Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nessus Parser Misses Ports #171

Closed
mthbrown opened this issue Jan 9, 2023 · 4 comments
Closed

Nessus Parser Misses Ports #171

mthbrown opened this issue Jan 9, 2023 · 4 comments

Comments

@mthbrown
Copy link

mthbrown commented Jan 9, 2023

Describe the bug
While using the nessus parser, I noticed that it missed a www service. I had 2 www in my .nessus file. It detected one while missing the other

To Reproduce
Steps to reproduce the behavior:

  1. Perform a Basic Network Scan in Nessus
  2. Run:
gowitness nessus --file report.nessus

Expected behavior
It should have detected both of them

Version Information:

  • OS: Fedora Linux 36
  • gowitness:
$ gowitness version
gowitness: 2.4.2

git hash: c9c6b17
go version: go1.19_linux/amd64

Additional context

$ grep -i "www" report.nessus

<ReportItem port="80" svc_name="www" protocol="tcp" severity="0" pluginID="10107" pluginName="HTTP Server Type and Version" pluginFamily="Web Servers">
<ReportItem port="11127" svc_name="www" protocol="tcp" severity="0" pluginID="22964" pluginName="Service Detection" pluginFamily="Service detection">

The full report is available here
@catpipeless
Copy link

I have this issue as well. I believe it is due to the plugin name not being "Service Detection" possibly an issue with the plugin output as well. I cannot get gowitness to respect the replacement command arguments I provide though.

@leonjza
Copy link
Member

leonjza commented Jun 30, 2023

This is interesting. We're filtering based on the service name passed through as an option that defaults to www and https. I'd need to test this to debug what is happening.

@catpipeless
Copy link

I changed a bunch of the plugin names in the xml to "Service Detection" and got it to work more but not completely

@quentinpraz
Copy link
Contributor

quentinpraz commented Jul 12, 2023
edited
Loading

I'm facing the same issue. I did some troubleshooting and the parsing seems to be OK. With the --debug option, I can see that all ports are parsed (thanks to this debug line).
However, I think that there is an issue when the ip:port are added to the target list [here]. I'm not proficient in Go but I think that if an IP has multiple open ports, only the latest port will be stored in the target list (others will be overwritten because the map can only have one value pre key).
I'm not able to propose a pull request (du to my poor level in Go) but I hope this could help resolve the issue. [Edit: I tried finally]

@quentinpraz quentinpraz mentioned this issue Jul 14, 2023
Merged
@leonjza leonjza closed this as completed Sep 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@leonjza @quentinpraz @mthbrown @catpipeless