search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
811 stars 1.49k forks source link

nmap inventory plugin: scans 80,443 ports regardless of required ports #7893

Open Harliff opened 7 months ago

Harliff commented 7 months ago

Summary

Nmap inventory plugin send packets to 80 and 443 tcp ports instead of port(s) defined in inventory file.

Issue Type

Bug Report

Component Name

nmap inventory plugin

Ansible Version

$ ansible --version
ansible [core 2.14.3]
  config file = /home/ilya/.ansible.cfg
  configured module search path = ['/home/ilya/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ilya/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ilya/.local/bin/ansible
  python version = 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
# /home/ilya/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 8.0.2

Configuration

$ ansible-config dump --only-changed
ACTION_WARNINGS(/home/ilya/.ansible.cfg) = False
CONFIG_FILE() = /home/ilya/.ansible.cfg
DEFAULT_GATHERING(/home/ilya/.ansible.cfg) = explicit
DEFAULT_HOST_LIST(/home/ilya/.ansible.cfg) = ['/home/ilya/ansible/inventory']
DEFAULT_ROLES_PATH(/home/ilya/.ansible.cfg) = ['/home/ilya/ansible/roles']
DEFAULT_STDOUT_CALLBACK(/home/ilya/.ansible.cfg) = yaml
DEFAULT_VAULT_PASSWORD_FILE(/home/ilya/.ansible.cfg) = /home/ilya/bin/ansible-valult-gpg-wrapper.sh
DEPRECATION_WARNINGS(/home/ilya/.ansible.cfg) = False
HOST_KEY_CHECKING(/home/ilya/.ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/home/ilya/.ansible.cfg) = 60
RETRY_FILES_ENABLED(/home/ilya/.ansible.cfg) = True
RETRY_FILES_SAVE_PATH(/home/ilya/.ansible.cfg) = /home/ilya/retry
TRANSFORM_INVALID_GROUP_CHARS(/home/ilya/.ansible.cfg) = ignore

OS / Environment

Debian 12.4 $ uname -a
Linux neivro 6.1.0-15-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) x86_64 GNU/Linux

Steps to Reproduce

run nmap against target host to ensure that target port is open:

$ nmap -Pn -p 5986 192.168.88.194    
Starting Nmap 7.93 ( https://nmap.org ) at 2024-01-25 16:18 MSK
Nmap scan report for 192.168.88.194
Host is up (0.072s latency).

PORT     STATE SERVICE
5986/tcp open  wsmans

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

Create minimal nmap inventory file:

$ cat > /tmp/nmap-inventory.yml
plugin: nmap
address: 192.168.88.194
port: 5986

run tcpdump to capture all traffic to the target machine

$ sudo tcpdump -n -i any host 192.168.88.194

run ansible:

$ ansible-inventory --graph -i /tmp/nmap-inventory.yml

look at tcpdump output:

16:10:17.630136 tun0  Out IP 172.28.40.200.45278 > 192.168.88.194.80: Flags [S], seq 294176572, win 64240, options [mss 1460,sackOK,TS val 1965699654 ecr 0,nop,wscale 7], length 0
16:10:17.630236 tun0  Out IP 172.28.40.200.41598 > 192.168.88.194.443: Flags [S], seq 1779541040, win 64240, options [mss 1460,sackOK,TS val 1965699654 ecr 0,nop,wscale 7], length 0
16:10:19.631946 tun0  Out IP 172.28.40.200.41608 > 192.168.88.194.443: Flags [S], seq 2030221150, win 64240, options [mss 1460,sackOK,TS val 1965701655 ecr 0,nop,wscale 7], length 0
16:10:19.632191 tun0  Out IP 172.28.40.200.45294 > 192.168.88.194.80: Flags [S], seq 1800342439, win 64240, options [mss 1460,sackOK,TS val 1965701656 ecr 0,nop,wscale 7], length 0

As we can expect, ansible-inventory shows no hosts:

@all:
  |--@ungrouped:

Expected Results

expected tcpdump output:

tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
16:21:42.172550 tun0  Out IP 172.28.40.200.44825 > 192.168.88.194.5986: Flags [S], seq 2029988960, win 1024, options [mss 1460], length 0
16:21:42.239764 tun0  In  IP 192.168.88.194.5986 > 172.28.40.200.44825: Flags [S.], seq 242833984, ack 2029988961, win 65190, options [mss 1230], length 0
16:21:42.239815 tun0  Out IP 172.28.40.200.44825 > 192.168.88.194.5986: Flags [R], seq 2029988961, win 0, length 0

Actual Results

actual tcpdump output:

16:10:17.630136 tun0  Out IP 172.28.40.200.45278 > 192.168.88.194.80: Flags [S], seq 294176572, win 64240, options [mss 1460,sackOK,TS val 1965699654 ecr 0,nop,wscale 7], length 0
16:10:17.630236 tun0  Out IP 172.28.40.200.41598 > 192.168.88.194.443: Flags [S], seq 1779541040, win 64240, options [mss 1460,sackOK,TS val 1965699654 ecr 0,nop,wscale 7], length 0
16:10:19.631946 tun0  Out IP 172.28.40.200.41608 > 192.168.88.194.443: Flags [S], seq 2030221150, win 64240, options [mss 1460,sackOK,TS val 1965701655 ecr 0,nop,wscale 7], length 0
16:10:19.632191 tun0  Out IP 172.28.40.200.45294 > 192.168.88.194.80: Flags [S], seq 1800342439, win 64240, options [mss 1460,sackOK,TS val 1965701656 ecr 0,nop,wscale 7], length 0

Code of Conduct

ansibullbot commented 7 months ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

bcoca commented 7 months ago

I don't know about what you are seeing in your network, i cannot reproduce it, but when using your configuration, this is what i see the plugin executing:

/usr/bin/nmap  -p 5986 192.168.88.194
bcoca commented 7 months ago

might add this to plugin for easier debugging in future.

diff --git a/plugins/inventory/nmap.py b/plugins/inventory/nmap.py
index 7fa92ae97..91ceed53d 100644
--- a/plugins/inventory/nmap.py
+++ b/plugins/inventory/nmap.py
@@ -240,6 +240,7 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
             cmd.append(self.get_option('address'))
             try:
                 # execute
+                self.display.vvv('Running: %s' % ' '.join(cmd))
                 p = Popen(cmd, stdout=PIPE, stderr=PIPE)
                 stdout, stderr = p.communicate()
                 if p.returncode != 0:
felixfontein commented 7 months ago

!component =plugins/inventory/nmap.py

ansibullbot commented 7 months ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help