center-for-threat-informed-defense / caldera_pathfinder

Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
https://caldera.mitre.org/
Apache License 2.0
123 stars 26 forks source link

Pathfinder scan parameters are not passed on from GUI #60

Closed L015H4CK closed 2 years ago

L015H4CK commented 2 years ago

Hello everyone, I already mentioned this bug in https://github.com/mitre/caldera/issues/2650#issuecomment-1306777872 but since I found another problem regarding this bug I wanted to open an issue for the bug itself here.

CALDERA Version: 4.1.0 Pathfinder Plugin: Newest master branch Browser: Firefox and Chrome

Bug Description

When running a Pathfinder scan, the default scan parameters in the GUI are not passed on to the scanner. This can also be seen in the output next to the input fields in the GUI. More precisely, the fields "script" and "pingless" are empty.

To reproduce

Expected behavior The pathfinder nmap scan is executed with the default parameters that are seen in the GUI ("script: nmap-vulners, pingless: false").

Screenshot

Current Workaround ~To get the pathfinder plugin in to work with the nmap-vulners script, one has to add another script to the plugin. Only by selecting another script and then re-seleting the nmap-vulners script, the field in the scan parameters that can be seen in the output box is set. Without a second scanner script I cannot get the plugin to use the nmap-vulners script at all! Same applies for the "pingless" field, but here it is easier to check and un-check the box.~ Update for easier workaround: Edit the pathfinder/scanners/nmap/scanner.py lines 30 and 33.

self.script = script or "nmap-vulners"
self.pingless = pingless or False

The parameters are still not shown in the output box, but since they are not set when creating the new scanner object, the defined default values are used instead and the scan works as intended.

Suggested fix The "pingless" part can be fixed by editing line 33 of the nmap/scanner.py as shown above. The "script" part should still be just considered a workaround because when another script is shown in the drop down menu by default, still the vulners script will be used when the parameter is not set in the scanner fields.