Nmap Development mailing list archives
Re: Bug in NSE core, I think
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 26 Aug 2009 00:52:30 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 25 Aug 2009 19:47:06 -0500 Ron <ron () skullsecurity net> wrote:
On 08/25/2009 07:40 PM, Patrick Donnelly wrote:Right now NSE uses a table of<ip, Target * (light userdata)> pairs for all the hosts. When we get passed a host table we look in that table using the host table ip address (host.ip) for the actual Target *. Problem is, we have the same ip address for all those hosts so only one entry will be present. Also, the scripts actually did run, correctly, against each host but the script output was added to one host (for the aforementioned reason). Is this worth fixing?I haven't tracked down exactly what's going on, but it appears to cause a bug in one of my scripts. I believe it steps from a local variable getting whacked, because it's ending up wrong by the end of my script. That's how I originally noticed this behaviour. Ron
Ron, I think this mostly stems from Nmap not bothering to check for duplicates in the target list, not even duplicate IPs. We shouldn't fix NSE if we aren't going to fix the general scanning. Take for example: $ sudo nmap -v -d --top-ports 100 -T5 --open 127.0.0.1 127.0.0.1 Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-26 00:50 UTC PORTS: Using top 100 ports found open (TCP:100, UDP:0, SCTP:0) - --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 250, min 50, max 300 max-scan-delay: TCP 5, UDP 1000, SCTP 5 parallelism: min 0, max 0 max-retries: 2, host-timeout: 900000 min-rate: 0, max-rate: 0 - --------------------------------------------- NSE: Loaded 0 scripts for scanning. mass_rdns: Using DNS server 132.239.0.252 mass_rdns: Using DNS server 132.239.1.52 mass_rdns: Using DNS server 128.54.16.2 Initiating SYN Stealth Scan at 00:50 Scanning 2 hosts [100 ports/host] Packet capture filter (device lo): dst host 127.0.0.1 and (icmp or ((tcp or udp or sctp) and (src host 127.0.0.1 or src host 127.0.0.1))) Discovered open port 25/tcp on 127.0.0.1 Discovered open port 443/tcp on 127.0.0.1 Discovered open port 80/tcp on 127.0.0.1 Discovered open port 631/tcp on 127.0.0.1 Completed SYN Stealth Scan against 127.0.0.1 in 0.02s (1 host left) Increased max_successful_tryno for 127.0.0.1 to 1 (packet drop) Discovered open port 25/tcp on 127.0.0.1 Discovered open port 443/tcp on 127.0.0.1 Discovered open port 80/tcp on 127.0.0.1 Discovered open port 631/tcp on 127.0.0.1 Completed SYN Stealth Scan at 00:50, 1.06s elapsed (200 total ports) Overall sending rates: 198.21 packets / s, 8721.36 bytes / s. Host localhost (127.0.0.1) is up, received localhost-response (0.000016s latency). Scanned at 2009-08-26 00:50:58 UTC for 0s Interesting ports on localhost (127.0.0.1): Not shown: 96 closed ports Reason: 96 resets PORT STATE SERVICE REASON 25/tcp open smtp syn-ack 80/tcp open http syn-ack 443/tcp open https syn-ack 631/tcp open ipp syn-ack Final times for host: srtt: 16 rttvar: 0 to: 50000 Host localhost (127.0.0.1) is up, received localhost-response (0.000016s latency). Scanned at 2009-08-26 00:50:58 UTC for 1s Interesting ports on localhost (127.0.0.1): Not shown: 96 closed ports Reason: 96 resets PORT STATE SERVICE REASON 25/tcp open smtp syn-ack 80/tcp open http syn-ack 443/tcp open https syn-ack 631/tcp open ipp syn-ack Final times for host: srtt: 16 rttvar: 0 to: 50000 Read from /usr/share/nmap: nmap-services. Nmap done: 2 IP addresses (2 hosts up) scanned in 1.13 seconds Raw packets sent: 210 (9240B) | Rcvd: 429 (18.036KB) Note 210 packets were sent, not the expected ~100. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkqUh04ACgkQqaGPzAsl94Ln9ACggHotv0ZKDW0k7FtWlwRMRF0l MG8An3JO9E5vA8nUXiNhhBNwkGsLmL3T =wchV -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Brandon Enright (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 26)
- Re: Bug in NSE core, I think Ron (Aug 27)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 27)
- Re: Bug in NSE core, I think Ron (Aug 27)
- Re: Bug in NSE core, I think Ron (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 25)
- Re: Bug in NSE core, I think Patrick Donnelly (Aug 27)