search

center-for-threat-informed-defense / caldera_pathfinder

Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
https://caldera.mitre.org/
Apache License 2.0
120 stars 26 forks source link

Unable to show vulnerability #33

Closed Difficultcl closed 3 years ago

Difficultcl commented 3 years ago

Hello,I found that when scanning for vulnerabilities in the pathfinder plugin, the web page did not show the scanned vulnerabilities, but running the Nmap scan locally did.

image image

image image image

mrengstrom commented 3 years ago

So, one thing I can comment on is that what you ran from the command line is not going to match what you ran from pathfinder.

I can see from the command line you ran with --script=vuln, this is the overarching category of all nmap vulnerability scripts. In caldera you ran the specific subset script which is vulners (or nmap-vulners if you use the repository name). So the vulnerabilities you found may not be ones that are flagged by that script set. you can duplicate the caldera output by running this from the commandline: nmap 192.168.10.137/24 --script=vulners https://nmap.org/nsedoc/categories/vuln.html

Though as you can see based on your scan, it may be beneficial for us to allow category scanning and not just based on scripts found and populated in the ./scanners/nmap/scripts folder for caldera.

I just pushed up a small PR for a change that would populate out all the possible scripts available for nmap and allow them to be ran, you can pull the branch nmap_builtin_scripts and run vuln or any of the specific scripts (smb-vuln-ms17-010) that flagged a CVE for you to make sure you get the same output you saw in your commandline execution

Difficultcl commented 3 years ago

Thank you for your reply,but there are new problems when I try to pull the branch nmap_builtin_scripts and run vuln. image image ERROR (nmap.py:28 parse) exception when parsing nmap results xml: ParseError('not well-formed (invalid token): line 32, column 0')

mrengstrom commented 3 years ago

@Difficultcl If there is no sensitive data in the scan can you post the nmap xml report from the scan? It should be located in the plugins/pathfinder/data/reports directory

I was unable to reproduce the parsing failure, but it may be something specific to the format of the xml file. Also the xml file will have the nmap version (yours looks to be 7.91) and some other details as well that would be helpful for going through and trying to reproduce and resolve this.