Unable to show vulnerability
Difficultcl opened this issue · 3 comments
So, one thing I can comment on is that what you ran from the command line is not going to match what you ran from pathfinder.
I can see from the command line you ran with --script=vuln
, this is the overarching category of all nmap vulnerability scripts. In caldera you ran the specific subset script which is vulners (or nmap-vulners if you use the repository name). So the vulnerabilities you found may not be ones that are flagged by that script set. you can duplicate the caldera output by running this from the commandline:
nmap 192.168.10.137/24 --script=vulners
https://nmap.org/nsedoc/categories/vuln.html
Though as you can see based on your scan, it may be beneficial for us to allow category scanning and not just based on scripts found and populated in the ./scanners/nmap/scripts
folder for caldera.
I just pushed up a small PR for a change that would populate out all the possible scripts available for nmap and allow them to be ran, you can pull the branch nmap_builtin_scripts
and run vuln
or any of the specific scripts (smb-vuln-ms17-010) that flagged a CVE for you to make sure you get the same output you saw in your commandline execution
@Difficultcl
If there is no sensitive data in the scan can you post the nmap xml report from the scan? It should be located in the plugins/pathfinder/data/reports
directory
I was unable to reproduce the parsing failure, but it may be something specific to the format of the xml file.
Also the xml file will have the nmap version (yours looks to be 7.91) and some other details as well that would be helpful for going through and trying to reproduce and resolve this.