Cannot save advanced scan parameters about securecodebox HOT 18 CLOSED

Okay, I started from scratch an now the advanced parameters get applied and I receive the "Review scan results" ticket. Thanks for the heads-up regarding nmap -A.
Cheers!

from securecodebox.

Okay now it's getting strange =)
Port 3000 is definitely open because of Juice Shop. When I run the host version on nmap I get this output

[gecz@dso-playground ~]$ nmap localhost -p 3000
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-14 09:53 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000074s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
3000/tcp open ppp
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

from securecodebox.

Hi,
I just tested the new images and can confirm it's working as expected.
Thanks and Cheers!

from securecodebox.

Hi 👋
Mhh can't reproduce the bug you are describing...

When i set up a scan using the advanced parameters the save button is disabled, but the complete button enabled and working as intended.

I attached a screenshot of the way it should look like. (I removed the command line options listing as it was getting in the way)

Are you sure that the task is assigned to your user account and the rights are ok? This is off the top of my head the first causes for such a behavior.

from securecodebox.

Also on the topic of nmap advanced parameters, especially the -A flag.
-A scans currently don't work properly as nmap needs to be run with administrator privileges. (This issue is tracked here: secureCodeBox/scanner-infrastructure-nmap#2)
When using NSE you will likely also encounter problems. As this integration wasn't really tested so far.

from securecodebox.

Hi,
unfortunately I just got the same behaviour again. I tried an advanced nmap scan and wanted to add
-p 3000. The Complete Button was inactive again.
Any ideas what could cause this?
Cheers!

from securecodebox.

Hi again 😉
whats seems odd to me on these screenshots is that the target host is empty in the field.
Did you enter the Target host in the previous step? Normally that host should show up in the disabled form input field. (See my screenshot).

from securecodebox.

Hi,
can you try opening the Browser Developer Tools? Probably there is some kind of JavaScript-Error.

from securecodebox.

I think I found it.
When I initiate the scan with localhost:3000 the Target Host in the ticket is empty.

If I don't then Target Host gets populated with "localhost"

from securecodebox.

Another strange thing... When I initiate an advanced scan and add the -p 3000 parameters later on I get an empty report

But when I initiate a default scan with localhost:3000 I get the full report

Any advice on this one?
Cheers!

from securecodebox.

localhost:3000 doesn't seem to be a valid target for nmap.
At least when i run nmap directly with this as the target, it wont accept it.

➜ nmap localhost:3000
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-14 09:47 CEST
Failed to resolve "localhost:3000".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.07 seconds

It's interesting that the scanner works regardless of the :3000 in the target 😅

Looking at the report it also seems as if the scan with -p 3000 seems to be correct as there seems to be no port 3000 open at your machine,

from securecodebox.

😅
I assume your are running the nmap scanner via docker, right?
If so localhost would be localhost of the docker container. Not of your host system.

from securecodebox.

@J12934 maybe we should add some validation to the fields ?

@gecz83 This depends a little bit on how you operate Docker:
The nmap container sits in a (virtual) docker network. So localhost will scan the nmap container itself. You either provide the juice shop hostname to the nmap container or your hostmachine ip address. (If you use something like docker for windows or docker-machine the host ip might be different).

from securecodebox.

@J12934 Whoops my bad. 😅 (I'm new to docker)
@Trosky Thanks for the advice, now it works!

from securecodebox.

@ruedih Hostname validation was already added in secureCodeBox/engine#17.
This is issue is probably based on a older build.

from securecodebox.

@J12934 Hhmm... strange. I deleted and pulled the images a week ago. Are there any configs / persistent storage locations I'm missing?

from securecodebox.

Mhh no that should have worked.
Will take a look at the validation maybe i missed something with the validation regex.

from securecodebox.

Okay there really was an error in the hostname validation in it validating the target name not the target location / hostname.
This gets fixed with secureCodeBox/engine#25

from securecodebox.