This repository was archived by the owner on Feb 26, 2021. It is now read-only.
This repository was archived by the owner on Feb 26, 2021. It is now read-only.
NMAP crash if a host should be scanned wich is not resolveable any more #34
Description
Describe the bug
As a security tester i would like to use the combined AMASS-NMAP scan to automatically all found subdomains with NMAP directly. Sometimes AMASS returns subdomains which are too old and therefore no longer available. But in this cases the subsequent NMAP scan crashes because it tries to scan a host which is no longer available. But this NMAP error crashes the complete scan process even it has already found valid results.
To Reproduce
Steps to reproduce the behavior:
- Start a securityTest with the amass-nmap scan like:
[
{
"name": "amass-nmap",
"context": "my-applicationteam",
"metaData": {
},
"target": {
"name": "example.com Website Test",
"location": "example.com",
"attributes": {
"NO_DNS": true,
"NMAP_CONFIGURATION_PROFILE": "HTTP_PORTS",
"NMAP_HTTP_HEADERS": true
}
}
}
- The SCB NMAP scanner crashes if amass returns a old subdomain which is no longer resolveable:
SCANNING location: "nolonger.available.example.com", parameters: "-Pn -p 80,8080,443,8443 --script=http-headers"
WARNING: No targets were specified, so 0 hosts scanned.
Failed to perform Job "ae685f00-8b0e-11ea-a74e-0a580a81026f" Error: Failed to execute nmap portscan.
at ScannerScaffolding.worker [as _worker] (/src/src/nmap.js:138:23)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:94:5)
Job Failure submitted succesfully.
- NMAP instead informs about the real problem here:
nmap nolonger.available.example.com -Pn -p 80,8080,443,8443 --script=http-headers
Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-30 20:34 CEST
Failed to resolve "nolonger.available.example.com".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 18.30 seconds
Expected behavior
In this case NMAP must not crash completely and stop the complete amass-nmap scan. It would be great if in such a case instead of an error a new informational finding would be generated by NMAP:
Finding:
{
"id": "335edb1d-7105-40f9-843b-0f1b62e0872f",
"name": "Host not found",
"description": "Failed to resolve "nolonger.available.example.com".",
"category": "Host",
"osi_layer": "NETWORK",
"severity": "INFORMATIONAL",
"attributes": {
"ip_address": "null",
"hostname": nolonger.available.example.com,
"operating_system": null
}