Nmap Development mailing list archives
Re: Bug in NSE core, I think
From: Patrick Donnelly <batrick () batbytes com>
Date: Tue, 25 Aug 2009 20:40:48 -0400
Hi Ron, On Tue, Aug 25, 2009 at 8:19 PM, Ron<ron () skullsecurity net> wrote:
I believe I found a bug in the NSE core. It comes up when scanning multiple hosts on the same ip address. For example, here is the script running against multiple sites hosted on my ip address: -- $ ./nmap --script=test.nse -p80 www.javaop.com www.skullsecurity.org test.skullsecurity.org www.x86labs.org forum.x86labs.org Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-25 19:16 CDT NSE: Script Scanning completed. Interesting ports on test.skullsecurity.org (208.81.2.52): PORT STATE SERVICE 80/tcp open http Interesting ports on test.skullsecurity.org (208.81.2.52): PORT STATE SERVICE 80/tcp open http Interesting ports on test.skullsecurity.org (208.81.2.52): PORT STATE SERVICE 80/tcp open http Interesting ports on test.skullsecurity.org (208.81.2.52): PORT STATE SERVICE 80/tcp open http Interesting ports on test.skullsecurity.org (208.81.2.52): PORT STATE SERVICE 80/tcp open http |_ test: 208.81.2.52 (www.skullsecurity.org) |_ test: 208.81.2.52 (www.javaop.com) |_ test: 208.81.2.52 (www.x86labs.org) |_ test: 208.81.2.52 (test.skullsecurity.org) |_ test: 208.81.2.52 (forum.x86labs.org) Nmap done: 5 IP addresses (5 hosts up) scanned in 2.14 seconds -- Notice that the script ran 5 times for one host, instead of once each. I understand that normally, this behaviour isn't a big deal. But, when scanning Web sites, it's quite plausible that you'll be scanning the same host like this. I've attached the script that I used to replicate this, though it doesn't really do that much. Thanks! Ron
Right now NSE uses a table of <ip, Target * (light userdata)> pairs for all the hosts. When we get passed a host table we look in that table using the host table ip address (host.ip) for the actual Target *. Problem is, we have the same ip address for all those hosts so only one entry will be present. Also, the scripts actually did run, correctly, against each host but the script output was added to one host (for the aforementioned reason). Is this worth fixing? -- -Patrick Donnelly "Let all men know thee, but no man know thee thoroughly: Men freely ford that see the shallows." - Benjamin Franklin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Brandon Enright (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
- Re: Bug in NSE core, I think Ron (Aug 27)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 27)
- Re: Bug in NSE core, I think Ron (Aug 27)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 25)