Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] showOwner.nse script causing infinite loop
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Sat, 24 May 2008 15:10:18 -0500

On Sat, May 24, 2008 at 9:12 AM, jah <> wrote:
On 24/05/2008 06:44, DePriest, Jason R. wrote:


I am running a scan on a Debian GNU/Linux box with -sSCUV and it hits
a loop and just keeps going and going.  The --script-trace doesn't
tell me which script is trying to run.

Is there an easy way to get nmap to tell me what it's doing when it
just keeps doing it over and over again.

It basically does this
NSOCK (56.4820s) nsock_loop() started (timeout=50ms). 1 events pending
NSOCK (56.4820s) wait_for_events
as long as I'll let it run.  I let it go for about 15 minutes before
killing it the first time.

If I just use -sSUV, it works fine.  It must not be one of the scripts
that runs for a version scan, I suppose.

Hi Jason,

I've managed to reproduce the issue.  I walked away from my machine for
about three minutes and came back to a 1GB output file.
According to RFC1413 ident requests should be for fully specified TCP ports
and whilst I can't say exactly what the problem is, I've found the
The portrule for showOwner:

portrule = function(host, port)
    local identd, decision

    local auth_port = { number=113, protocol="tcp" }
    identd = nmap.get_port_state(host, auth_port)

        identd ~= nil
        and identd.state == "open"
        decision = true
        decision = false

    return decision

If, underneath and identd.state == "open", we prevent open|filtered ports
being selected:
and port.state == "open"
then the infinite loop doesn't happen so it looks like the issue was due to
open|filtered ports.  Strangely enough, I found that the example of a port
rule in the reference guide [1] show this filtering for open ports, but when
the script was first committed to SVN, it wasn't present.
Looking through the results, I see only ident info for TCP ports so in
addition I've used
and port.protocol == "tcp"
which should cover all bases.

Attached is showOwner.patch, please see if it works for you.



[1] - http://nmap.org/book/nse-tutorial.html#nse-tutorial-rule

Typo in your patch.

LUA INTERPRETER in nse_main.cc:606:
/usr/local/share/nmap/scripts/showOwner.nse:22: attempt to index
global 'prot' (a nil value)

I changed it manually to and port.state == "open"
which also matches the tutorial rule.

Worked beautifully after that.



Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]