search

OWASP / Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
https://owasp.org/www-project-nettacker/
Apache License 2.0
3.05k stars 718 forks source link

Only execute port_scan module on a local vm(metasploitable 2) #819

Closed dathtd119 closed 4 months ago

dathtd119 commented 4 months ago

OSes and version: Kali Linux 2023.04 WSL2 & Ubuntu Core 22.04

Python Version: 3.11.8

I Tried with those module names:

I tried git clone, get the zip then unzip. reinstall WSL and VM but no work 😭

Here was the verbose logs from python nettacker.py -i 192.168.133.130 --profile vuln --verbose

[2024-03-05 03:52:57][+] Nettacker engine started ... [2024-03-05 03:52:57][+] 96 modules loaded ... [2024-03-05 03:52:57][+] regrouping targets based on hardware resources! [2024-03-05 03:52:57][+] Removing old database record for selected targets and modules. [2024-03-05 03:52:57][+] imported 1 targets in 1 process(es). [2024-03-05 03:52:57][+] process-1| process is started! [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130| started module thread number 1 from 1 [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1| sending request 1 from 1005 [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1| sending request 2 from 1005 [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1| sending request 3 from 1005 [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1| sending request 4 from 1005 [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1|request-thread 1/1005| all conditions failed [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1|request-thread 0/1005| all conditions failed [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1|request-thread 2/1005| all conditions failed [2024-03-05 03:52:57][+] {"timeout": 3.0, "host": "192.168.133.130", "ports": "3", "method": "tcp_connect_send_and_receive", "response": {"condition_type": "or", "ssl_flag": false, "conditions_results": []}} [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1|request-thread 3/1005| all conditions failed [2024-03-05 03:52:57][+] process-1|port_scan|192.168.133.130|module-thread 1/1| sending request 5 from 1005 [2024-03-05 03:52:57][+] {"timeout": 3.0, "host": "192.168.133.130", "ports": "4", "method": "tcp_connect_send_and_receive", "response": {"condition_type": "or", "ssl_flag": false, "conditions_results": []}} [2024-03-05 03:52:57][+] {"timeout": 3.0, "host": "192.168.133.130", "ports": "6", "method": "tcp_connect_send_and_receive", "response": {"condition_type": "or", "ssl_flag": false, "conditions_results": []}}

-----_stuffs from port_scan_ --------

[2024-03-05 03:53:23][+] process-1|port_scan|192.168.133.130| finished module thread number 1 from 1 [2024-03-05 03:53:23][+] Removing old database record for selected targets and modules. [2024-03-05 03:53:24][+] imported 1 targets in 1 process(es). [2024-03-05 03:53:24][+] process-1| process is started! [2024-03-05 03:53:24][+] process-1|accela_cve_2021_34370_vuln|192.168.133.130| started module thread number 1 from 61 [2024-03-05 03:53:24][+] process-1|accela_cve_2021_34370_vuln|192.168.133.130| finished module thread number 1 from 61 [2024-03-05 03:53:24][+] process-1|adobe_coldfusion_cve_2023_26360_vuln|192.168.133.130| started module thread number 2 from 61 [2024-03-05 03:53:24][+] process-1|adobe_coldfusion_cve_2023_26360_vuln|192.168.133.130| finished module thread number 2 from 61 [2024-03-05 03:53:24][+] process-1|apache_cve_2021_41773_vuln|192.168.133.130| started module thread number 3 from 61 [2024-03-05 03:53:24][+] process-1|apache_cve_2021_41773_vuln|192.168.133.130| finished module thread number 3 from 61 [2024-03-05 03:53:24][+] process-1|apache_cve_2021_42013_vuln|192.168.133.130| started module thread number 4 from 61 [2024-03-05 03:53:24][+] process-1|apache_cve_2021_42013_vuln|192.168.133.130| finished module thread number 4 from 61 [2024-03-05 03:53:24][+] process-1|apache_struts_vuln|192.168.133.130| started module thread number 5 from 61 [2024-03-05 03:53:24][+] process-1|apache_struts_vuln|192.168.133.130| finished module thread number 5 from 61

------ Stuffs from called out other modules, but it just not run ----------

[2024-03-05 03:53:26][+] process-1|zoho_cve_2021_40539_vuln|192.168.133.130| finished module thread number 61 from 61 [2024-03-05 03:53:26][+] building graph ... [2024-03-05 03:53:26][+] finish building graph! +----------------------------+-----------------+-------------+------+----------+ | date | target | module_name | port | logs | +============================+=================+=============+======+==========+ | 2024-03-05 03:52:57.521251 | 192.168.133.130 | port_scan | 22 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:52:57.547531 | 192.168.133.130 | port_scan | 80 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:52:57.601749 | 192.168.133.130 | port_scan | 25 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:52:57.549278 | 192.168.133.130 | port_scan | 111 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:52:57.518369 | 192.168.133.130 | port_scan | 21 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:52:59.614153 | 192.168.133.130 | port_scan | 23 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:53:03.517385 | 192.168.133.130 | port_scan | 53 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:53:03.537777 | 192.168.133.130 | port_scan | 139 | Detected | +----------------------------+-----------------+-------------+------+----------+ | 2024-03-05 03:53:07.610454 | 192.168.133.130 | port_scan | 3306 | Detected | +----------------------------+-----------------+-------------+------+----------+

Software Details: OWASP Nettacker version 0.3.3 [TRENT] in 2024-03-05 03:53:26 [2024-03-05 03:53:26][+] inserting report to the database [2024-03-05 03:53:26][+] report saved in [blah blah blah link]/results_2024_03_05_03_52_54_ftulqjfclp.html and database [2024-03-05 03:53:26][+] done!

dathtd119 commented 4 months ago

If it was because of the local ip, wrong way to input ip instead of url, just let me know! p/s: I also tried with http://[ip]/ but still not help anything

dathtd119 commented 4 months ago

Crazy how I just read the previous issue #817 , look at the comment from @securestep9, add the --skip-service-discovery and it just solved my problem.

By the way we should add --skip-service-discovery to the Usage Wiki, It was on there, in the -h menu, but it was not in the Wiki

securestep9 commented 4 months ago

you are right - the documentation needs updating - we are working on this