Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nmap scan doesn't handle all the ports I need in portspec #5

Open
bdmorin opened this issue Apr 27, 2020 · 3 comments
Open

nmap scan doesn't handle all the ports I need in portspec #5

bdmorin opened this issue Apr 27, 2020 · 3 comments

Comments

@bdmorin
Copy link

bdmorin commented Apr 27, 2020

I setup a portspec/mappings and got this result:

nmap-analyze version=1.0.0, log level=Level(Warn)
+---------------+---------------+--------+-------+-------------+-----------------------------+
| Host          | Portspec      | Result | Port  | Port Result | Failure Reason              |
+---------------+---------------+--------+-------+-------------+-----------------------------+
| 10.246.165.40 | 10.246.165.40 | Fail   |       |             |                             |
|               |               |        | 22    | failed      | expected Open, found Closed |
|               |               |        | 25    | failed      | expected Closed, found Open |
|               |               |        | 80    | failed      | expected Closed, found Open |
|               |               |        | 135   | failed      | expected Closed, found Open |
|               |               |        | 139   | failed      | expected Closed, found Open |
|               |               |        | 161   | failed      | expected Open, found Closed |
|               |               |        | 443   | failed      | expected Closed, found Open |
|               |               |        | 445   | failed      | expected Closed, found Open |
|               |               |        | 1025  | failed      | expected Closed, found Open |
|               |               |        | 1026  | failed      | expected Closed, found Open |
|               |               |        | 1027  | failed      | expected Closed, found Open |
|               |               |        | 1032  | failed      | expected Closed, found Open |
|               |               |        | 3389  | failed      | expected Closed, found Open |
|               |               |        | 8192  | failed      | expected Closed, found Open |
|               |               |        | 8193  | failed      | expected Closed, found Open |
|               |               |        | 8194  | failed      | expected Closed, found Open |
|               |               |        | 8400  | failed      | expected Closed, found Open |
|               |               |        | 8402  | failed      | expected Closed, found Open |
|               |               |        | 8443  | failed      | expected Open, found Closed |
|               |               |        | 50000 | failed      | expected Open, found Closed |
|               |               |        | 5696  | not scanned |                             |
|               |               |        | 8445  | not scanned |                             |
|               |               |        | 8448  | not scanned |                             |
|               |               |        | 8446  | not scanned |                             |
|               |               |        | 8447  | not scanned |                             |
|               |               |        | 7024  | not scanned |                             |
|               |               |        | 8444  | not scanned |                             |
+---------------+---------------+--------+-------+-------------+-----------------------------+

The problem is, the nmap scan you run to develop the .xml result doesn't include "all ports" or similar, only the ones nmap wants to test for. So I modified the nmap command to:

nmap -dd -n -sS -oX 10.246.165.40.xml 10.246.165.40 -p 1-8448,50000

Since that's what I was looking for, then nmap-analyze said I specified ports and to not do that.

I'm not sure how to add more default ports to the scan so I can get them.

Also - completely aside from this, the nmap-xml command didn't pickup all my open ports at all.

$ sudo nmap  -n -sS -oA 10.246.165.40 --open 10.246.165.40 -p 1-8448,50000 -T4
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-27 13:55 CDT
Nmap scan report for 10.246.165.40
Host is up (0.094s latency).
Not shown: 8354 closed ports, 76 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
25/tcp   open  smtp
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
1025/tcp open  NFS-or-IIS
1026/tcp open  LSA-or-nterm
1027/tcp open  IIS
1032/tcp open  iad3
3389/tcp open  ms-wbt-server
5985/tcp open  wsman
7024/tcp open  vmsvc
8080/tcp open  http-proxy
8192/tcp open  sophos
8193/tcp open  sophos
8194/tcp open  sophos
8400/tcp open  cvd
8402/tcp open  abarsd

which is fine, but I really like this testsuite and want to use it, lol.
@lukaspustina
Copy link
Owner

Hi,

it's late here, so I try to help with a pointer first. I will check your message tmr thoroughly.

Please check the nmap parameter --servicedb. You can specify your own "well known" ports for nmap. I'm using this by extending the default service file with my "special" ports.

Cheers, Lukas

BTW: You're using nmap-analyze version=1.0.0. The recent one is 1.1.0.

@lukaspustina lukaspustina mentioned this issue Apr 27, 2020
Closed
@bdmorin
Copy link
Author

bdmorin commented Apr 28, 2020

Awesome! THank you. I'll update the tests, and software and post back tomorrow.

@lukaspustina
Copy link
Owner

Any news here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukaspustina @bdmorin