search

infobyte / faraday

Open Source Vulnerability Management Platform
https://www.faradaysec.com
GNU General Public License v3.0
4.78k stars 885 forks source link

The dashboard should not include closed ports from an nmap scan #415

Closed securitytime closed 1 year ago

securitytime commented 3 years ago

Issue Type

Bug Report

Faraday version

Faraday v3.12 (deb)

Component Name

WebGui

Steps to reproduce

I am running Faraday on an up-to-date Ubuntu server 20.04.1 installation. I am using Firefox to access the WebGui.

I did the following nmap scan on the Ubuntu server:

tux@ubuntu:~$ nmap 192.168.56.0/24 -oX nmap-scan.xml -p 22,80,443,445
Starting Nmap 7.80 ( https://nmap.org ) at 2020-10-15 11:53 UTC
Nmap scan report for 192.168.56.1
Host is up (0.0010s latency).

PORT    STATE  SERVICE
22/tcp  closed ssh
80/tcp  closed http
443/tcp closed https
445/tcp open   microsoft-ds

Nmap scan report for 192.168.56.10
Host is up (0.0012s latency).

PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
443/tcp closed https
445/tcp closed microsoft-ds

Nmap scan report for ubuntu (192.168.56.12)
Host is up (0.0013s latency).

PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https
445/tcp closed microsoft-ds

Nmap done: 256 IP addresses (3 hosts up) scanned in 2.57 seconds

Without the -p parameter, nmap would display only open (and filtered) ports. However, when specifying which ports to scan then closed ports are displayed as well.

So there are 3 hosts and 4 services.

When I import this XML file into Faraday via the Web UI, then the dashboard looks like this:

dashboard

The number of services in the "Workspace summarized report" section should be 4 instead of 12.

Furthermore, when I click on "1 HTTP" in the "Service report" section then it looks like this:

services

All three hosts are displayed even though only one host has the http port open

Expected results

The "SERVICES" counter in the "Workspace summarized report" section should not count closed ports.

Also, the filter in the "Services report" section should not display hosts with closed ports.

Reports/Extra data

This is the nmap-scan.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.80 scan initiated Thu Oct 15 12:14:41 2020 as: nmap -oX nmap-scan.xml -p 22,80,443,445 192.168.56.0/24 -->
<nmaprun scanner="nmap" args="nmap -oX nmap-scan.xml -p 22,80,443,445 192.168.56.0/24" start="1602764081" startstr="Thu Oct 15 12:14:41 2020" version="7.80" xmloutputversion="1.04">
<scaninfo type="connect" protocol="tcp" numservices="4" services="22,80,443,445"/>
<verbose level="0"/>
<debugging level="0"/>
<host starttime="1602764081" endtime="1602764088"><status state="up" reason="conn-refused" reason_ttl="0"/>
<address addr="192.168.56.1" addrtype="ipv4"/>
<hostnames>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
<port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
</ports>
<times srtt="369" rttvar="1668" to="100000"/>
</host>
<host starttime="1602764081" endtime="1602764088"><status state="up" reason="syn-ack" reason_ttl="0"/>
<address addr="192.168.56.10" addrtype="ipv4"/>
<hostnames>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
<port protocol="tcp" portid="445"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
</ports>
<times srtt="560" rttvar="1305" to="100000"/>
</host>
<host starttime="1602764083" endtime="1602764088"><status state="up" reason="conn-refused" reason_ttl="0"/>
<address addr="192.168.56.12" addrtype="ipv4"/>
<hostnames>
<hostname name="ubuntu" type="PTR"/>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="https" method="table" conf="3"/></port>
<port protocol="tcp" portid="445"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="microsoft-ds" method="table" conf="3"/></port>
</ports>
<times srtt="318" rttvar="1364" to="100000"/>
</host>
<runstats><finished time="1602764088" timestr="Thu Oct 15 12:14:48 2020" elapsed="6.58" summary="Nmap done at Thu Oct 15 12:14:48 2020; 256 IP addresses (3 hosts up) scanned in 6.58 seconds" exit="success"/><hosts up="3" down="253" total="256"/>
</runstats>
</nmaprun>

OS

tux@ubuntu:~$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.1 LTS"
fedek commented 1 year ago

This issue has been fixed in the new UI. Thanks for reporting this.