Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NMAP 6.00

    pfSense Packages
    5
    15
    4666
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimp
      jimp Rebel Alliance Developer Netgate last edited by

      The nmap package is up to version 6 now, which brings some improvements (incl. full IPv6 support). Full details on 6 are here.

      If anyone has any issues, let me know.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • C
        Cino last edited by

        thanks jimp!

        1 Reply Last reply Reply Quote 0
        • D
          devzero last edited by

          Issue with nmap 6 on pfsense 2.01 release….

          Manually deleting the packaging then attempting reinstall from the command line illustrates the problem:

          [2.0.1-RELEASE][xxx@xxx.xxxx.net]/root(14): pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/nmap.tbz
          Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/Latest/nmap.tbz… Done.
          pkg_add: warning: package 'nmap-6.00' requires 'lua-5.1.5_4', but 'lua-5.1.4_5' is installed
          pkg_add: warning: package 'nmap-6.00' requires 'pcre-8.30_2', but 'pcre-8.12' is installed
          pkg_add: warning: package 'nmap-6.00' requires 'pcre-8.30_2', but 'pcre-8.21_1' is installed

          Thanks,

          devzero

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Those are not fatal errors. Does it function or not once installed?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              isn't 6.01 out?
              http://www.freshports.org/security/nmap

              24 Jun 2012 15:54:18
              6.01

              I just tried installing the package on my 2.1

              2.1-BETA0 (i386)
              built on Fri Jun 22 21:43:34 EDT 2012
              FreeBSD 8.3-RELEASE-p3

              And it didn't seem to be working, I have not gitsync'd in a few days - so don't have the pbi commits I see.

              command worked – no errors or not finding command, etc.  But I tried from cmd line as well - but quick scan

              [2.1-BETA0][root@pfsense.local.lan]/root(2): nmap -T4 -F 192.168.1.100

              Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-26 00:06 CDT
              Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
              Nmap done: 1 IP address (0 hosts up) scanned in 0.52 seconds

              Says device blocking pings – but clearly it pings.
              [2.1-BETA0][root@pfsense.local.lan]/root(3): ping 192.168.1.100
              PING 192.168.1.100 (192.168.1.100): 56 data bytes
              64 bytes from 192.168.1.100: icmp_seq=0 ttl=128 time=1.058 ms
              64 bytes from 192.168.1.100: icmp_seq=1 ttl=128 time=0.567 ms

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 22.05 | Lab VMs CE 2.6, 2.7

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                Yes, 6.01 is out and I see that FreeBSD updated the port, but I haven't rebuilt the packcage/pbi yet, not sure when I will.

                If I tell it to do a ping scan it says it's up for me. Not sure why it would be failing for you. It worked on both IPv4 and IPv6.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • johnpoz
                  johnpoz LAYER 8 Global Moderator last edited by

                  wondering how it picks interface?  You would think it would hit the interface that connected to that network right??

                  But I do have 2 down vmxnet3 interfaces on my vm.  Or wonder if could just be a VM thing?  Will play with it more later.  I think there was something in 6.0 about picking the wrong interface if in monitor mode?  But I don't have any wireless interfaces?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                  1 Reply Last reply Reply Quote 0
                  • D
                    dhatz last edited by

                    Just noticed the nmap pkg commits at git and thought I'd offer a very quick note that the nmap versions I've used in the past can offer a root shell (since nmap runs as superuser).

                    id
                    uid=100(myuser) gid=101(myuser)
                    sudo nmap –interactive

                    Starting Nmap V. 4.11 ( http://www.insecure.org/nmap/ )
                    Welcome to Interactive Mode -- press h for help
                    nmap> !sh
                    id
                    uid=0(root) gid=0(root) groups=0(root)

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      Ok something to do with raw socket access… Works if use --unprivileged flag

                      [2.1-BETA0][admin@pfsense.local.lan]/root(13): nmap 192.168.1.100 –unprivileged

                      Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-26 11:32 CDT
                      Nmap scan report for i5-w7.local.lan (192.168.1.100)
                      Host is up (0.00063s latency).
                      Not shown: 987 closed ports
                      PORT     STATE SERVICE
                      80/tcp   open  http
                      135/tcp  open  msrpc
                      139/tcp  open  netbios-ssn
                      443/tcp  open  https
                      445/tcp  open  microsoft-ds
                      1025/tcp open  NFS-or-IIS
                      1026/tcp open  LSA-or-nterm
                      1027/tcp open  IIS
                      1028/tcp open  unknown
                      1031/tcp open  iad2
                      1033/tcp open  netinfo
                      1037/tcp open  ams
                      3389/tcp open  ms-wbt-server

                      Nmap done: 1 IP address (1 host up) scanned in 1.39 seconds

                      [2.1-BETA0][admin@pfsense.local.lan]/root(14): nmap 192.168.1.100

                      Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-26 11:32 CDT
                      Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
                      Nmap done: 1 IP address (0 hosts up) scanned in 0.52 seconds

                      But shouldn't root have access?
                      [2.1-BETA0][admin@pfsense.local.lan]/root(15): whoami
                      root

                      edit:  So do we have to change this setting to allow it to use raw
                      security.jail.allow_raw_sockets: 0

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                      1 Reply Last reply Reply Quote 0
                      • johnpoz
                        johnpoz LAYER 8 Global Moderator last edited by

                        Ok this makes no sense, so if I do nmap –iflist, this is listed under routes

                        ROUTES
                        DST/MASK                    DEV GATEWAY
                        10.0.200.1/32               em1
                        10.0.200.2/32               em1
                        24.13.178.xx/32             em1
                        127.0.0.1/32                em1
                        192.168.1.253/32            em1
                        216.66.77.230/32            em1 24.13.176.1
                        10.0.200.0/24               em1 10.0.200.2
                        192.168.1.0/24              em1
                        24.13.176.0/21              em1
                        0.0.0.0/0                   em1 24.13.176.1
                        fe80🅱:250:56ff:fe00:2/128 em0
                        ::1/128                     em0 ::1
                        fe80🅰:250:56ff:fe00:2/128 em0
                        2001:470:xx:xx::2/128       em0
                        fe80:6::1/128               em0
                        2001:470:xx:xx::1/128       em0
                        fe80:2::250:56ff:fe00:1/128 em0
                        fe80:1::250:56ff:fe00:2/128 em0
                        fe80:2::/32                 em0

                        What the hell??  em1 is my WAN interface!!

                        so if I run nmap -e em0 it works just fine or if I run nmap –unprivileged it works.

                        Where is it getting that info from?  It show both my wan and lan on em1

                        but clearly that is not the case

                        netstat -rn

                        Internet:
                        Destination        Gateway            Flags    Refs      Use  Netif Expire
                        default            24.13.176.1        UGS         0    26406    em1
                        10.0.200.0/24      10.0.200.2         UGS         0     2902 ovpns1
                        10.0.200.1         link#11            UHS         0        0    lo0
                        10.0.200.2         link#11            UH          0        0 ovpns1
                        24.13.176.0/21     link#2             U           0     3778    em1
                        24.13.178.xx       link#2             UHS         0        0    lo0
                        75.75.75.75        00:50:56:00:00:01  UHS         0      341    em1
                        75.75.76.76        00:50:56:00:00:01  UHS         0      341    em1
                        127.0.0.1          link#6             UH          0      119    lo0
                        192.168.1.0/24     link#1             U           0    35537    em0
                        192.168.1.253      link#1             UHS         0        0    lo0
                        216.66.77.230      24.13.176.1        UGHS        0     4711    em1

                        WTF??

                        This part of nmap –iflist looks right
                        Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-26 14:14 CDT
                        INTERFACES
                        DEV     (SHORT)   IP/MASK                    TYPE        UP   MTU   MAC
                        em0     (em0)     192.168.1.253/24           ethernet    up   1500  00:50:56:00:00:02
                        em1     (em1)     24.13.178.xx/21            ethernet    up   1500  00:50:56:00:00:01

                        Why are the routes messed up for nmap?

                        edit: yeah this is clearly wrong!
                        nmap --route-dst 192.168.1.100
                        192.168.1.100
                        em1 em1 srcaddr 192.168.1.253 direct

                        wtf??

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                        1 Reply Last reply Reply Quote 0
                        • jimp
                          jimp Rebel Alliance Developer Netgate last edited by

                          I have a vague recollection of hitting that on an older version of nmap (See here: http://forum.pfsense.org/index.php/topic,46058.msg242952.html#msg242952 ) - I'm not sure if it's an nmap issue entirely, or just on FreeBSD, or what.

                          I've always had better luck manually specifying the interface to use. If I get some time I'll add an interface drop-down (or perhaps source IP+Interface) to that, and to MTR while I'm at it since the code would be essentially identical.

                          Not sure if nmap 6.01 might help there, but the builders are tied up right now so I can't run off a new build just yet to find out. I doubt it'll help since it's been an issue on there for quite a while.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator last edited by

                            so I think it might be related to this
                            http://seclists.org/nmap-dev/2012/q2/920

                            yeah a drop down on the gui to set interface would be helpful to work around the problem for sure.

                            From command line, knowing that its a bug can just always use -e flag, so not something that can not be worked through until they get it worked out.  But very very strange! ;)

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                            1 Reply Last reply Reply Quote 0
                            • jimp
                              jimp Rebel Alliance Developer Netgate last edited by

                              @dhatz:

                              Just noticed the nmap pkg commits at git and thought I'd offer a very quick note that the nmap versions I've used in the past can offer a root shell (since nmap runs as superuser).

                              Not sure how that would matter. We pretty much consider all users as root anyhow, since the GUI has to run that way. Plus you can't exactly get an interactive shell from the GUI in PHP, and nmap isn't suid so if you had a normal user run it, they couldn't get a root shell anyhow.

                              Is there some way I'm not thinking of that is relevant there?

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • jimp
                                jimp Rebel Alliance Developer Netgate last edited by

                                Bumped nmap to 6.01 today, and added an interface selector field to the GUI.

                                Also added an 'arp' scan type. Feed it a directly connected subnet, pick the corresponding interface, and it'll find anything in your subnet that will respond to arp.

                                I also added some input validation but that won't work quite right until a new 2.1 snap rolls out.

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • johnpoz
                                  johnpoz LAYER 8 Global Moderator last edited by

                                  Bumped the package - and yup now with ability to pick interface the gui works!

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post