Skip to content
This repository has been archived by the owner on Feb 26, 2021. It is now read-only.

NMAP crash if a host should be scanned wich is not resolveable any more #34

Open
rseedorff opened this issue Apr 30, 2020 · 0 comments
Open

NMAP crash if a host should be scanned wich is not resolveable any more #34

rseedorff opened this issue Apr 30, 2020 · 0 comments
Assignees
@J12934
Labels
bug Something isn't working

Comments

@rseedorff
Copy link
Member

Describe the bug
As a security tester i would like to use the combined AMASS-NMAP scan to automatically all found subdomains with NMAP directly. Sometimes AMASS returns subdomains which are too old and therefore no longer available. But in this cases the subsequent NMAP scan crashes because it tries to scan a host which is no longer available. But this NMAP error crashes the complete scan process even it has already found valid results.

To Reproduce
Steps to reproduce the behavior:

  1. Start a securityTest with the amass-nmap scan like:
[
  {
    "name": "amass-nmap",
    "context": "my-applicationteam",
    "metaData": {
    },
    "target": {
      "name": "example.com Website Test",
      "location": "example.com",
      "attributes": {
        "NO_DNS": true,
        "NMAP_CONFIGURATION_PROFILE": "HTTP_PORTS",
        "NMAP_HTTP_HEADERS": true
      }
    }
  }
  1. The SCB NMAP scanner crashes if amass returns a old subdomain which is no longer resolveable:
SCANNING location: "nolonger.available.example.com", parameters: "-Pn -p 80,8080,443,8443 --script=http-headers"
WARNING: No targets were specified, so 0 hosts scanned.
Failed to perform Job "ae685f00-8b0e-11ea-a74e-0a580a81026f" Error: Failed to execute nmap portscan.
    at ScannerScaffolding.worker [as _worker] (/src/src/nmap.js:138:23)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:94:5)
Job Failure submitted succesfully.
  1. NMAP instead informs about the real problem here:
nmap nolonger.available.example.com -Pn -p 80,8080,443,8443 --script=http-headers
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-30 20:34 CEST
Failed to resolve "nolonger.available.example.com".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 18.30 seconds

Expected behavior
In this case NMAP must not crash completely and stop the complete amass-nmap scan. It would be great if in such a case instead of an error a new informational finding would be generated by NMAP:

Finding:

{
    "id": "335edb1d-7105-40f9-843b-0f1b62e0872f",
    "name": "Host not found",
    "description": "Failed to resolve "nolonger.available.example.com".",
    "category": "Host",
    "osi_layer": "NETWORK",
    "severity": "INFORMATIONAL",
    "attributes": {
      "ip_address": "null",
      "hostname": nolonger.available.example.com,
      "operating_system": null
    }
@rseedorff rseedorff added the bug Something isn't working label Apr 30, 2020
@J12934 J12934 self-assigned this May 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@J12934 J12934

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rseedorff @J12934