Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap comprehensive scan problem via Armitage

From: Shinnok <admin () shinnok com>
Date: Fri, 17 Jun 2011 10:12:08 +0300
Hi,

Maybe we should keep these really intrusive scripts like
flood/(d)dos/exploit outside the reach of --script all, since they are
kind of dangerous scripts and somewhat counter-intuitive to what Nmap
should do. There's also the fact that now we have well over 200
scripts and given the speed at which new scripts are added and old
ones updated, it is really hard to keep up with them, especially for
someone not directly involved with Nmap.
Possible solutions:
*A warning message explaining the fact that the dangerous scripts will
be ran explicitly stating keywords like dos/exploit is another way.
*Disallow them on all categories, unless explicit --script
intrusive/exploit/dos/etc.. is specified.
*Move all these kind of scripts to the intrusive category and keep
them out of reach --script all.

-Shinnok

On Fri, Jun 17, 2011 at 12:53 AM, Daniel Miller <bonsaiviking () gmail com> wrote:

Ron,

According to
https://code.google.com/p/armitage/source/browse/trunk/scripts/hosts.sl, a
"Comprehensive" scan is "-sS -sU -T5 -A -v -PE -PP -PS80,443 -PA3389
-PU40125 -PY -g 53 --script all"

Given that smb-flood is part of "all", it's no wonder this times out.

Dan

On 06/16/2011 04:35 PM, Ron wrote:


Hey,

I've never used Armitage before, and I don't know what a 'comprehensive
scan' consists of. Can you provide the commandline that Nmap is run with
when doing that scan? It seems like the host-timeout argument or something
similar might be too low.

Ron

On Sun, 15 May 2011 00:39:24 -0400 furikuri () hush com wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello there,
Here is some background:
- -BackTrack5 linux with gnome 2.6
- -Nmap version 5.51
- -metasploit v3.7.1-release [core:3.7 api:1.0] at revision 12616
Now onto the problem: *keep in mind this is via Armitage*

When i run any nmap scan other than comprehensive, everything seems
to work. The targets appear and some info in regards to them does
as well. On the other hand when i try to run comprehensive nmap,
everything appears to be fine until somewhere into 50% of service
scan, upon which the target apparently times out (this is all
within my home network and no matter what target yields the same
results with the comprehensive scan ). Here is what i get:

[*] Nmap: Service scan Timing: About 46.67% done; ETC: 21:04
(0:11:58 remaining)
[*] Nmap: Completed Service scan at 20:52, 657.85s elapsed (1 host
timed out)
[*] Nmap: NSE: Script scanning 192.168.1.105.
[*] Nmap: Initiating NSE at 20:52
[*] Nmap: Completed NSE at 20:52, 4.50s elapsed
[*] Nmap: NSE: Script scanning 192.168.1.105.
[*] Nmap: Initiating NSE at 20:52
[*] Nmap: Completed NSE at 20:52, 0.11s elapsed
[*] Nmap: Nmap scan report for 192.168.1.105
[*] Nmap: Host is up (0.0016s latency).
[*] Nmap: Skipping host 192.168.1.105 due to host timeout
[*] Nmap: Read data files from: /opt/framework3/share/nmap
[*] Nmap: OS and Service detection performed. Please report any
incorrect results at http://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 978.96
seconds
[*] Nmap: Raw packets sent: 3575 (119.079KB) | Rcvd: 1252 (54.174KB)
[-] Error while running command db_nmap: undefined method `[]' for
nil:NilClass

Call stack:
/opt/framework3/msf3/lib/rex/parser/nmap_xml.rb:109:in `tag_start'
/opt/framework3/ruby/lib/ruby/1.9.1/rexml/parsers/streamparser.rb:24
:in `parse'
/opt/framework3/ruby/lib/ruby/1.9.1/rexml/document.rb:204:in
`parse_stream'
/opt/framework3/msf3/lib/msf/core/db.rb:3961:in `import_nmap_xml'
/opt/framework3/msf3/lib/msf/core/db.rb:3823:in
`import_nmap_xml_file'
/opt/framework3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:157
4:in `cmd_db_nmap'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:331:in
`run_command'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:293:in
`block in run_single'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in
`each'
/opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in
`run_single'
/opt/framework3/msf3/lib/rex/ui/text/shell.rb:143:in `run'
/opt/framework3/msf3/lib/msf/ui/web/console.rb:65:in `block in
initialize'
/opt/framework3/msf3/lib/msf/core/thread_manager.rb:64:in `call'
/opt/framework3/msf3/lib/msf/core/thread_manager.rb:64:in `block in
spawn'

At first i though that i was at fault but after looking around i
found another person with the same problem. That person was told
that it was a bug and after posting my question on a board, i was
told the same thing. So hopefully this will get your attention. If
possible please respond and confirm whether it indeed is a bug!
Thank-you!
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at
https://www.hushtools.com/verify Version: Hush 3.0

wsBcBAEBAgAGBQJNz1j8AAoJEOwvtPx290AsnFYH/1s+54dpyuCHLO0QMnwO92cpRhYo
owhfH5FTLV6bGYxmndy22pxfPBbaT2kFcIqJoUK54GNIWLsuYEUaxMwPGQQe6QIuPba3
31uHrc3reV/WBWLiwA1agVuE45PVsX4D/Ogmv6oPANsXLblNe8L9mMbNPBoXRPraxS3r
mnu7cqzj06lIY8bB6ggTA4shXi759pafLyjIByKyaNDR3w4/OLxMVuXokKbpHtswmGS9
kaJWNsosaWJudUmYpsJzpLqMVoSLYPaXeLLXuXUhLy57M8emunLbKi3QCONbMFYO+W9p
XqLWMDJz+4c7KvrTfdYT/AAORkXDtEBY69uZqSZgGHs=
=b81v
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/





-- 

Shinnok <http://shinnok.com>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: