Comments (18)
Okay, I started from scratch an now the advanced parameters get applied and I receive the "Review scan results" ticket. Thanks for the heads-up regarding nmap -A.
Cheers!
from securecodebox.
Okay now it's getting strange =)
Port 3000 is definitely open because of Juice Shop. When I run the host version on nmap I get this output
[gecz@dso-playground ~]$ nmap localhost -p 3000
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-14 09:53 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000074s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
3000/tcp open ppp
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
from securecodebox.
Hi,
I just tested the new images and can confirm it's working as expected.
Thanks and Cheers!
from securecodebox.
Hi π
Mhh can't reproduce the bug you are describing...
When i set up a scan using the advanced parameters the save button is disabled, but the complete button enabled and working as intended.
I attached a screenshot of the way it should look like. (I removed the command line options listing as it was getting in the way)
Are you sure that the task is assigned to your user account and the rights are ok? This is off the top of my head the first causes for such a behavior.
from securecodebox.
Also on the topic of nmap advanced parameters, especially the -A
flag.
-A
scans currently don't work properly as nmap needs to be run with administrator privileges. (This issue is tracked here: secureCodeBox/scanner-infrastructure-nmap#2)
When using NSE you will likely also encounter problems. As this integration wasn't really tested so far.
from securecodebox.
Hi,
unfortunately I just got the same behaviour again. I tried an advanced nmap scan and wanted to add
-p 3000. The Complete Button was inactive again.
Any ideas what could cause this?
Cheers!
from securecodebox.
Hi again π
whats seems odd to me on these screenshots is that the target host is empty in the field.
Did you enter the Target host in the previous step? Normally that host should show up in the disabled form input field. (See my screenshot).
from securecodebox.
Hi,
can you try opening the Browser Developer Tools? Probably there is some kind of JavaScript-Error.
from securecodebox.
I think I found it.
When I initiate the scan with localhost:3000 the Target Host in the ticket is empty.
If I don't then Target Host gets populated with "localhost"
from securecodebox.
Another strange thing... When I initiate an advanced scan and add the -p 3000 parameters later on I get an empty report
But when I initiate a default scan with localhost:3000 I get the full report
Any advice on this one?
Cheers!
from securecodebox.
localhost:3000
doesn't seem to be a valid target for nmap.
At least when i run nmap directly with this as the target, it wont accept it.
β nmap localhost:3000
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-14 09:47 CEST
Failed to resolve "localhost:3000".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds
It's interesting that the scanner works regardless of the :3000
in the target π
Looking at the report it also seems as if the scan with -p 3000
seems to be correct as there seems to be no port 3000 open at your machine,
from securecodebox.
π
I assume your are running the nmap scanner via docker, right?
If so localhost
would be localhost
of the docker container. Not of your host system.
from securecodebox.
@J12934 maybe we should add some validation to the fields ?
@gecz83 This depends a little bit on how you operate Docker:
The nmap container sits in a (virtual) docker network. So localhost will scan the nmap container itself. You either provide the juice shop hostname to the nmap container or your hostmachine ip address. (If you use something like docker for windows or docker-machine the host ip might be different).
from securecodebox.
@J12934 Whoops my bad. π
(I'm new to docker)
@Trosky Thanks for the advice, now it works!
from securecodebox.
@ruedih Hostname validation was already added in secureCodeBox/engine#17.
This is issue is probably based on a older build.
from securecodebox.
@J12934 Hhmm... strange. I deleted and pulled the images a week ago. Are there any configs / persistent storage locations I'm missing?
from securecodebox.
Mhh no that should have worked.
Will take a look at the validation maybe i missed something with the validation regex.
from securecodebox.
Okay there really was an error in the hostname validation in it validating the target name not the target location / hostname.
This gets fixed with secureCodeBox/engine#25
from securecodebox.
Related Issues (20)
- Automatically "TrΓΆt" on Mastodon for new Releases
- Admonition in Hooks How-To Broken
- Add a optional ttlSecondsAfterFinished field to scans to cleanup finished scans HOT 3
- π Recurring documentation issue
- Ncrack Parser is using a depracated encryption padding mechanism removed in the newest node security patch
- Switch (optional) encryption of identified passwords from ncrack to use AGE
- Passing parameters to ScheduledScan HOT 1
- add no ssl_use value
- Trivy Parser Creates Malformed Location URL HOT 4
- controleur crash with SchedulScan HOT 6
- The scan status displays 'Scanning,' even though the job has reached the specified backoff limit HOT 1
- Lurker terminated with 'OOMKilled' event HOT 5
- NodeSelector configuration not working as documented in SecureCodeBox v4.4.0 HOT 4
- improve security Deployment Workload HOT 4
- Trivy Scans persisted to Defect Dojo are missing multiple metadata fields HOT 8
- π Recurring documentation issue
- "Exception while attaching findings to engagement" error in Persistence-defectdojo HOT 5
- Auto-Discovery service in Cluster Internal Central Scans architecture HOT 1
- π Recurring documentation issue
- Analytics for securecodebox.io
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securecodebox.