Hey Christian, For some reason I am not receiving all of your replies in my email, but I see them on the openvas-discuss archive. So apologies for the strange fork of the conversation here.
In your latest reply you asked for the output of map results. Here is the results of the nmap scan you asked for: nmap -n -Pn -sV -p 1463 10.56.6.40 Starting Nmap 6.40 ( http://nmap.org ) at 2017-02-10 18:36 UTC Stats: 0:01:04 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0.00% done Nmap scan report for dev21-devc (10.56.6.40) Host is up (0.00037s latency). PORT STATE SERVICE VERSION 1463/tcp open unknown Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 141.79 seconds And for the sake of completeness, here is the results from nmap 5.51: nmap -n -Pn -sV -p 1463 10.56.6.40 Starting Nmap 5.51 ( http://nmap.org ) at 2017-02-10 18:41 UTC Nmap scan report for 10.56.6.40 Host is up (0.00039s latency). PORT STATE SERVICE VERSION 1463/tcp open unknown Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 141.76 seconds Dan ½ PGP Key: 0x1EF05BE04E5674F9 On Thu, Feb 9, 2017 at 7:36 PM, Eero Volotinen <[email protected]> wrote: > Hi Christian/Santu > > Can you verify and fix this issue on next nvt feed? > > br, > Eero > > 2017-02-10 5:24 GMT+02:00 Dan ½ <[email protected]>: > >> I see. Thanks for the pointer, Eero. >> >> That makes sense now, I suppose, but the nmap syntax is wrong. >> >> Instead of: >> >> nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O >> 1463,15197,25097,38204,46226,55374 10.56.6.40 >> >> it should be: >> >> nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O -p >> 1463,15197,25097,38204,46226,55374 10.56.6.40 >> >> Aha! And I see the [subtle] bug too! The variable i, used for the argv >> indexing, is overwritten and during the random port list construction. I've >> confirmed in my local openvas installation that the fix can be as simple >> as: >> >> $ diff gb_nmap_os_detection.nasl gb_nmap_os_detection_fixed.nasl >> 132c132 >> < for( i = 1; i <= numClosedPorts; i++ ) { >> --- >> > for( j = 1; j <= numClosedPorts; j++ ) { >> 137c137 >> < while( i + closedPort >< portList ) { >> --- >> > while( j + closedPort >< portList ) { >> 140c140 >> < portList += "," + i + closedPort; >> --- >> > portList += "," + j + closedPort; >> >> >> How can I become a contributor to help fix the script (and/or any other >> script in which I encounter bugs)? >> >> Thanks! >> >> Daniel >> >> >> >> >> Daniel Popescu >> 818-625-0823 <(818)%20625-0823> >> >> On Thu, Feb 9, 2017 at 6:27 PM, Eero Volotinen <[email protected]> >> wrote: >> >>> OS detections adds 5 random ports to commandline: >>> >>> http://plugins.openvas.org/nasl.php?oid=108021 >>> >>> >>> >>> -- >>> Eero >>> >>> 2017-02-10 3:24 GMT+02:00 Dan ½ <[email protected]>: >>> >>>> Hi folks, >>>> >>>> I'm encountering a strange issue wherein ports that I'm certain are >>>> open are not being reported as open. I have a target host where I KNOW that >>>> TCP port 1463 is open. >>>> >>>> I kick off a scan using a custom port list that contains only 1 TCP >>>> port, 1463, created via >>>> >>>> omp -u admin -w *** --xml '<create_port_list> <name>scribe only</name> >>>> <comment>scribe only</comment> <port_range>T:1463</port_range> >>>> </create_port_list>' >>>> >>>> I then poll for nmap commands and I see the following: >>>> >>>> # while true; do ps auxwww | grep [n]map; sleep 1; done >>>> root 154390 0.0 0.0 43448 5348 ? D 01:02 0:00 nmap >>>> --reason -sP --send-ip -PE 10.56.6.40 >>>> root 154394 0.0 0.0 167000 51032 ? S 01:02 0:00 >>>> openvassd: testing 10.56.6.40 (/usr/local/var/lib/openvas/pl >>>> ugins/nmap.nasl) >>>> root 154396 0.0 0.0 43584 5188 ? R 01:02 0:00 nmap >>>> -n -P0 -oG /tmp/nmap-10.56.6.40-167506994 -sT -p T:1463 -T 3 10.56.6.40 >>>> root 154438 0.0 0.0 167528 51488 ? S 01:02 0:00 >>>> openvassd: testing 10.56.6.40 (/usr/local/var/lib/openvas/pl >>>> ugins/gb_nmap_os_detection.nasl) >>>> root 154440 54.0 0.0 69620 26404 ? S 01:02 0:00 nmap >>>> -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O >>>> 1463,15197,25097,38204,46226,55374 >>>> 10.56.6.40 >>>> >>>> >>>> What's up with the "-O 1463,15197,25097,38204,46226,55374" part? The >>>> output from running that nmap command in the foreground looks like: >>>> >>>> >>>> root@22552df8a23f:/# nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O >>>> 1463,15197,25097,38204,46226,55374 10.56.6.40 >>>> >>>> Starting Nmap 5.51 ( http://nmap.org ) at 2017-02-10 01:11 UTC >>>> Invalid target host specification: 1463,15197,25097,38204,46226,55374 >>>> QUITTING! >>>> >>>> >>>> That list of random ports seems to vary on each run (except for the >>>> first number, 1463, which is consistent with what i've requested to be >>>> scanned). Not sure where it's coming from, but I'm fairly certain that this >>>> is what's causing the issue that I'm seeing where known open ports are not >>>> being reported. >>>> >>>> I'm on ubuntu 14.04 (trusty), openvas8 built from source on the >>>> published tarballs on http://www.openvas.org/install-source.html. >>>> >>>> Any ideas on where that random list is coming from? and why it's not >>>> being passed with "-p"? Is that possibly what's causing this issue or is it >>>> a red herring? >>>> >>>> >>>> Daniel Popescu >>>> 818-625-0823 <(818)%20625-0823> >>>> >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>>> penvas-discuss >>>> >>> >>> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
