underdarknl
commented
7 months ago Does the scanning machine have access to ipv6? Could you verify that the raw files generated by the nmap boefje on these ip's contain the ports?
Open stephanie0x00 opened 7 months ago
underdarknl
commented
7 months ago Does the scanning machine have access to ipv6? Could you verify that the raw files generated by the nmap boefje on these ip's contain the ports?
stephanie0x00
commented
7 months ago Yes the scanning machine has IPv6 connectivity and the scanned IP/domain by the nmap boefje also shows ports are enabled on the IPv6 address.
root@0aa906c114bf:/app/boefjes# ping6 google.com
PING google.com(ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e)) 56 data bytes
64 bytes from ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e): icmp_seq=1 ttl=116 time=253 ms
64 bytes from ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e): icmp_seq=2 ttl=116 time=9.23 ms<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.94 scan initiated Thu Mar 28 16:05:48 2024 as: /usr/bin/nmap --open -T4 -Pn -r -v10 -sV -sS --top-ports 250 -6 -oX - 2a01:7c8:REDACTED -->
<nmaprun scanner="nmap" args="/usr/bin/nmap --open -T4 -Pn -r -v10 -sV -sS --top-ports 250 -6 -oX - 2a01:7c8:REDACTED" start="1711641948" startstr="Thu Mar 28 16:05:48 2024" version="7.94" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="250" services="1,3,7,9,13,17,19-26,33,37,42,53,79-82,88,100,106,110-111,113,119,135,139,143-144,161,179,199,222,254-255,264,280,311,389,407,427,443-445,464-465,497,500,512-515,543-544,548,554,563,587,593,625,631,636,646,787,808,873,888,902,990,992-993,995,999-1000,1022-1044,1048-1050,1053-1054,1056,1058-1059,1064-1066,1068-1069,1071,1074,1080,1110-1111,1218,1234,1352,1433,1494,1521,1700,1717,1720,1723,1755,1761,1801,1900,1935,1998,2000-2010,2049,2065,2103,2105,2107,2121,2161,2301,2383,2401,2601-2602,2701,2717,2869,2967,3000-3001,3052,3128,3260,3268-3269,3306,3389,3689-3690,3703,3986,4000-4001,4045,4444,4662,4899,5000-5001,5003,5009,5050-5051,5060,5101,5120,5190,5357,5432,5550,5555,5631,5666,5800-5801,5900-5901,6000-6002,6004,6112,6543,6646,6666,7000-7001,7019,7070,7100,7937-7938,8000,8002,8008-8010,8031,8080-8082,8443,8888,9000-9001,9090,9100,9102,9999-10001,10010,15000,32768,32770-32772,42510,49152-49157,50000-50001"/>
<verbose level="10"/>
<debugging level="0"/>
<target specification="2a01:7c8:REDACTED" status="skipped" reason="invalid"/>
<runstats><finished time="1711641948" timestr="Thu Mar 28 16:05:48 2024" summary="Nmap done at Thu Mar 28 16:05:48 2024; 0 IP addresses (0 hosts up) scanned in 0.08 seconds" elapsed="0.08" exit="success"/><hosts up="0" down="0" total="0"/>
</runstats>
</nmaprun>{"id": "176d27a4-4c74-4a00-8bfb-dfa030686e74", "boefje_meta": {"id": "8dffed2e-44ad-4755-9aaf-9eceafd080a2", "started_at": "2024-03-28T16:05:48.363489Z", "ended_at": "2024-03-28T16:05:48.802942Z", "boefje": {"id": "nmap", "version": null}, "input_ooi": "IPAddressV6|internet|2a01:7c8:REDACTED", "arguments": {"input": {"object_type": "IPAddressV6", "scan_profile": "scan_profile_type='inherited' reference=Reference('IPAddressV6|internet|2a01:7c8:REDACTED') level=<ScanLevel.L2: 2>", "primary_key": "IPAddressV6|internet|2a01:7c8:REDACTED", "address": "2a01:7c8:REDACTED", "network": {"name": "internet"}, "netblock": "None"}}, "organization": "ee", "runnable_hash": "be65645cb2aabd0d6fb2bc39e218071efce81772ae35515f98c6dddd4aebe813", "environment": {}}, "mime_types": [{"value": "boefje/nmap"}], "secure_hash": "sha512:533a5d8e84357dddca8c7c273fdcf8690b1aa0c15f02e8412e20273adbad9ac84bcc00d41dc69338b93071def01006d0b81fb21a4b23ecb565f419fe2b24beca", "signing_provider_url": null, "hash_retrieval_link": "cc08b9cb-a42c-4a8b-afd2-d1a2d64172ce"}
nmap -6 evREDACTED.org
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-28 17:09 CET
Nmap scan report for evREDACTED.org (2a01:7c8:REDACTED)
Host is up (0.0085s latency).
Other addresses for evREDACTED.org (not scanned): 149.210.X.X
rDNS record for 2a01:7c8:REDACTED: mail.evREDACTED.org
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.53 secondsI think the issue might be the following line in the nmap raw file:
<target specification="2a01:7c8:REDACTED" status="skipped" reason="invalid"/>
It appears the IP is skipped from scanning completely.
noamblitz
commented
7 months ago Is docker specifically configured to allow ipv6 connections? It does not do that by default
stephanie0x00
commented
7 months ago Yes, the first code snippet above shows that I can perform ping from inside the docker container to google over IPv6.
Ping from the boefje container works
root@0aa906c114bf:/app/boefjes# ping6 google.com PING google.com(ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e)) 56 data bytes 64 bytes from ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e): icmp_seq=1 ttl=116 time=253 ms 64 bytes from ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e): icmp_seq=2 ttl=116 time=9.23 ms```
noamblitz
commented
7 months ago Sorry that I didn't read your ticket thoroughly, definitely should have! Should investigate!!
stephanie0x00
commented
2 months ago The problem appears to be in the normalizer of IPv6 data. There are no yielded objects for IPv6 addresses.
No open ports are currently shown for IPv6 addresses in both the normal as well as the aggregate report, even though these ports were manually verified to be open.