Nmap Development mailing list archives
Re: dev Digest, Vol 129, Issue 35
From: ryan chou <jkryanchou () gmail com>
Date: Wed, 23 Dec 2015 10:41:57 +0800
Did the Fox-IT company plan to offer a remote job? I'm so interested in it. That looks so cool. 2015-12-20 13:37 GMT+08:00 <dev-request () nmap org>:
Send dev mailing list submissions to dev () nmap org To subscribe or unsubscribe via the World Wide Web, visit https://nmap.org/mailman/listinfo/dev or, via email, send a message with subject or body 'help' to dev-request () nmap org You can reach the person managing the list at dev-owner () nmap org When replying, please edit your Subject line so it is more specific than "Re: Contents of dev digest..." Today's Topics: 1. Paid Internships for Improving Nmap OS Detection Available at Fox-IT in the Netherlands (Fyodor) 2. scan results depend on logfile mode??? (B?la Szekeres (p?kusz)) 3. Re: scan results depend on logfile mode??? (B?la Szekeres (p?kusz)) 4. Re: scan results depend on logfile mode??? (Daniel Miller) ---------------------------------------------------------------------- Message: 1 Date: Sat, 19 Dec 2015 13:29:45 -0800 From: Fyodor <fyodor () nmap org> To: Nmap Development List <dev () nmap org> Subject: Paid Internships for Improving Nmap OS Detection Available at Fox-IT in the Netherlands Message-ID: <CAJjO9M=dg4ECgmLLXkZ0FsFoe79mcoEA=TspnORWpY= jjV7JHQ () mail gmail com> Content-Type: text/plain; charset="utf-8" Hi folks! Mathias Morbitzer has notified me that his company Fox-IT has openings for two paid internships where he will work with talented programmers to improve or even re-invent Nmap OS detection. I'm excited about this since his previous intern, Alexandru Geana, already made a lot of progress in this area and we've implemented some of that into Nmap 7. But there's a lot more to do! And this is a great chance to get paid to work on free software. They are looking for someone who is either located in the Netherlands or willing to relocate their during the project. They're flexible about the start and duration of the project. Here are the positions: Improving Nmaps IPv6 OS detection system: https://www.fox-it.com/nl/vacancies/improving-nmaps-ipv6-os-detection-system/ Design and implementation of a new OS detection system for Nmap: https://www.fox-it.com/nl/vacancies/design-and-implementation-of-a-new-os-detection-system-for-nmap/ I know the internships are paid, but I don't know how much. I hope they find someone great as a successful project could make Nmap better for us all! Cheers, Fyodor -------------- next part -------------- An HTML attachment was scrubbed... URL: < https://nmap.org/mailman/private/dev/attachments/20151219/e7fc13b9/attachment.html------------------------------ Message: 2 Date: Sat, 19 Dec 2015 20:20:17 +0100 From: B?la Szekeres (p?kusz) <pokusz () gmail com> To: dev () nmap org Subject: scan results depend on logfile mode??? Message-ID: <CAOJLbe08CshDbEn-D9DhpEd62w0H+TDMW+ag= ju9bxGj7SqF_A () mail gmail com> Content-Type: text/plain; charset="utf-8" Hi all, I have a weird problem with nmap which is driving me mad. I'm running nmap 7.01 on Kali 2.0. I have a server with 2 SSL ports, both ports are configured identically, OpenSSL can connect to both ports. If I run nmap to scan the server, the results depend on the logfile mode... ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oN - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV -p3550,3562 -oN - pi196 Nmap scan report for pi196 (xxx) Host is up (0.0042s latency). PORT STATE SERVICE VERSION 3550/tcp open ssl/unknown 3562/tcp open ssl/unknown Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up) scanned in 23.72 seconds ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oG - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV -p3550,3562 -oG - pi196 Host: xxx (pi196) Status: Up Host: xxx (pi196) Ports: 3550/open/tcp//ssl|unknown///, 3562/open/tcp///// # Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up) scanned in 23.73 seconds ================= I compared the packet trace of both scans and I see only minimal differences. Tried to recompile the source but the results are the same. Any ideas? Best regards, Bela Szekeres -------------- next part -------------- An HTML attachment was scrubbed... URL: < https://nmap.org/mailman/private/dev/attachments/20151219/d649be72/attachment.html------------------------------ Message: 3 Date: Sun, 20 Dec 2015 01:33:47 +0100 From: B?la Szekeres (p?kusz) <pokusz () gmail com> To: dev () nmap org Subject: Re: scan results depend on logfile mode??? Message-ID: < CAOJLbe1JSLoH6wzrM2wo3NY-dVr1fVA0_UvLh8HU3ZwiY3c0fw () mail gmail com> Content-Type: text/plain; charset="utf-8" Hi again, One step ahead. (The ports correctly are 33550 and 33562. Sorry for the editing.) The difference between the two ports is that 33550 appears in nmap-services. If I also include 33562 in nmap-services (even with 0 frequency), it is found as ssl by the service scan even in -oG logmode. If the port is not included in the file, it is not detected as ssl in -oG, but detected in -oN logmode. Remember, I specify the ports with -p, so this file should not matter, as far as I know. Still the question, why is it scanning differently if the logmode is different. Best regards, Bela Szekeres On Sat, Dec 19, 2015 at 8:20 PM, B?la Szekeres (p?kusz) <pokusz () gmail com> wrote:Hi all, I have a weird problem with nmap which is driving me mad. I'm runningnmap7.01 on Kali 2.0. I have a server with 2 SSL ports, both ports are configured identically, OpenSSL can connect to both ports. If I run nmap to scan the server, the results depend on the logfile mode... ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oN - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV -p3550,3562 -oN - pi196 Nmap scan report for pi196 (xxx) Host is up (0.0042s latency). PORT STATE SERVICE VERSION 3550/tcp open ssl/unknown 3562/tcp open ssl/unknown Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up) scanned in 23.72 seconds ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oG - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV -p3550,3562 -oG - pi196 Host: xxx (pi196) Status: Up Host: xxx (pi196) Ports: 3550/open/tcp//ssl|unknown///, 3562/open/tcp///// # Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up) scanned in 23.73 seconds ================= I compared the packet trace of both scans and I see only minimal differences. Tried to recompile the source but the results are the same. Any ideas? Best regards, Bela Szekeres-------------- next part -------------- An HTML attachment was scrubbed... URL: < https://nmap.org/mailman/private/dev/attachments/20151220/22e5f1b1/attachment.html------------------------------ Message: 4 Date: Sat, 19 Dec 2015 23:37:44 -0600 From: Daniel Miller <bonsaiviking () gmail com> To: B?la Szekeres (p?kusz) <pokusz () gmail com> Cc: Nmap-dev <dev () nmap org> Subject: Re: scan results depend on logfile mode??? Message-ID: <CABmvJnMZkdSzC4RSazpkEyBi2Qe_N8= 3zr29BbwPOGWTrXYBtA () mail gmail com> Content-Type: text/plain; charset="utf-8" B?la, Thanks for reporting this! This has apparently been a long-standing bug in Nmap, which I just fixed with your help in r35536. In an attempt to not always print "unknown" in a field that could otherwise simply be blank, we did not print any service info in grepable output if the service did not have a positively-identified name. Unfortunately, this resulted in discarding service tunnel info, as you found. I changed the check to also check for a service tunnel, copying a condition from further on in the same function that we use for printing the service info in XML. Dan On Sat, Dec 19, 2015 at 6:33 PM, B?la Szekeres (p?kusz) <pokusz () gmail com> wrote:Hi again, One step ahead. (The ports correctly are 33550 and 33562. Sorry for the editing.) The difference between the two ports is that 33550 appears in nmap-services. If I also include 33562 in nmap-services (even with 0 frequency), it is found as ssl by the service scan even in -oG logmode.Ifthe port is not included in the file, it is not detected as ssl in -oG,butdetected in -oN logmode. Remember, I specify the ports with -p, so this file should not matter, as far as I know. Still the question, why is it scanning differently if the logmode is different. Best regards, Bela Szekeres On Sat, Dec 19, 2015 at 8:20 PM, B?la Szekeres (p?kusz) <pokusz () gmail com>wrote:Hi all, I have a weird problem with nmap which is driving me mad. I'm running nmap 7.01 on Kali 2.0. I have a server with 2 SSL ports, both ports are configured identically, OpenSSL can connect to both ports. If I run nmap to scan the server, the results depend on the logfile mode... ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oN - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:12:55 2015 as: nmap -Pn -sV -p3550,3562 -oN - pi196 Nmap scan report for pi196 (xxx) Host is up (0.0042s latency). PORT STATE SERVICE VERSION 3550/tcp open ssl/unknown 3562/tcp open ssl/unknown Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Dec 19 20:13:18 2015 -- 1 IP address (1 host up) scanned in 23.72 seconds ================= root@kali:~# nmap -Pn -sV -p3550,3562 -oG - pi196 # Nmap 7.01 scan initiated Sat Dec 19 20:13:23 2015 as: nmap -Pn -sV -p3550,3562 -oG - pi196 Host: xxx (pi196) Status: Up Host: xxx (pi196) Ports: 3550/open/tcp//ssl|unknown///, 3562/open/tcp///// # Nmap done at Sat Dec 19 20:13:46 2015 -- 1 IP address (1 host up) scanned in 23.73 seconds ================= I compared the packet trace of both scans and I see only minimal differences. Tried to recompile the source but the results are the same. Any ideas? Best regards, Bela Szekeres_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-------------- next part -------------- An HTML attachment was scrubbed... URL: < https://nmap.org/mailman/private/dev/attachments/20151219/f56b5b43/attachment.html------------------------------ Subject: Digest Footer _______________________________________________ dev mailing list dev () nmap org https://nmap.org/mailman/listinfo/dev ------------------------------ End of dev Digest, Vol 129, Issue 35 ************************************
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: dev Digest, Vol 129, Issue 35 ryan chou (Dec 22)