search

projectdiscovery / naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
https://projectdiscovery.io
MIT License
4.59k stars 538 forks source link

No valid ipv4 or ipv6 targets were found when running as root in Ubuntu on certain hosts #1060

Open fededamian opened 4 months ago

fededamian commented 4 months ago

Naabu version: 2.3.0

Current Behavior:

When running naabu as root against certain hosts, it returns the [FTL] Could not run enumeration: no valid ipv4 or ipv6 targets were found error, although this works fine when running as a regular user and the domain successfully resolves using host or dig. The example of a host in which the scan fails is www.medallia.com, I noticed that other hosts such as www.cisco.com or www.google.com do not trigger this issue.

Running as Root
root@ip:~# naabu -host www.medallia.com

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/

        projectdiscovery.io

[INF] Current naabu version 2.3.0 (latest)
[INF] Running host discovery scan
[INF] Running SYN scan with CAP_NET_RAW privileges
[FTL] Could not run enumeration: no valid ipv4 or ipv6 targets were found
Running as User
ubuntu@ip:~/go/bin$ naabu -host www.medallia.com

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/

        projectdiscovery.io

[INF] Current naabu version 2.3.0 (latest)
[INF] Running CONNECT scan with non root privileges
www.medallia.com:80
www.medallia.com:443
[INF] Found 2 ports on host www.medallia.com (18.189.251.173)

Expected Behavior:

The expected behavior is a completed portscan when using naabu as the root user.

Steps To Reproduce:

  1. Using an Ubuntu 24.04 LTS Box, elevate to root privileges using sudo -i.
  2. Runnaabu -host www.medallia.com
  3. See error [FTL] Could not run enumeration: no valid ipv4 or ipv6 targets were found
fededamian commented 4 months ago

In the same track, I also noticed an erratic behaviour when scanning as root and using the IP address instead of the domain. In some cases, I get the same error and in some others, the scanner decides to scan a different IP address, which is the DNS server configured in my box, as shown below:

root@:~# naabu -host 18.189.251.173

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/

        projectdiscovery.io

[INF] Current naabu version 2.3.0 (latest)
[INF] Running host discovery scan
[INF] Running SYN scan with CAP_NET_RAW privileges
[FTL] Could not run enumeration: no valid ipv4 or ipv6 targets were found
root@:~# naabu -host 18.189.251.173

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/

        projectdiscovery.io

[INF] Current naabu version 2.3.0 (latest)
[INF] Running host discovery scan
[INF] Running SYN scan with CAP_NET_RAW privileges
172.31.0.2:53
[INF] Found 1 ports on host 172.31.0.2 (172.31.0.2)

It seems there's something wonky going on when using the SYN scan as root.

Mzack9999 commented 4 months ago

@fededamian I tried a few times but unable to reproduce. Could you try by skipping the host discovery part (-Pn)?

fededamian commented 4 months ago

@Mzack9999, skipping the host discovery solves the problem, which is what I've done as a workaround. Let me know if there is some debugging output or additional logs or data I could share that may help. It's a pretty standard deployment (EC2, Ubuntu, naabu), I am surprised the behavior is not triggered in other devices.

methodsecuritysj commented 3 months ago

I'm hitting what seems to be a potentially related issue:

ubuntu@ip-10-0-0-1:~$ ping ip-192-168-0-6.ec2.internal
PING ip-192-168-0-6.ec2.internal (192.168.0.6) 56(84) bytes of data.
64 bytes from ip-192-168-0-6.ec2.internal (192.168.0.6): icmp_seq=1 ttl=63 time=1.27 ms
64 bytes from ip-192-168-0-6.ec2.internal (192.168.0.6): icmp_seq=2 ttl=63 time=1.43 ms
^C
--- ip-192-168-0-6.ec2.internal ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.268/1.348/1.429/0.080 ms
ubuntu@ip-10-0-0-1:~$ nslookup ip-192-168-0-6.ec2.internal
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   ip-192-168-0-6.ec2.internal
Address: 192.168.0.6
ubuntu@ip-10-0-0-1:~$ ~/go/bin/naabu -host 192.168.0.6

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/

                projectdiscovery.io

[INF] Current naabu version 2.3.1 (latest)
[INF] Running CONNECT scan with non root privileges
192.168.0.6:22
192.168.0.6:80
[INF] Found 2 ports on host 192.168.0.6 (192.168.0.6)
ubuntu@ip-10-0-0-1:~$ ~/go/bin/naabu -host ip-192-168-0-6.ec2.internal

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/

                projectdiscovery.io

[INF] Current naabu version 2.3.1 (latest)
[INF] Running CONNECT scan with non root privileges
[FTL] Could not run enumeration: no valid ipv4 or ipv6 targets were found
ubuntu@ip-10-0-0-1:~$ ~/go/bin/naabu -host ip-192-168-0-6.ec2.internal -Pn

                  __
  ___  ___  ___ _/ /  __ __
 / _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/

                projectdiscovery.io

[INF] Current naabu version 2.3.1 (latest)
[INF] Running CONNECT scan with non root privileges
[FTL] Could not run enumeration: no valid ipv4 or ipv6 targets were found
blockisec commented 3 months ago

same for me except I am not running on EC2 but on Qubes (Arch Template). Workaround for me is to add the DNS server from /etc/resolv.conf using -r flag, otherwise naabu does only scan on IPs

olofmagn commented 1 month ago

Installation: go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest OS-system: Ubuntu 22.04.4 LTS

Running naabu as root or non-root on a variety of hosts:

./naabu -host google.com ./naabu -host yahoo.com ../naabu -host github.com.

[INF] Current naabu version 2.3.1 (latest) [INF] Running host discovery scan [FTL] Could not run enumeration: no valid ipv4 or ipv6 targets were found

Naabu works fine when using the IP address of the host, but it still fails when using the FQDN of the host.

Potentially workaround that works for my setup: ./naabu -r yourlocalDNS -host hackerone.com

[INF] Current naabu version 2.3.1 (latest) [INF] Running CONNECT scan with non root privileges hackerone.com:80 hackerone.com:443 hackerone.com:8443 hackerone.com:8080 [INF] Found 4 ports on host hackerone.com (104.18.36.214)

yourlocalDNS (nameserver) can be found in /etc/resolv.conf using cat /etc/resolv.conf.