Showing up all hosts up in privileged mode

[mxrch]

If we try to scan for example a /24, the nmap package will tell that every host is up, even if they not. If this can help, I think it's because you fallback on a "up" status if you can't find any "status" tag in the XML, because nmap doesn't put any info about the host in the XML if it is down.

[mxrch]

For example you can take a totally randomly written IP : 192.125.125.0/24

[Ullaakut]

Hi @mxrch ! Thanks for opening this issue :)

Just for clarification, the nmap package does not tell or do much, it just calls the nmap binary. Do you encounter a different behavior when running the nmap binary with the same parameters? Since the package simply parses the output of the binary to define what to return to its users, I am assuming that for some reason while it might not be visible with the standard nmap output, if you enable the -X (XML) option in Nmap to test it yourself, you'll see hosts shown as up.

Could you please provide more information, such as:

• the actual contents of what nmap returns to you
• the XML output of the nmap command when you run it yourself (not through the package) -- to rule out a parsing issue
• if possible, the XML output that the nmap package creates when running nmap (you can do so by using the WithNmapOutput scanner option)

// WithNmapOutput makes nmap output standard output to the filename specified.
func WithNmapOutput(outputFileName string) Option {
    return func(s *Scanner) {
        s.args = append(s.args, "-oN")
        s.args = append(s.args, outputFileName)
    }
}

Thank you :) Have a good day!

[mxrch]

Hello @Ullaakut, thanks for responding fast.

• Here is what nmap returns to me : https://pastebin.com/wvNHz3Fk
• The XML output of the nmap command : https://pastebin.com/eusJmfqW
• The XML of the nmap package : https://pastebin.com/F34ZBjdg

I have just noticed that this is caused by... launching nmap with sudo.

nmap 192.125.125.7 -p 80,443
Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-24 15:13 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds

sudo nmap 192.125.125.7 -p 80,443
Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-24 15:13 CET
Nmap scan report for 192.125.125.7
Host is up (0.00038s latency).

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 1.40 seconds

[mxrch]

My solution would be to first do a ping scan on the hosts with --unprivileged, then do the real scan with -Pn and without --unprivileged Anyway it's my problem now, thanks :)

[Ullaakut]

No problem, thanks for the detailed explanations, this might help other people in the future! :)