21y4d/nmapAutomator

Another issue

11nf0s3c opened this issue · 10 comments

Noticed another issue with the new script. Ran against the "Bastard" host from hack the box.

  1. Empty output on - "Starting Nmap UDP Scan".
  2. Struck forever in "Running Vuln scan on basic ports" in "Nmap Vulns Scan". Waited for more than an hour.

On the old script, I sometimes receive the following message in "Starting Nmap Vulns Scan - > Running Vuln scan on basic ports".
Pre-scan script results:
|_broadcast-avahi-dos: ERROR: Script execution failed (use -d to debug)

I am facing the same issue with a THM machine. I kept checking the .tmp file created for the Vuln scan. The scan was stuck at 91.81% for a long long time.

I have also had this issue.

21y4d commented

Thank you all for reporting.
Since i can't replicate the issue myself, could you please take the command you'd find at the beginning of the .nmap file and run it on its own to see if it finishes? If it does, could you share the entire output? You can remove the --stats-every 3 part.

There may be rare cases with a certain output that cause an add behaviour.

Also, was it stuck at the vulners scan or the vulns scan? So the first script run or the second?
Does it happen with any other websites? If it's just with one website, and the if you run the nmap command on its own and it still hangs, it's probably an issue with nmap scripts, and not with this script.

I tried running Nmap scripts with the following command. Removed --stats-every 3 flag and added verbose -v flag instead to see the progress.

nmap -sV --script vuln -p22,80,3306,4444,5000 -oN Vulns_10.10.232.211.nmap --dns-server=1.1.1.1 10.10.232.211 -v

It still gets stuck at the very end. I guess there is a problem with the Nmap script itself.

21y4d commented

Thanks for confirming. This may mean that it's related to one of the script run by nmap itself, rather than an issue with nmapAutomator. It could even be an issue with the services running on the remote server.

Hi Ya, great show with all the amendments and enhancements. I might be wrong but it always asks for input while doing and finishing the Nikto scan. Am I missing anything? See below

Portions of the server's headers (Apache/2.4.38) are not in
the Nikto 2.1.6 database or are newer than the known string. Would you like
to submit this information (no server specific data) to CIRT.net
for a Nikto update (or you may email to sullo@cirt.net) (y/n)?

21y4d commented

This is probably related to nikto, but I'll check if it has any flags to not prompt the user.

In any case, I have never faced this case, so it's probably very rare.

Thanks, also I have noticed when running Recon, it starts with Nikto then ffuf scan and then again Nikto. I checked a couple of times to confirm it.

Is there a reason why in the output it displays these commands twice? See below:

nmapAutomator.sh --host 192.168.220.74 --type Recon

Running a Recon scan on 192.168.220.74

Host is likely running Linux

---------------------Recon Recommendations---------------------

Web Servers Recon:

nikto -host "http://192.168.220.74:80" | tee "recon/nikto_192.168.220.74_80.txt"
ffuf -ic -w /usr/share/wordlists/dirb/common.txt -e '.php' -u "http://192.168.220.74:80/FUZZ" | tee "recon/ffuf_192.168.220.74_80.txt"

nikto -host "http://192.168.220.74:80" | tee "recon/nikto_192.168.220.74_80.txt"
ffuf -ic -w /usr/share/wordlists/dirb/common.txt -e '.php' -u "http://192.168.220.74:80/FUZZ" | tee "recon/ffuf_192.168.220.74_80.txt"

Which commands would you like to run?
All (Default), ffuf, nikto, Skip <!>

Running Default in (1)s:

---------------------Running Recon Commands--------------------

Starting nikto scan

Then it starts Nikto scan, then ffuf scan and again goes back to Nikto and ffuf scans.

21y4d commented

Does this happens for the same port?

Yes, that is the straight output that I copy-pasted.