search

Diverto / nse-log4shell

Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
MIT License
349 stars 48 forks source link

getting some errors on the new spider #11

Open doubledrat opened 2 years ago

doubledrat commented 2 years ago

thanks for the spider :-), but I'm having issues

NSE: http-spider against 999.999.208.1:443 threw an error! http-spider.nse:138: variable 'sqli_field' is not declared stack traceback: [C]: in function 'error' C:\Program Files (x86)\Nmap/nselib/strict.lua:80: in metamethod '__index' http-spider.nse:138: in upvalue 'check_form' http-spider.nse:197: in function (...tail calls...)

and seems it's trying SSL even on port 80?

NSE: [http-spider 999.999.208.163:80] http.request socket error: The script encountered an error:

  • ssl failed:
  • Failed to connect:
  • Could not connect:
  • ERROR
kost-div commented 2 years ago

Thanks for reporting.

Fixed in 2e0c32e82486d59126ca2c4ece8dd29fb4b79c51 .

git pull, retest and let me know if it works for you now.

doubledrat commented 2 years ago

still getting ssl failed on port 80

kost-div commented 2 years ago

What command line are you using? do you use -sV ? so, Nmap can recognize if http have TLS on top of that or not.

doubledrat commented 2 years ago

This is my command

c:\temp> nmap -d -sV -v --script=http-spider "--script-args=log4shell.payload=\"${jndi:ldap://{{target}}.my.logger.server}\"",http-log4shell.url=/portal/login/redirect -T4 -n -p80,443 --script-timeout=1 my.vulnerable.server
wpcap.dll present, library version: Npcap version 1.00, based on libpcap version 1.9.1
Starting Nmap 7.91 ( https://nmap.org ) at 2021-12-21 17:58 GMT Standard Time
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 500, min 100, max 1250
  max-scan-delay: TCP 10, UDP 1000, SCTP 10
  parallelism: min 0, max 0
  max-retries: 6, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI: log4shell.payload="${jndi:ldap://{{target}}.my.logger.server}",http-log4shell.url=/portal/login/redirect
NSE: Set script-timeout as: 1 seconds
NSE: Arguments parsed: log4shell.payload="${jndi:ldap://{{target}}.my.logger.server}",http-log4shell.url=/portal/login/redirect
NSE: Loaded 46 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 17:58
Completed NSE at 17:58, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 17:58
Completed NSE at 17:58, 0.00s elapsed
Initiating Ping Scan at 17:58
Scanning my.vulnerable.server (88.88.88.88) [4 ports]
Packet capture filter (device eth0): dst host 999.999.999.999 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 88.88.88.88)))
We got a TCP ping packet back from 88.88.88.88 port 443 (trynum = 0)
Completed Ping Scan at 17:58, 0.14s elapsed (1 total hosts)
Overall sending rates: 28.37 packets / s, 1078.01 bytes / s.
Initiating SYN Stealth Scan at 17:58
Scanning my.vulnerable.server (88.88.88.88) [2 ports]
Packet capture filter (device eth0): dst host 999.999.999.999 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 88.88.88.88)))
Discovered open port 443/tcp on 88.88.88.88
Discovered open port 80/tcp on 88.88.88.88
Completed SYN Stealth Scan at 17:58, 0.01s elapsed (2 total ports)
Overall sending rates: 133.33 packets / s, 5866.67 bytes / s.
Initiating Service scan at 17:58
Scanning 2 services on my.vulnerable.server (88.88.88.88)
Completed Service scan at 17:58, 12.13s elapsed (2 services on 1 host)
NSE: Script scanning 88.88.88.88.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 17:58
NSE: Starting hnap-info against my.vulnerable.server (88.88.88.88:443).
NSE: Starting hnap-info against my.vulnerable.server (88.88.88.88:80).
NSE: Starting http-trane-info against my.vulnerable.server (88.88.88.88:443).
NSE: Starting https-redirect against my.vulnerable.server (88.88.88.88:80).
NSE: Starting http-spider against my.vulnerable.server (88.88.88.88:80).
NSE: Starting http-spider against my.vulnerable.server (88.88.88.88:443).
NSE: Starting vmware-version against my.vulnerable.server (88.88.88.88:443).
NSE: Starting http-trane-info against my.vulnerable.server (88.88.88.88:80).
NSE: Starting vmware-version against my.vulnerable.server (88.88.88.88:80).
NSE: [hnap-info 88.88.88.88:443] HTTP: Host returns proper 404 result.
NSE: [http-trane-info 88.88.88.88:443] HTTP: Host returns proper 404 result.
NSE: Finished https-redirect against my.vulnerable.server (88.88.88.88:80).
NSE: [vmware-version 88.88.88.88:443] Couldn't download file: /sdk
NSE: Finished vmware-version against my.vulnerable.server (88.88.88.88:443).
NSE: [hnap-info 88.88.88.88:80] http.request socket error: The script encountered an error:
- ssl failed:
- Failed to connect:
- Could not connect:
- ERROR
NSE: [hnap-info 88.88.88.88:80] Unexpected response returned for 404 check: creating socket.
NSE: [http-spider 88.88.88.88:80] http.request socket error: The script encountered an error:
- ssl failed:
- Failed to connect:
- Could not connect:
- ERROR
NSE: [vmware-version 88.88.88.88:80] http.request socket error: The script encountered an error:
- ssl failed:
- Failed to connect:
- Could not connect:
- ERROR
NSE: [vmware-version 88.88.88.88:80] Couldn't download file: /sdk
NSE: Finished vmware-version against my.vulnerable.server (88.88.88.88:80).
NSE: Finished hnap-info against my.vulnerable.server (88.88.88.88:443).
NSE: Finished http-trane-info against my.vulnerable.server (88.88.88.88:443).
NSE: [hnap-info 88.88.88.88:80] http.request socket error: The script encountered an error:
- ssl failed:
- Failed to connect:
- Could not connect:
- ERROR
NSE: Finished hnap-info against my.vulnerable.server (88.88.88.88:80).
NSE: [http-spider 88.88.88.88:80] http.request socket error: The script encountered an error:
- ssl failed:
- Failed to connect:
- Could not connect:
- ERROR
NSE: Finished http-spider against my.vulnerable.server (88.88.88.88:80).
NSE: [http-trane-info 88.88.88.88:80] http.request socket error: The script encountered an error:
- ssl failed:
- Failed to connect:
- Could not connect:
- ERROR
NSE: [http-trane-info 88.88.88.88:80] Unexpected response returned for 404 check: creating socket.
NSE: Finished http-spider against my.vulnerable.server (88.88.88.88:80).
NSE: [http-trane-info 88.88.88.88:80] http.request socket error: The script encountered an error:
- ssl failed:
- Failed to connect:
- Could not connect:
- ERROR
NSE: Finished http-trane-info against my.vulnerable.server (88.88.88.88:80).
NSE: http-spider 88.88.88.88:443 timed out
NSE: Finished http-spider against my.vulnerable.server (88.88.88.88:443).
Completed NSE at 17:59, 1.19s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 17:59
NSE: Starting http-server-header against my.vulnerable.server (88.88.88.88:443).
NSE: Starting http-server-header against my.vulnerable.server (88.88.88.88:80).
NSE: Finished http-server-header against my.vulnerable.server (88.88.88.88:443).
NSE: Finished http-server-header against my.vulnerable.server (88.88.88.88:80).
Completed NSE at 17:59, 0.44s elapsed
Nmap scan report for my.vulnerable.server (88.88.88.88)
Host is up, received syn-ack ttl 63 (0.0019s latency).
Scanned at 2021-12-21 17:58:47 GMT Standard Time for 14s

PORT    STATE SERVICE  REASON         VERSION
80/tcp  open  http     syn-ack ttl 63 Apache httpd
|_http-server-header: Apache
443/tcp open  ssl/http syn-ack ttl 63 Apache httpd
|_http-server-header: Apache
Final times for host: srtt: 1875 rttvar: 6562  to: 100000

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 17:59
Completed NSE at 17:59, 0.06s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 17:59
Completed NSE at 17:59, 0.02s elapsed
Read from C:\Program Files (x86)\Nmap: nmap-payloads nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.69 seconds
           Raw packets sent: 6 (240B) | Rcvd: 3 (132B)