microsoft / AttackSurfaceAnalyzer

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
MIT License
2.74k stars 278 forks source link

Linux Gui Port Collector #130

Closed goldstar611 closed 5 years ago

goldstar611 commented 5 years ago

Describe the bug In both the Gui and Cli HTML output the "Open Network Ports" page is always blank

To Reproduce Steps to reproduce the behavior:

  1. Compile GUI or Cli from Source
  2. Run a collect operation
  3. install something that opens ports like Apache2
  4. Run the collect operation again
  5. View the output.html if using CLI or compare the 2 Runs from the GUI

Expected behavior Open Ports are Listed

Screenshots Gui: image

Cli: image

System Configuration (please complete the following information):

Additional Context N/A

gfs commented 5 years ago

What is the result of ss -ln on your system?

goldstar611 commented 5 years ago

ss -ln

user@ubuntu:~$ sudo ss -ln > ss.txt
user@ubuntu:~$ cat ss.txt 
Netid  State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
nl     UNCONN     0      0         0:0                      *                   
nl     UNCONN     0      0         0:69783                  *                   
nl     UNCONN     0      0         0:70672                  *                   
nl     UNCONN     0      0         0:70704                  *                   
nl     UNCONN     0      0         0:70704                  *                   
nl     UNCONN     0      0         0:70672                  *                   
nl     UNCONN     0      0         0:69783                  *                   
nl     UNCONN     768    0         4:0                      *                   
nl     UNCONN     4352   0         4:70833                  *                   
nl     UNCONN     0      0         7:0                      *                   
nl     UNCONN     0      0         9:-1201191808            *                   
nl     UNCONN     0      0         9:0                      *                   
nl     UNCONN     0      0         9:70473                  *                   
nl     UNCONN     0      0         9:1                      *                   
nl     UNCONN     0      0         9:70832                  *                   
nl     UNCONN     0      0         9:1                      *                   
nl     UNCONN     0      0        10:0                      *                   
nl     UNCONN     0      0        11:0                      *                   
nl     UNCONN     0      0        15:70672                  *                   
nl     UNCONN     0      0        15:69783                  *                   
nl     UNCONN     0      0        15:22105                  *                   
nl     UNCONN     0      0        15:14228                  *                   
nl     UNCONN     0      0        15:-1069392593            *                   
nl     UNCONN     0      0        15:14286                  *                   
nl     UNCONN     0      0        15:1                      *                   
nl     UNCONN     0      0        15:-272772784             *                   
nl     UNCONN     0      0        15:-1341203644            *                   
nl     UNCONN     0      0        15:710                    *                   
nl     UNCONN     0      0        15:-2095060956            *                   
nl     UNCONN     0      0        15:0                      *                   
nl     UNCONN     0      0        15:875                    *                   
nl     UNCONN     0      0        15:22052                  *                   
nl     UNCONN     0      0        15:14220                  *                   
nl     UNCONN     0      0        15:70672                  *                   
nl     UNCONN     0      0        15:69783                  *                   
nl     UNCONN     0      0        15:1                      *                   
nl     UNCONN     0      0        15:22105                  *                   
nl     UNCONN     0      0        15:22052                  *                   
nl     UNCONN     0      0        15:14286                  *                   
nl     UNCONN     0      0        15:14228                  *                   
nl     UNCONN     0      0        15:14220                  *                   
nl     UNCONN     0      0        15:875                    *                   
nl     UNCONN     0      0        15:-1069392593            *                   
nl     UNCONN     0      0        15:-272772784             *                   
nl     UNCONN     0      0        15:-2095060956            *                   
nl     UNCONN     0      0        15:710                    *                   
nl     UNCONN     0      0        15:-1341203644            *                   
nl     UNCONN     0      0        16:0                      *                   
nl     UNCONN     0      0        18:0                      *                   
p_raw  UNCONN     0      0         *:ens33                  *                   
u_dgr  UNCONN     0      0      /run/user/1000/systemd/notify 13107                 * 0                  
u_str  LISTEN     0      128    /run/user/1000/systemd/private 13108                 * 0                  
u_seq  LISTEN     0      128    /run/udev/control 10874                 * 0                  
u_str  LISTEN     0      128    /tmp/.X11-unix/X0 45034                 * 0                  
u_str  LISTEN     0      5      /run/user/1000/pulse/native 27409                 * 0                  
u_str  LISTEN     0      128    /tmp/.ICE-unix/22097 48158                 * 0                  
u_str  LISTEN     0      128    /tmp/ssh-UuCtZnkCzHV0/agent.22059 45476                 * 0                  
u_str  LISTEN     0      128    /var/run/dbus/system_bus_socket 12258                 * 0                  
u_str  LISTEN     0      128    /run/uuidd/request 12259                 * 0                  
u_str  LISTEN     0      32     /var/run/vmware/guestServicePipe 16443                 * 0                  
u_str  LISTEN     0      128    @/tmp/.X11-unix/X0 45033                 * 0                  
u_str  LISTEN     0      30     @/tmp/dbus-QtvvQgfDtZ 45483                 * 0                  
u_str  LISTEN     0      128    /tmp/CoreFxPipe_root.F.ihIfgPO0z6 179509                * 0                  
u_str  LISTEN     0      128    /tmp/CoreFxPipe_root.hmO7SWqwEv4UbpiDCHUUDAaJc 177673                * 0                  
u_str  LISTEN     0      128    /tmp/CoreFxPipe_MSBuild70527 177692                * 0                  
u_str  LISTEN     0      128    @/tmp/.ICE-unix/22097 48157                 * 0                  
u_dgr  UNCONN     0      0      /run/systemd/notify 10826                 * 0                  
u_str  LISTEN     0      128    /run/php/php7.0-fpm.sock 130098                * 0                  
u_str  LISTEN     0      128    /run/systemd/private 165978                * 0                  
u_str  LISTEN     0      128    /run/systemd/fsck.progress 10831                 * 0                  
u_str  LISTEN     0      128    /run/systemd/journal/stdout 10835                 * 0                  
u_dgr  UNCONN     0      0      /run/systemd/journal/socket 10836                 * 0                  
u_dgr  UNCONN     0      0      /run/systemd/journal/dev-log 10880                 * 0                  
u_dgr  UNCONN     0      0      /run/systemd/journal/syslog 10889                 * 0                  
u_dgr  UNCONN     0      0         * 166079                * 166078             
u_dgr  UNCONN     0      768       * 32066                 * 32065              
u_dgr  UNCONN     0      0         * 174042                * 174041             
u_dgr  UNCONN     0      0         * 175726                * 10836              
u_dgr  UNCONN     0      0         * 16783                 * 10880              
u_dgr  UNCONN     0      0         * 10222                 * 10826              
u_dgr  UNCONN     0      0         * 32065                 * 32066              
u_dgr  UNCONN     0      0         * 47178                 * 10880              
u_dgr  UNCONN     0      0         * 174031                * 10836              
u_dgr  UNCONN     0      0         * 174041                * 174042             
u_dgr  UNCONN     0      0         * 175746                * 10880              
u_dgr  UNCONN     0      0         * 166076                * 166077             
u_dgr  UNCONN     0      0         * 14313                 * 10836              
u_dgr  UNCONN     0      0         * 180289                * 10880              
u_dgr  UNCONN     0      0         * 166078                * 166079             
u_dgr  UNCONN     0      0         * 31505                 * 10880              
u_dgr  UNCONN     0      0         * 166072                * 10836              
u_dgr  UNCONN     0      0         * 27407                 * 10880              
u_dgr  UNCONN     0      0         * 13101                 * 10836              
u_dgr  UNCONN     0      0         * 14395                 * 10880              
u_dgr  UNCONN     0      0         * 172448                * 10836              
u_dgr  UNCONN     0      0         * 176967                * 10880              
u_dgr  UNCONN     0      0         * 166077                * 166076             
udp    UNCONN     0      0         *:68                    *:*                  
tcp    LISTEN     0      128    127.0.0.1:8000                  *:*                  
tcp    LISTEN     0      128       *:8001                  *:*                  
tcp    LISTEN     0      128      :::80                   :::*   
gfs commented 5 years ago

This is with Apache running?

goldstar611 commented 5 years ago

Yes, Apache is in the default configuration (listening on port 80)

user@ubuntu:~$ sudo netstat -nltpu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN      70672/electron  
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      70704/AttackSurface
tcp6       0      0 :::80                   :::*                    LISTEN      37506/apache2   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           71877/dhclient 
gfs commented 5 years ago

I should have fixed this in #146.

Looks like netstat might be a better source of data than ss -ln, but it isn't included by default in ubuntu.