Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Comparsion with nmap #3

Open
CaledoniaProject opened this issue Apr 24, 2023 · 6 comments
Open

Comparsion with nmap #3

CaledoniaProject opened this issue Apr 24, 2023 · 6 comments

Comments

@CaledoniaProject
Copy link

I'm new to this project, and it looks interesting to me. But I'm wondering

  1. Does udpx recognize more service than nmap?
  2. Is there any compelling reasons for us to use udpx instead of nmap?
@kmahyyg
Copy link

kmahyyg commented May 7, 2023
edited
Loading

Well, as far as I see, under my current limited circumstance, its result is 0 UDP port opened, but nmap find more.

@nullt3r
Copy link
Owner

nullt3r commented May 7, 2023
edited
Loading

Provide more details, so I can replicate the issue:

  • Which ports were found by nmap?
  • On what platform did you run the scan?
  • What settings did you use?
  • Did you use WIFI for scanning?
  • Also, are the ports found by nmap actually open?

@kmahyyg
Copy link

kmahyyg commented May 7, 2023
edited
Loading

@nullt3r

  • Which ports were found by nmap?

161/162 udp

  • On what platform did you run the scan?

parrot linux, or more precisely, hackthebox pwnbox

  • What settings did you use?

-t <TARGET IP, single IP> -o <RESULT>.json, nothing else

  • Did you use WIFI for scanning?

no, on the cloud

  • Also, are the ports found by nmap actually open?

yes.

And also, it's a lab machine in hackthebox. But masscan -pU -oX found nothing too, so I guess there might be something related to udp packet payload.

@nullt3r
Copy link
Owner

nullt3r commented May 7, 2023
edited
Loading

Ok. First of all, the port number 162 is not in database:

	{
		Name: "snmp",
		Payloads: []string{"302902010004067075626C6963A01C0204565ADC5D020100020100300E300C06082B060102010101000500", "302602010104067075626C6963A1190204DC63C29A020100020100300B300906052B060102010500", "303A020103300F02024A69020300FFE30401040201030410300E0400020100020100040004000400301204000400A00C020237F00201000201003000"},
		Port: []int{161},
	},

I will add it to the snmp in the next release. Second, what version of snmp protocol is the remote host running? It is possible but highly unlikely, that I am missing some probes for specific implementation. Also, try to increase the wait time: -w 1000 - second or more.

@kmahyyg
Copy link

kmahyyg commented May 7, 2023

Ok. First of all, the port number 162 is not in database:

	{
		Name: "snmp",
		Payloads: []string{"302902010004067075626C6963A01C0204565ADC5D020100020100300E300C06082B060102010101000500", "302602010104067075626C6963A1190204DC63C29A020100020100300B300906052B060102010500", "303A020103300F02024A69020300FFE30401040201030410300E0400020100020100040004000400301204000400A00C020237F00201000201003000"},
		Port: []int{161},
	},

I will add it to the snmp in the next release. Second, what version of snmp protocol is the remote host running? It is possible but highly unlikely, that I am missing some probes for specific implementation. Also, try to increase the wait time: -w 1000 - second or more.

v2c. I will try later. I think the problem might be wait time, since previous scan might triggered icmp error message limit. Thanks for your quick response.

@nullt3r
Copy link
Owner

nullt3r commented May 7, 2023

I am always open to constructive criticism. UDPX is effective for scanning larger networks, /24 or so. Remember, that it is packet-based approach, so it does not wait for ICMP message, but rather a response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@CaledoniaProject @kmahyyg @nullt3r