search

future-architect / vuls

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
https://vuls.io/
GNU General Public License v3.0
10.94k stars 1.16k forks source link

vuls discover CIDR #1540

Open fabianhjr opened 2 years ago

fabianhjr commented 2 years ago

What did you do? (required. The issue will be closed when not provided.)

Want to auto-discover (generate a lot of configs) regarding servers on 10.x.1._, 10.x.2._, 10.x.3._, ... (10.x.1.0/24, 10.x.2.0/24, ...) so attempted 10.x.0.0/21 which should cover 10.x.0.1 - 10.x.7.254 (enough for my use case)

vuls discover 10.x.0.0/21                                                   139ms  Tue 04 Oct 2022 07:29:33 PM CDT
[Oct  4 19:31:19]  INFO [localhost] vuls-v0.20.5-build-20221004_192434_eb87d5d
[Oct  4 19:33:00] ERROR [localhost] Active hosts not found in 10.x.0.0/21

However:

vuls discover 10.x.1.0/24

Does result in servers being discovered and should have been part of the auto-discovery for the bigger network/smaller mask.

What did you expect to happen?

Autodiscovery of a subset of a net being part of autodiscovery of a bigger net

What happened instead?

Please re-run the command using -debug and provide the output below.

Steps to reproduce the behaviour:

Attempt a partial CIDR such as /21 on a 10.0.0.0/8 local network

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/fabian/.cache/go-build"
GOENV="/home/fabian/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/fabian/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/fabian/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/nix/store/2gkzvf10bng6x2kj521fkg1915v2z76v-go-1.18.6/share/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/nix/store/2gkzvf10bng6x2kj521fkg1915v2z76v-go-1.18.6/share/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18.6"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/fabian/Development/Open/vuls/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"

commit eb87d5d4e11593271f552c785cd63d67956c5c2f (HEAD -> master, tag: v0.20.5, origin/master, origin/HEAD)

N/A

vuls discover

MaineK00n commented 2 years ago

@fabianhjr Thanks for the report.

For example, the server on 10.x.1.1 is active. Perform vuls discover in two ranges: 10.x.0.0/21 (10.x.0.0 - 10.x.7.255) and 10.x.1.0/24 (10.x.1.0 - 10.x.1.255). The 10.x.1.1 server is in both ranges and should be detected in both ranges, but in your environment it was only detected at 10.x.1.0/24. The problem you are experiencing in your environment is this situation?

Does this always reproduce in your environment?

fabianhjr commented 2 years ago

The problem you are experiencing in your environment is this situation?

Yes, vuls discovered servers with 10.x.1.0/24 but not with 10.x.0.0/21

There are no servers on 10.x.0.0/24 and the first one is on 10.x.1.0/24; I am unfamiliar with the codebase to be sure if some laziness code would stop discovery upon an empty /24.

fabianhjr commented 2 years ago

Was able to reproduce again today:

./vuls discover 10.x.0.0/21                                                1.2m  Mon 10 Oct 2022 08:44:37 PM CDT
[Oct 10 20:44:40]  INFO [localhost] vuls-v0.20.5-build-20221004_192434_eb87d5d
[Oct 10 20:46:20] ERROR [localhost] Active hosts not found in 10.x.0.0/21

vs

./vuls discover 10.x.1.0/24                                                   30.2s  Mon 10 Oct 2022 08:44:11 PM CDT
[Oct 10 20:44:45]  INFO [localhost] vuls-v0.20.5-build-20221004_192434_eb87d5d
# Create config.toml using below and then ./vuls -config=/path/to/config.toml
[...] // Configs / IPs redacted