Hostname sweep throws an exeption when using 100.100.x.x target range

[magicps5]

When I exectued reconnoitre.py with other .py in this package, I got these errors.

• OS : CentOS 6.8
• Python Version : 3.5.1

• Command Line : python reconnoitre.py -t hdp01 -o /data/user/flamingo/workflow/python/v3/reconnoitre/output --services --pingsweep --dns --hostnames --snmp

  File "reconnoitre.py", line 65, in main(); File "reconnoitre.py", line 47, in main ping_sweeper(arguments.target_hosts, arguments.output_directory, arguments.quiet) File "/data/user/flamingo/workflow/python/v3/reconnoitre/ping_sweeper.py", line 19, in ping_sweeper lines = results.split("\n") TypeError: a bytes-like object is required, not 'str'

[codingo]

Could you post the command line arguments that you used? Also could you confirm the version of nmap that you have installed?

[magicps5]

Sorry, I just missed that command line, and I updated my contents. I installed nmap 2:5.51-4.el6.

[codingo]

Could you attempt an update of nmap and see if it resolves the issue? Nmap should support hostnames in the target specification (source: https://svn.nmap.org/nmap/docs/nmap.usage.txt) however I can't verify that for your particular version.

Alternatively, if you use the ip address for the host it should work fine. You could also specify a range with something like:

python reconnoitre.py -t 192.168.0.1-255 -o /data/user/flamingo/workflow/python/v3/reconnoitre/output --services --pingsweep --dns --hostnames --snmp

Or if you just want to target the machine hdp01 and know the ip address (for example) is 192.168.0.32 you would use:

python reconnoitre.py -t 192.168.0.32 -o /data/user/flamingo/workflow/python/v3/reconnoitre/output --services --hostnames --snmp

Note that I removed the ping sweep and dns flags as they would be redundant in the case of a single host.

[magicps5]

I got same errors to two-versions command parameters. And I tested nmap command like "nmap hdp01" in terminal, then I checked some results. Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-22 14:01 KST Nmap scan report for hdp01 (x.x.x.x) Host is up (0.000070s latency). rDNS record for x.x.x.x: FQDN Not shown: 993 closed ports ..... Mac Address: XXXXX Nmap doneL 1 IP address (1 host up) scanned in 0.12 seconds

[codingo]

To clarify - you tried using the ip address as the target instead of the hostname to reproduce the issue? Could you paste your terminal output here?

[magicps5]

[flamingo@flamingo reconnoitre]$ ll 합계 44 drwxrwxr-x 2 flamingo flamingo 4096 2017-05-22 14:38 pycache -rw-r--r-- 1 flamingo flamingo 9173 2017-05-22 14:38 file_helper.py -rw-r--r-- 1 flamingo flamingo 1577 2017-05-22 14:38 find_dns.py -rw-r--r-- 1 flamingo flamingo 1426 2017-05-22 14:38 hostname_scan.py drwxrwxr-x 2 flamingo flamingo 4096 2017-05-22 13:41 output -rw-r--r-- 1 flamingo flamingo 1023 2017-05-22 14:38 ping_sweeper.py -rw-r--r-- 1 flamingo flamingo 4080 2017-05-22 14:38 reconnoitre.py -rw-r--r-- 1 flamingo flamingo 3980 2017-05-22 14:38 service_scan.py -rw-r--r-- 1 flamingo flamingo 2404 2017-05-22 14:38 snmp_walk.py [flamingo@flamingo reconnoitre]$ python reconnoitre.py -t 100.100.x.x -o /data/user/flamingo/workflow/python/v3/reconnoitre/output --services --hostnames --snmp |"""-= RECONNOITRE (__) An OSCP scanner

[#] Identifying hostnames [+] Writing hostsnames to: /data/user/flamingo/workflow/python/v3/reconnoitre/output/hostnames.txt Traceback (most recent call last): File "reconnoitre.py", line 65, in main(); File "reconnoitre.py", line 50, in main hostname_scan(arguments.target_hosts, arguments.output_directory, arguments.quiet) File "/data/user/flamingo/workflow/python/v3/reconnoitre/hostname_scan.py", line 25, in hostname_scan lines = results.split("\n") TypeError: a bytes-like object is required, not 'str'

[codingo]

Ok great, makes sense now. It looks like a bug in the way the arguments parser handles input for the target (.x.x specifically). I can look at a patch or potentially a pull request on the parser library but in the meantime you'll need to specify the full ip address (or specify the range like I did above). I'm midway through my lab journey so it may be a couple of days until I can update this thread further, feel free to nudge me if this stays open too long.

[codingo]

Actually, no sorry, I'm wrong. The error is in the hostname_scan (can't believe I took this long to notice!).

Do you have nbtscan installed? The following will do everything but a hostname scan for you in the meantime:

python reconnoitre.py -t 100.100.x.x -o /data/user/flamingo/workflow/python/v3/reconnoitre/output --services --snmp

[magicps5]

Yes, when I executed second command what you said, and then I found nbtscan command not found in terminal, so I got nbtscan-1.5.1-1.2.el6.rf.x86_64 package from another epel6 link, and installed it additionally.

[codingo]

Great! I've updated the readme to mention both tools and I'll add some exception handling to the entry point for these functions in the future to check for these dependencies before executing.

[magicps5]

One more thing, snmpwalk package is required to use that command with --snmp option. yum install net-snmp* And Edit config file /etc/snmp/snmpd.conf

• all values must be commented before edit new value. rocommunity public service snmpd start

[codingo]

You're right - I'll have to wrap some exception handling into it! Wasn't really intended for wide use outside of Kali.