marginaldeer commented 9 years ago

The port 10000 (webmin) and port 111 is shown through the initial scan as being open within the nmap output. In the report it makes no mention of this port in the nmap report list. It does provide additional details towards the bottom, but when glancing at a report I would expect it to be in the output towards the top of the report like it is in the output while running the script. Unsure if this is by design.

| \ | | | | | \ / | |/ |/ | | | || \/ | | _

By Lee Baird

Type of scan:

External
Internal
Previous menu

Choice: 1

[*] Setting source port to 53 and the max probe round trip time to 1.5s.

Name of scan: 192.168.xx.xx

IP, Range or URL: 192.168.xx.xx

Perform full TCP port scan? (y/N) y

Perform version detection? (y/N) y

Set scan delay. (0-5, enter for normal)

Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-24 01:41 CDT Stats: 0:00:10 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 22.47% done; ETC: 01:42 (0:00:34 remaining) Stats: 0:00:20 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 61.68% done; ETC: 01:41 (0:00:12 remaining) Stats: 0:00:33 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 7.69% done; ETC: 01:43 (0:01:00 remaining) Stats: 0:00:43 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 30.77% done; ETC: 01:42 (0:00:34 remaining) Stats: 0:00:51 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 30.77% done; ETC: 01:43 (0:00:50 remaining) Stats: 0:01:01 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 30.77% done; ETC: 01:43 (0:01:12 remaining) Stats: 0:01:11 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 30.77% done; ETC: 01:44 (0:01:37 remaining) Stats: 0:01:21 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 53.85% done; ETC: 01:43 (0:00:45 remaining) Stats: 0:01:30 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 72.00% done; ETC: 01:42 (0:00:01 remaining) Stats: 0:01:40 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 76.00% done; ETC: 01:43 (0:00:04 remaining) Stats: 0:01:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 76.00% done; ETC: 01:43 (0:00:07 remaining) Nmap scan report for 192.168.xx.xx Host is up (0.080s latency). Not shown: 65521 closed ports, 16 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.0 (protocol 2.0) 111/tcp open rpcbind 2 (RPC #100000) 10000/tcp open http MiniServ 0.01 (Webmin httpd) 32769/tcp open status 1 (RPC #100024) 67/udp open|filtered dhcps 123/udp open|filtered ntp 137/udp open|filtered netbios-ns 500/udp open|filtered isakmp 523/udp open|filtered ibm-db2 1434/udp open|filtered ms-sql-m 2302/udp open|filtered binderysupport 6481/udp open|filtered unknown 17185/udp open|filtered wdbrpc MAC Address: 00:50:56:AF:66:B7 (VMware)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 116.70 seconds

Locating high value ports. TCP UDP

Running nmap scripts. SSH NFS Network Data Management

Run matching Metasploit auxiliaries? (y/N) y

Starting Postgres. [ ok ] Starting PostgreSQL 9.1 database server: main.

Starting Metasploit, this takes about 45 sec.

Using the following resource files. SSH NFS [*] Starting the Metasploit Framework console...|

             _---------.
         .' #######   ;."

.---,. ;@ @@; .---,.. ." @@@@@'.,'@@ @@@@@',.'@@@@ ". '-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @; .@@@@@@@@@@@@ @@@@@@@@@@@@@@ .' "--'.@@@ -.@ @ ,'- .'--" ".@' ; @ @ . ;' |@@@@ @@@ @ . ' @@@ @@ @@ , .@@@@ @@ . ',@@ @ ; ___ ( 3 C ) /|_ / Metasploit! \ ;@'. *****,." |--- _____/ '(.,...."/

Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with Metasploit Pro -- learn more on http://rapid7.com/metasploit

   =[ metasploit v4.11.2-2015051401 [core:4.11.2.pre.2015051401 api:1.0.0]]

-- --=[ 1463 exploits - 918 auxiliary - 243 post ]
-- --=[ 376 payloads - 37 encoders - 8 nops ]
-- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

[] Processing /opt/discover/192.168.xx.xx/master.rc for ERB directives. resource (/opt/discover/192.168.xx.xx/master.rc)> workspace -a 192.168.xx.xx [] Added workspace: 192.168.xx.xx resource (/opt/discover/192.168.xx.xx/master.rc)> setg RHOSTS file:/opt/discover/192.168.xx.xx/22.txt RHOSTS => file:/opt/discover/192.168.xx.xx/22.txt resource (/opt/discover/192.168.xx.xx/master.rc)> setg THREADS 255 THREADS => 255 resource (/opt/discover/192.168.xx.xx/master.rc)> setg RPORT 22 RPORT => 22 resource (/opt/discover/192.168.xx.xx/master.rc)> use auxiliary/scanner/ssh/sshversion resource (/opt/discover/192.168.xx.xx/master.rc)> run [] 192.168.xx.xx:22, SSH server version: SSH-2.0-OpenSSH4.0 [] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed resource (/opt/discover/192.168.xx.xx/master.rc)> setg RHOSTS file:/opt/discover/192.168.xx.xx/111.txt RHOSTS => file:/opt/discover/192.168.xx.xx/111.txt resource (/opt/discover/192.168.xx.xx/master.rc)> setg THREADS 255 THREADS => 255 resource (/opt/discover/192.168.xx.xx/master.rc)> setg RPORT 111 RPORT => 111 resource (/opt/discover/192.168.xx.xx/master.rc)> use auxiliary/scanner/misc/sunrpc_portmapper resource (/opt/discover/192.168.xx.xx/master.rc)> run

[+] SunRPC Programs for 192.168.xx.xx

Name Number Version Port Protocol

rpcbind 100000 2 111 tcp rpcbind 100000 2 111 udp status 100024 1 32769 udp status 100024 1 32769 tcp

[] Scanned 1 of 1 hosts (100% complete) [] Auxiliary module execution completed resource (/opt/discover/192.168.xx.xx/master.rc)> use auxiliary/scanner/nfs/nfsmount resource (/opt/discover/192.168.xx.xx/master.rc)> run [] Scanned 1 of 1 hosts (100% complete) [] Auxiliary module execution completed resource (/opt/discover/192.168.xx.xx/master.rc)> dbexport -f xml -a 192.168.xx.xx/metasploit.xml [] Starting export of workspace 192.168.xx.xx to 192.168.xx.xx/metasploit.xml [ xml ]... [] >> Starting export of report [] >> Starting export of hosts [] >> Starting export of events [] >> Starting export of services [] >> Starting export of web sites [] >> Starting export of web pages [] >> Starting export of web forms [] >> Starting export of web vulns [] >> Starting export of module details [] >> Finished export of report [_] Finished export of workspace 192.168.xx.xx to 192.168.xx.xx/metasploit.xml [ xml ]... resource (/opt/discover/192.168.xx.xx/master.rc)> dbimport 192.168.xx.xx/nmap.xml [] Importing 'Nmap XML' data [] Import: Parsing with 'Nokogiri v1.6.6.2' [] Importing host 192.168.xx.xx [_] Successfully imported /opt/discover/192.168.xx.xx/nmap.xml resource (/opt/discover/192.168.xx.xx/master.rc)> exit

_Scan complete._

The new report is located at /root/data/192.168.xx.xx/report.txt

root@ninja:/opt/discover# cat /root/data/192.168.xx.xx/report.txt Nmap Report Sunday - May 24, 2015

Start time 01:41:22 AM CDT Finish time 01:44:22 AM CDT Scanner IP 10.0.0.xx 192.168.xx.72

1 host discovered.

192.168.xx.xx PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.0 (protocol 2.0) 32769/tcp open status 1 (RPC #100024) MAC Address: 00:50:56:AF:66:B7 (VMware)

Nmap Scripts

192.168.xx.xx PORT STATE SERVICE 10000/tcp open snet-sensor-mgmt | ndmp-fs-info: | ndmp-version:

root@ninja:/opt/discover#

leebaird commented 9 years ago

Thanks for pointing that out, I will look into it. Also, you don't need to hide your IPs if they are private non-routable.

ninewires commented 8 years ago

The bug has been located and a little more testing is needed to make sure unnecessary ports aren't reported as a result of the changes.

ninewires commented 8 years ago

Resolved, thanks!

leebaird / discover

Report doesn't show all ports properly. #20

[+] SunRPC Programs for 192.168.xx.xx