Comments (28)
mehrdadrad
commented on May 16, 2024
2
@jungle-boogie thanks for testing :) IPv6 issue needs a minor change to fix.
- 333 conn, err = net.ListenPacket(s.network+":tcp", "[::]")
+ 333 conn, err = net.ListenPacket(s.network+":tcp", "::")
from mylg.
jungle-boogie
commented on May 16, 2024
2
final comment...
results when scanning yahoo.com match with nmap!
% sudo nmap -sS -p 1-1024 yahoo.com
Starting Nmap 7.31 ( https://nmap.org ) at 2016-12-02 10:32 PST
Nmap scan report for yahoo.com (206.190.36.45)
Host is up (0.057s latency).
Other addresses for yahoo.com (not scanned): 2001:4998:58:c02::a9 2001:4998:44:204::a7 2001:4998:c:a06::2:4008 98.138.253.109 98.139.183.24
rDNS record for 206.190.36.45: ir1.fp.vip.gq1.yahoo.com
Not shown: 1022 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 13.06 seconds
% sudo ./mylg scan yahoo.com -p 1-1024
Scan yahoo.com (2001:4998:58:c02::a9) TCP ports 1-1024
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 80 | Open |
| TCP | 443 | Open |
+----------+------+--------+
Scan done: 2 opened port(s) found in 7.856 seconds
from mylg.
jungle-boogie
commented on May 16, 2024
1
Looks like it does something funky with ipv6 hosts:
% sudo bin/gopath/bin/mylg scan scanme.nmap.com
Scan scanme.nmap.com (2600:3c01::f03c:91ff:fe18:bb2f) TCP ports 1-500
listen ip6:tcp: lookup [::]: invalid domain name
there isn't any opened port
% sudo bin/gopath/bin/mylg scan yahoo.com
Scan yahoo.com (2001:4998:58:c02::a9) TCP ports 1-500
listen ip6:tcp: lookup [::]: invalid domain name
there isn't any opened port
% sudo bin/gopath/bin/mylg scan freebsd.org -6
Scan freebsd.org (2001:1900:2254:206a::50:0) TCP ports 1-500
listen ip6:tcp: lookup [::]: invalid domain name
there isn't any opened port
good news! syn scan is much more accurate!
sudo bin/gopath/bin/mylg scan github.com -p 400-9500
Scan github.com (192.30.253.113) TCP ports 400-9500
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 443 | Open |
| TCP | 9418 | Open |
+----------+------+--------+
Scan done: 2 opened port(s) found in 64.417 seconds
from mylg.
jungle-boogie
commented on May 16, 2024
1
You did it! I tested and built locally.
% sudo ./mylg scan yahoo.com
Scan yahoo.com (2001:4998:58:c02::a9) TCP ports 1-500
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 80 | Open |
| TCP | 443 | Open |
+----------+------+--------+
Scan done: 2 opened port(s) found in 4.003 seconds
from mylg.
mehrdadrad
commented on May 16, 2024
1
myLG 7.856 seconds vs nmap 13.06 seconds 👍 💯
from mylg.
gummiboll
commented on May 16, 2024
Hm, weird. Works for me. Tried both from Linux and macos from different networks:
local> scan github.com
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 22 | Open | |
| TCP | 80 | Open | |
| TCP | 443 | Open | |
+----------+------+--------+-------------+
The git-port doesn't show but thats probably because mylg defaults to only scan up to port 500. :) How about you @mehrdadrad, does it work for you?
from mylg.
jungle-boogie
commented on May 16, 2024
Looks like I have different results this morning from the same machine:
local> scan github.com -p 1-50000
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 80 | Open | |
| TCP | 22 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 22.624 seconds
Still skipping 443 and 9418.
Running again, it's picking up 9418:
local> scan github.com -p 1-50000
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 9418 | Open | |
+----------+------+--------+-------------+
Scan done: 1 opened port(s) found in 21.766 seconds
Are results cached or something??
Running for a third time:
local> scan github.com -p 1-50000
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
+----------+------+--------+-------------+
there isn't any opened port
Try with a site you've never scanned...
local> scan scanme.nmap.org -p 1-10000
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 9929 | Open | |
| TCP | 22 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 3.720 seconds
local> scan scanme.nmap.org -p 1-10000
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 9929 | Open | |
| TCP | 22 | Open | |
| TCP | 80 | Open | |
+----------+------+--------+-------------+
Scan done: 3 opened port(s) found in 3.889 seconds
local> scan scanme.nmap.org -p 1-10000
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 9929 | Open | |
+----------+------+--------+-------------+
Scan done: 1 opened port(s) found in 3.735 seconds
from mylg.
jungle-boogie
commented on May 16, 2024
local> scan scanme.nmap.org
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
+----------+------+--------+-------------+
there isn't any opened port
local> scan scanme.nmap.org -p 1-10000
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 80 | Open | |
| TCP | 9929 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 3.827 seconds
from mylg.
gummiboll
commented on May 16, 2024
Very weird. Results aren't cached and these results are from the first run. Have you tried from multiple locations btw @jungle-boogie ?
Macos on my home network:
$ ./mylg scan scanme.nmap.org ; sleep 10 ; ./mylg scan scanme.nmap.org ; sleep 10 ; ./mylg scan scanme.nmap.org ; sleep 10 ; ./mylg scan scanme.nmap.org
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 80 | Open | |
| TCP | 22 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 2.299 seconds
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 22 | Open | |
| TCP | 80 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 2.306 seconds
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 80 | Open | |
| TCP | 22 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 2.433 seconds
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 80 | Open | |
| TCP | 22 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 2.326 seconds
Linux on DO:
# ./mylg scan scanme.nmap.org ; sleep 10 ; ./mylg scan scanme.nmap.org ; sleep 10 ; ./mylg scan scanme.nmap.org ; sleep 10 ; ./mylg scan scanme.nmap.org
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 22 | Open | |
| TCP | 80 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 0.375 seconds
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 22 | Open | |
| TCP | 80 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 0.308 seconds
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 80 | Open | |
| TCP | 22 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 0.293 seconds
+----------+------+--------+-------------+
| PROTOCOL | PORT | STATUS | DESCRIPTION |
+----------+------+--------+-------------+
| TCP | 22 | Open | |
| TCP | 80 | Open | |
+----------+------+--------+-------------+
Scan done: 2 opened port(s) found in 0.328 seconds
And on a related note, results from the scan should probably be sorted by the port number. More intuitive.
from mylg.
jungle-boogie
commented on May 16, 2024
hi @gummiboll ,
No, this is all from one location and on the same machine. Is there some kind of verbose logging I can enable to see what calls it actually makes?
from mylg.
gummiboll
commented on May 16, 2024
No, no verbose logging.
I suspect you are hitting this err for some reason. Either because of too many open files or for some other reason. That could explain why you see no/few open ports sporadically.
Could you try to temporary raise your ulimit and see if you get the same result?
Maybe that wg/for-loop needs to be a bit reworked, what do you think @mehrdadrad ?
from mylg.
jungle-boogie
commented on May 16, 2024
Hi @gummiboll,
This is what I have right now:
% limit
cputime unlimited
filesize unlimited
datasize 512MB
stacksize 64MB
coredumpsize unlimited
memoryuse unlimited
memorylocked 64kB
maxproc 5547
descriptors 28431
sockbufsize unlimited
vmemorysize unlimited
pseudoterminals unlimited
swapsize unlimited
kqueues unlimited
UMTXP unlimited
from mylg.
jungle-boogie
commented on May 16, 2024
Can some kind of verbose logging flag be added? During an nmap scan, v can be used to increase the verbosity.
from mylg.
jungle-boogie
commented on May 16, 2024
I think you may be right about file descriptors.
mylg scan scanme.nmap.org -p 1-1000 generated 25039 syscalls.
I used dtrace -n 'syscall:::entry { @num[execname] = count(); }'
scanning ports 1-500 generated 13013 syscalls.
from mylg.
jungle-boogie
commented on May 16, 2024
### Files opened by process,
# dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'
CPU ID FUNCTION:NAME
0 56068 open:entry mylg /dev/urandom
0 56068 open:entry mylg /dev/urandom
0 56068 open:entry mylg /etc/nsswitch.conf
0 56068 open:entry mylg /etc/pwd.db
0 56068 open:entry mylg /home/sean/.mylg.config
0 56068 open:entry mylg /etc/pwd.db
0 56068 open:entry mylg /home/sean/.mylg.config
0 56068 open:entry mylg /etc/nsswitch.conf
0 56068 open:entry mylg /etc/resolv.conf
0 56068 open:entry mylg /etc/hosts
0 56068 open:entry mylg /tmp/mylg.ns
Is mylg really doing something with /etc/pwd.db?
from mylg.
mehrdadrad
commented on May 16, 2024
I think that's related to NAT and how much it already has load. it works w/ my home AP, and valid ip address but it didn't work properly once I was at a public place. I tried tcpdump and noticed the NAT returns wrong packets!!! the main reason is the scan feature tries to use different src ports to connect target at same time (depends how many ports should be scanned) that's why NAT became oversubscribe. if you try few ports it should be fine like:
local>scan github.com -p 80-81
I'm working on a prototype to see if it can fix this issue. I'll keep open this issue and update you guys.
@jungle-boogie @gummiboll thank you for testing and investigation.
from mylg.
jungle-boogie
commented on May 16, 2024
hi @mehrdadrad,
Yes, if I limit it to small rages each time, it will work fine. For that reason, could you please consider implementing some kind of verbose mode?
from mylg.
mehrdadrad
commented on May 16, 2024
@jungle-boogie sure
from mylg.
mehrdadrad
commented on May 16, 2024
@jungle-boogie can you try this prototype and see how it works pls?
https://github.com/mehrdadrad/prototype/blob/master/netscan.go
the remote host should be passed as argument like below:
go run netscan.go github.com
it tries to scan github.com from port tcp 1-500
I'd like to see the result.
from mylg.
jungle-boogie
commented on May 16, 2024
hi @mehrdadrad,
Working better but
a) duplicates results only for github.com
b) -p option doesn't work.
c) root rights are needed, probably because you're now using a pcap package
You're probably aware of those things, though.
% /usr/bin/time sudo bin/prototype/netscan github.com
scanning github.com (192.30.253.112) port 1-500
TCP 22(ssh)
TCP 80(http)
TCP 22(ssh)
TCP 22(ssh)
TCP 443(https)
TCP 443(https)
TCP 22(ssh)
8.63 real 0.47 user 0.24 sys
% /usr/bin/time sudo bin/prototype/netscan 192.168.0.17
scanning 192.168.0.17 (192.168.0.17) port 1-500
TCP 22(ssh)
TCP 53(domain)
TCP 88(kerberos)
8.79 real 0.46 user 0.06 sys
from mylg.
mehrdadrad
commented on May 16, 2024
@jungle-boogie Thanks for testing!
from mylg.
jungle-boogie
commented on May 16, 2024
Did you merge this to mylg? If so, the results are not better. Your stand alone file netscan still works better.
% sudo bin/gopath/bin/mylg scan github.com
Scan github.com (192.30.253.113)
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 443 | Open |
+----------+------+--------+
Scan done: 1 opened port(s) found in 2.073 seconds
% bin sudo bin/prototype/netscan github.com
scanning github.com (192.30.253.113) port 1-500
TCP 22(ssh)
TCP 80(http)
TCP 22(ssh)
TCP 22(ssh)
TCP 443(https)
TCP 443(https)
TCP 22(ssh)
% sudo bin/gopath/bin/mylg scan scanme.nmap.com
Scan scanme.nmap.com (45.33.32.156)
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
+----------+------+--------+
there isn't any opened port
% sudo bin/prototype/netscan scanme.nmap.com
scanning scanme.nmap.com (2600:3c01::f03c:91ff:fe18:bb2f) port 1-500
TCP 22(ssh)
TCP 80(http)
mylg doesn't resolve the ipv6 address by default but somehow, netscan does.
from mylg.
mehrdadrad
commented on May 16, 2024
update your code and try it w/ -s
mylg scan scanme.nmap.com -s
from mylg.
jungle-boogie
commented on May 16, 2024
looks better!
% sudo bin/gopath/bin/mylg scan scanme.nmap.com -s
Scan scanme.nmap.com (45.33.32.156) TCP ports 1-500
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 22 | Open |
| TCP | 80 | Open |
+----------+------+--------+
Scan done: 2 opened port(s) found in 4.004 seconds
% sudo bin/gopath/bin/mylg scan github.com -s
Scan github.com (192.30.253.112) TCP ports 1-500
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 22 | Open |
| TCP | 80 | Open |
| TCP | 443 | Open |
+----------+------+--------+
Scan done: 3 opened port(s) found in 4.005 seconds
% sudo bin/gopath/bin/mylg scan github.com -s -p 443-9500
Scan github.com (192.30.253.112) TCP ports 443-9500
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 443 | Open |
+----------+------+--------+
Scan done: 1 opened port(s) found in 55.377 seconds
55.886 real, 1.081 user, 1.857 sys; page: 0 hard/6364 soft, swap: 0, I/O: 0/0
Mem: 36808KB (10046KB shared + 3728KB data/stack = 13774KB), VCSW: 302441 IVCSW: 53571
The last one is still missing the git port of 9418.
% sudo bin/gopath/bin/mylg scan github.com -s -p 9100-9500
Scan github.com (192.30.253.112) TCP ports 9100-9500
+----------+------+--------+
| PROTOCOL | PORT | STATUS |
+----------+------+--------+
| TCP | 9418 | Open |
+----------+------+--------+
Scan done: 1 opened port(s) found in 3.410 seconds
now it finds it.
from mylg.
mehrdadrad
commented on May 16, 2024
@jungle-boogie cool, thanks for testing!
from mylg.
mehrdadrad
commented on May 16, 2024
@gummiboll @jungle-boogie I think it's better to set SYN scan as default same as nmap and create a new switch -c for connect scan, what do you think?
https://nmap.org/book/man-port-scanning-techniques.html
from mylg.
jungle-boogie
commented on May 16, 2024
After reading the link, that makes sense to me.
from mylg.
gummiboll
commented on May 16, 2024
Seems reasonable! 👍
from mylg.
Related Issues (20)
- add hurricane electric for LG
- don't exit trace -r -c 5 HOT 2
- change config path: PR #66 HOT 6
- mylg user guide content HOT 1
- ping range HOT 17
- add NTT's looking glass HOT 2
- missing packages HOT 1
- dump results in panic HOT 1
- hping for https and traceroute using any TCP/UDP port HOT 2
- Unable to install CentOS 7 HOT 7
- other options on web interface HOT 2
- operation not permitted in `disc`
- May want to update installation instructions
- Panic Error HOT 12
- mylg.io HOT 1
- Index out a few seconds after launching any mylg command HOT 9
- Invalid argument for trace -r HOT 1
- homebrew/dupes/libpcap deprecated
- Build fails using provided instructions (CentOS 7/go 1.8.3) HOT 2
- bind.socket: operation not permitted
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mylg.