=test.nse  -p80 www.javaop.com www.skullsecurity.org
test.skullsecurity.org www.x86labs.org forum.x86labs.org

Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-25 19:16 CDT
NSE: Script Scanning completed.
Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http

Interesting ports on test.skullsecurity.org (208.81.2.52):
PORT   STATE SERVICE
80/tcp open  http
|_ test: 208.81.2.52 (www.skullsecurity.org)
|_ test: 208.81.2.52 (www.javaop.com)
|_ test: 208.81.2.52 (www.x86labs.org)
|_ test: 208.81.2.52 (test.skullsecurity.org)
|_ test: 208.81.2.52 (forum.x86labs.org)


Nmap done: 5 IP addresses (5 hosts up) scanned in 2.14 seconds
--

Notice that the script ran 5 times for one host, instead of once each.

I understand that normally, this behaviour isn't a big deal. But, when
scanning Web sites, it's quite plausible that you'll be scanning the same
host like this.

I've attached the script that I used to replicate this, though it doesn't
really do that much.

Thanks!
Ron


Right now NSE uses a table of <ip, Target * (light userdata)> pairs
for all the hosts. When we get passed a host table we look in that
table using the host table ip address (host.ip) for the actual Target
*. Problem is, we have the same ip address for all those hosts so only
one entry will be present. Also, the scripts actually did run,
correctly, against each host but the script output was added to one
host (for the aforementioned reason).

Is this worth fixing?

-- 
-Patrick Donnelly

"Let all men know thee, but no man know thee thoroughly: Men freely
ford that see the shallows."

- Benjamin Franklin

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 25)
  - Re: Bug in NSE core, I think Ron (Aug 25)
    - Re: Bug in NSE core, I think Brandon Enright (Aug 25)
    - Re: Bug in NSE core, I think Ron (Aug 25)
    - Re: Bug in NSE core, I think Ron (Aug 25)
    - Re: Bug in NSE core, I think Ron (Aug 25)
    - Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
    - Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
    - Re: Bug in NSE core, I think Ron (Aug 27)
    - Re: Bug in NSE core, I think Patrick Donnelly (Aug 27)
    - Re: Bug in NSE core, I think Ron (Aug 27)

(Thread continues...)