how to enable infinite scanning?

[tomtom87]

Hi, how can I run the following nmap with the node-libnmap? I have tried to set the flags but to no avail. This is how I do infinite random IP scanning with nmap (from the nmap documentation..)

nmap -vv -Pn -sS -p 8080 -iR 0 --script http-open-proxy.nse -oX scan_results_8080.xml

I would like to just be able to scan for proxies and have the results via lib-nmap as processing the xml with a separate script isn't optimal. Thanks for this excellent project also :) :+1:

[jas-]

Please look in the examples folder @ flags.js.

You can use the flags array to specify the options you wish. Keep in mind that some of those would require you to run the script with elevated privileges.

var opts = {
  /* ... options ... */
  flags: [
    '-vv',
    '-Pn',
    '-sS',
    '-iR 0',
    '--script http-open-proxy.nse'
  ],
  /* .. other options ... */
}

[tomtom87]

@jas- thanks very much!! :+1:

[tomtom87]

I've been trying a lot of permutations but I just cannot get the infinite scanning to operate like I can on the command line. Have you been able to?

[jas-]

@tomtom87 You should remove node-libnmap and use npm install libnmap. Version v0.2.20 should work as expected. There was a bug with the flags array that was addressed in v0.2.17 of libnmap.

[tomtom87]

Oh man sweet juicy tits this thing has been having me up all hours! Nice one @jas-

[jas-]

@tomtom87 Does that mean your issue is resolved?

[tomtom87]

@jas- just about to have a play now, will be right back at you hold tight

[tomtom87]

@jas- no dice mate

Error: Error: Range must be an array of host(s). Examples: 192.168.2.10 (single), 10.0.2.0/24 (CIDR), 10.0.10.5-20 (range)
    at /home/top/crawler/nmap_proxy_scan.js:15:18
    at config (/home/top/crawler/node_modules/libnmap/lib/libnmap.js:578:16)
    at /home/top/crawler/node_modules/libnmap/lib/libnmap.js:85:18
    at Object.validation.init (/home/top/crawler/node_modules/libnmap/lib/libnmap.js:482:36)
    at Object.config.init (/home/top/crawler/node_modules/libnmap/lib/libnmap.js:83:18)
    at nmap.scan (/home/top/crawler/node_modules/libnmap/lib/libnmap.js:576:12)
    at Object.<anonymous> (/home/top/crawler/nmap_proxy_scan.js:14:6)
    at Module._compile (module.js:435:26)
    at Object.Module._extensions..js (module.js:442:10)
    at Module.load (module.js:356:32)

Still expects a range then

[tomtom87]

Full code

var nmap = require('libnmap')
  , opts = {
      /* ... options ... */
      flags: [
        '-vv',
        '-Pn',
        '-sV',
        '-iR 0',
        '-p 8080',
        '-sC'
      ]
      /* .. other options ... */
    };
nmap.scan(opts, function(err, report) {
  if (err) throw new Error(err);
  console.log('scanning...');
  for (var item in report) {
    console.log(JSON.stringify(report[item]));
  }
});

[jas-]

@tomtom87 Perhaps I am unfamiliar with your use case. The module requires a range be specified. If your trying to scan the internet you can always use range: ['0.0.0.0/0'] as your range.

[tomtom87]

@jas- ah ok I did not realise, that is the use case I am looking for - to just openly scan the net for services

[tomtom87]

Argh the GC craps out @jas-

--- Last few GCs --->

   11577 ms: Scavenge 961.8 (999.3) -> 961.8 (999.3) MB, 0.3 / 0 ms (+ 31.8 ms in 1 steps since last GC) [allocation failure] [incremental marking delaying mark-sweep].
   12118 ms: Mark-sweep 961.8 (999.3) -> 578.6 (616.8) MB, 541.1 / 0 ms (+ 37.6 ms in 2 steps since start of marking, biggest step 31.8 ms) [last resort gc].
   12216 ms: Mark-sweep 578.6 (616.8) -> 578.6 (616.8) MB, 97.2 / 0 ms [last resort gc].

<--- JS stacktrace --->

==== JS stack trace =========================================

Security context: 0xdd7b5037399 <JS Object>
    2: /* anonymous */ [/home/top/crawler/node_modules/netmask/lib/netmask.js:~99] [pc=0xfd839660903] (this=0x37b75c259679 <a Netmask with map 0x3ac652f5cf71>)
    4: arguments adaptor frame: 1->2
    5: forEach [/home/top/crawler/node_modules/netmask/lib/netmask.js:103] [pc=0xfd83965cf2d] (this=0x37b75c259679 <a Netmask with map 0x3ac652f5cf71>,fn=0x37b75c259779 <JS Function (SharedFunctionInfo...

FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - process out of memory
Aborted

[jas-]

Looks like the calculations on 0.0.0.0/0 for the netmask module might want a smaller range. Very little testing has been done on ranges larger than class c & b networks.

[tomtom87]

@jas- how can i just get the standard functionality back that the command line nmap has for running infinite scans?

[jas-]

I think you answered your own question.

[tomtom87]

Well I wanted to have nmap in node so I can pipe the output to mysql easily, one week in and I guess I need to fork your repo mate... thanks so much for this project I will get it working

[jas-]

@tomtom87 Before you do that you may want to increase the available memory; read up on the memory limit for node.js

[tomtom87]

@jas- I run nmap on virtual machines with 256mb of ram mate for the past five years or so, the problem is how this is implemented in node - nmap can run fine just scanning for days and days.

[tomtom87]

I guess if node can't handle the GC I will have to go back to my perl script and bash...

[jas-]

@tomtom87 Yep. Sounds like it. I don't test this tool scanning the entire net as any testing server would end up blocked and banned.

[tomtom87]

Pretty perplexed why node cannot do it, my last script I inserted 400,000+ rows (all had 3 nmap scripts run on them to confirm they had services running) within a 12 hour window. Whilst developing and running websites on the same machine.

You wont get blocked nor barred, there is nothing illegal about scanning the internet. Any web spider does this I am only looking for public services such as web servers and proxies. many popular web services offer this to users. I do not flood, I allow at least 1 second between each request.

[tomtom87]

I just want to take advantage of nodes async threaded abilities really. Imagining nmap threaded gives me goosebumps

[jas-]

You can always take a look at some of the available options; threshold and blocksize tuning may accommodate the limits.

[tomtom87]

Think im just gonna try hack on it an see what comes up still. Thanks for all the help!

On 26/10/2558 BE 8:49 p.m., Jason Gerfen wrote:

You can always take a look at some of the available options; |threshold| and |blocksize| tuning may accommodate the limits.

— Reply to this email directly or view it on GitHub https://github.com/jas-/node-libnmap/issues/25#issuecomment-151138895.

Tom Whitbread Gript.co.uk

[jas-]

@tomtom87 Because the error showed up with the netmask module I would start there. I just took a look at their test cases and couldn't find any calculations for the whole IPv4 address space being tested.

[jas-]

Nevermind, it parses the larger range fine. My assumption is that because the nmap process is blocking (non-async) and this module currently does not output reports as scan ranges complete (it uses async.parallelLimit() and aggregates the reports) it will always run into limitations due to system resources.

[tomtom87]

@jas- very helpful thanks. I've managed to tinker a bit and can get it working with xml output that would then need to be piped. Found some CIDR libraries also that might come into use. Ideally if you want to scan a country for proxies for example... a very useful tool this could become!

[jas-]

Can you provide the options your using or are you writing something custom that wouldn't be applicable to a pull request?

[tomtom87]

@jas- Sorry this is custom now, but if I can get it working within the paradigm of the module I will definitely like to make a pull req!!

[jas-]

Ok I am closing this as you are building a one-off solution for your own needs. Thanks for reporting this.

[tomtom87]

@jas- thanks man. I will try to stay in touch as I really like this module and you are very helpful

[jas-]

@tomtom87 No worries, if you do create a pull request try to follow the contributing guide.

[smarttang]

how to return result?

[jas-]

@smarttang please open a need issue. This one is closed.