Services

[whoot]

Added support for hping output Kvasir is now able to merge nessus and nmap services Bugfix: Importing an Nmap xml with OS details works now correctly

[grutz]

Thanks for the PR! I'll take a closer look at this when I get some time as I may a little cleanup before merging.

Any specific reason for calling out hping2 and not hping3? Can we just call it "hping" instead? Please provide a sample command line that generates the desired output for processing and a sample of the output line as well so I can add some doctest code as well.

[whoot]

"Any specific reason for calling out hping2 and not hping3? Can we just call it "hping" instead?" -> Actually it is hping3, sorry for that, renaming it to hping is totally fine.

[grutz]

Can you paste an example output and command line for your hping output? I can't seem to generate an output with hping3 that matches what you're processing.

➜  test-files ✗ sudo hping -1 -c 5 8.8.8.8
HPING 8.8.8.8 (en1 8.8.8.8): icmp mode set, 28 headers + 0 data bytes
len=46 ip=8.8.8.8 ttl=41 id=0 icmp_seq=0 rtt=53.2 ms
len=46 ip=8.8.8.8 ttl=41 id=0 icmp_seq=1 rtt=54.3 ms
len=46 ip=8.8.8.8 ttl=41 id=0 icmp_seq=2 rtt=59.0 ms
len=46 ip=8.8.8.8 ttl=41 id=0 icmp_seq=3 rtt=64.4 ms
len=46 ip=8.8.8.8 ttl=41 id=0 icmp_seq=4 rtt=71.2 ms

--- 8.8.8.8 hping statistic ---
5 packets tramitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 53.2/60.4/71.2 ms

➜  test-files ✗ sudo hping -8 22,53 8.8.8.8  
Scanning 8.8.8.8 (8.8.8.8), port 22,53
2 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name |  flags  |ttl| id  | win | len |
+----+-----------+---------+---+-----+-----+-----+
All replies received. Done.
Not responding ports: 
➜  test-files ✗ sudo hping -V -8 22,53 8.8.8.8
using en1, addr: 10.19.149.20, MTU: 1500
Scanning 8.8.8.8 (8.8.8.8), port 22,53
2 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name |  flags  |ttl| id  | win | len |
+----+-----------+---------+---+-----+-----+-----+
   22 ssh        : ..R.A... 248 23988   512    46
   53 domain     : ..R.A... 248 10446   512    46
All replies received. Done.
Not responding ports: 

[whoot]

"Can you paste an example output and command line for your hping output?" -> We use a script to test on ping, timestamp and netmask. I will provide it as soon as possible. For now i can provide only a sample output:

---

IP: 173.194.44.55 [*] Echo HPING 173.194.44.55 (eth0 173.194.44.55): icmp mode set, 28 headers + 0 data bytes len=46 ip=173.194.44.55 ttl=61 id=58275 icmp_seq=0 rtt=8.1 ms len=46 ip=173.194.44.55 ttl=61 id=58276 icmp_seq=1 rtt=7.3 ms len=46 ip=173.194.44.55 ttl=61 id=58277 icmp_seq=2 rtt=6.6 ms len=46 ip=173.194.44.55 ttl=61 id=58278 icmp_seq=3 rtt=7.9 ms

--- 173.194.44.55 hping statistic --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 6.6/7.5/8.1 ms

[*] Timestamp HPING 173.194.44.55 (eth0 173.194.44.55): icmp mode set, 28 headers + 0 data bytes

--- 173.194.44.55 hping statistic --- 4 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms

[*] Netmask HPING 173.194.44.55 (eth0 173.194.44.55): icmp mode set, 28 headers + 0 data bytes

--- 173.194.44.55 hping statistic --- 4 packets transmitted, 0 packets received, 100% packet loss round-trip min/avg/max = 0.0/0.0/0.0 ms

[whoot]

Sorry for the wait! Here´s the script:

!/bin/sh

check if the first argument is a file

if [ -f $1 ] then

file found, execute the script once per line

xargs -a "$1" -n 1 "$0" exit fi COUNT=4 echo "" echo "-----------------------------------------------------------------------------" echo "IP: $1"

echo "[*] Echo" hping3 -c $COUNT -1 $1 echo ""

echo "[*] Timestamp" hping3 -c $COUNT --icmp-ts $1 echo ""

echo "[*] Netmask" hping3 -c $COUNT --icmp-addr $1

[grutz]

Merged with a3a824a2af927c2f82c1e695916bd6c72ec247d2

Thanks!