leesoh / np Goto Github PK

Should likely be Error, not Fatal

HTTPS://github.com/projectdiscovery/Naabu/pull/460 changed the structure of Naabu's output, which breaks parsing in np.

In internal/scan/np.go, I stupidly do this:

func (s *Scan) ParseNP() {
 // We're importing an old np session so just unpack into results
 err := json.Unmarshal(s.Bytes, &s.Result.Hosts)
 if err != nil {
  s.Logger.Errorf("error unmarshaling np results: %v", err)
 }
}

This is fine as long as the np JSON file is the first thing to be unpacked, but there is no guaranteeing that. Need to refactor this to add hosts rather than unmarshal onto results.

It should work like this:

$ np -service http
scanme.nmap.org:80
some.site.com:8443

https://github.com/projectdiscovery/naabu/blob/master/v2/pkg/result/results.go

Currently internal/scan/nmap.go imports internal/result. This shouldn't be the case; each type of scan should be a more or less standalone package and we should handle importing the result elsewhere, probably in internal/scan.

Some hosts annoyingly and falsely state that every port is open. Likely to gum up port scans. This can result in 65k open ports in scan output, which is gross to look at.

The following should work:

• np -exclude 10.2.4.1
• np -exclude 10.2.4.1,10.1.5.9
• np -exclude www.bishopfox.com

We should be able to do someHost.GetName() or something to get the Name if present, or the IP as a fallback.

They're a bit too... much. Tidy them up to be a bit more relevant. Also, flip -verbose to -debug.

Move to an output.go, decide on the format. We'll need:

• JSON
• -ports (all, suitable for nmap usage)
• -hosts (alive)
• -services (all)
• -service match

Update services
Update IPs

Need to decide whether we're going to do last scan wins or what

This code returns but it should continue:

https://github.com/leesoh/np/blob/main/internal/scan/dnsx/dnsx.go#L42

It should be possible to do something like this:

np -range 10.10.10.0/24

Check for ports before printing the headers so we don't get this:

PORT    SERVICE PRODUCT                          VERSION
161/udp snmp    net-snmp; net-snmp SNMPv3 server                     
                                                                                                                                             
PORT SERVICE PRODUCT VERSION                                          
                                                                                                                                             
PORT SERVICE PRODUCT VERSION                                         
                                                                      
PORT SERVICE PRODUCT VERSION 

It would be handy to be able to ingest name resolution data along with port scan data. This would allow us to scan by IP initially, and then later add hostnames.

All outputs with the exception of JSON should be sorted according to the output type (e.g. -services should be sorted by service, -hosts should be sorted by hostname or IP)

It would be neat to show the changes over time rather than the end state. For example, if you run one scan per day, np would start at the oldest and process scan 1:

$ np
2022-01-01 12:10 AM 10.1.23.5 80/tcp open
2022-01-01 12:10 AM 10.1.23.5 22/tcp open

Then a subsequent scan against the host after SNMP has been enabled:

2022-01-02 12:10 AM 10.1.23.5 161/udp open

And later HTTP is disabled:

2022-01-03 12:10 AM 10.1.23.5 80/tcp closed

This would allow us to review only the changes for each new scan processed.