René's URL Explorer Experiment

Title: Added the tunnel variable from the nmap results to be used in CascadingRules. by luckolen · Pull Request #369 · secureCodeBox/secureCodeBox · GitHub

Open Graph Title: Added the tunnel variable from the nmap results to be used in CascadingRules. by luckolen · Pull Request #369 · secureCodeBox/secureCodeBox

X Title: Added the tunnel variable from the nmap results to be used in CascadingRules. by luckolen · Pull Request #369 · secureCodeBox/secureCodeBox

Description: Description NMAP reports the tunnel detected in the service when showing the normal result: $ nmap -p 993 imap.gmail.com -sV -Pn [...] PORT STATE SERVICE VERSION 993/tcp open ssl/imap Google Gmail imapd (b9mb63645759edy) [...] SecureCodeBox makes use of the XML output, this is shown by the -oX parameter: $ nmap -p 993 imap.gmail.com -oX - -sV -Pn [...] [...] The NMAP XML results report the service name as imap and the tunnel as ssl. The SecureCodeBox NMAP parser does read this tunnel value secureCodeBox/scanners/nmap/parser/parser.js Line 279 in 1f26c9f const tunnel = get(portItem, ["service",0,"$","tunnel"]); However this value is later ignored in the portFindings variable secureCodeBox/scanners/nmap/parser/parser.js Lines 13 to 61 in 1f26c9f const portFindings = hosts.flatMap(({ openPorts = [], ...hostInfo }) => { if(openPorts === null){ return []; } return openPorts.map(openPort => { return { name: openPort.service, description: `Port ${openPort.port} is ${openPort.state} using ${openPort.protocol} protocol.`, category: 'Open Port', location: `${openPort.protocol}://${hostInfo.ip}:${openPort.port}`, osi_layer: 'NETWORK', severity: 'INFORMATIONAL', attributes: { port: openPort.port, state: openPort.state, ip_address: hostInfo.ip, mac_address: hostInfo.mac, protocol: openPort.protocol, hostname: hostInfo.hostname, method: openPort.method, operating_system: hostInfo.osNmap, service: openPort.service, serviceProduct: openPort.serviceProduct || null, serviceVersion: openPort.serviceVersion || null, scripts: openPort.scriptOutputs || null, }, }; }); }); const hostFindings = hosts.map(({ hostname, ip, osNmap }) => { return { name: `Host: ${hostname}`, category: 'Host', description: 'Found a host', location: hostname, severity: 'INFORMATIONAL', osi_layer: 'NETWORK', attributes: { ip_address: ip, hostname: hostname, operating_system: osNmap, }, }; }); return [...portFindings, ...hostFindings, ...scriptFindings]; } As a result this tunnel value was unable to be used for CascadingRules. This is fixed by this update and as an example the CascadingRules used for SSLYZE have been updated. Checklist Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests. Make sure npm test runs for the whole project. Make codeclimate checks happy

Open Graph Description: Description NMAP reports the tunnel detected in the service when showing the normal result: $ nmap -p 993 imap.gmail.com -sV -Pn [...] PORT STATE SERVICE VERSION 993/tcp open ssl/imap Google ...

X Description: Description NMAP reports the tunnel detected in the service when showing the normal result: $ nmap -p 993 imap.gmail.com -sV -Pn [...] PORT STATE SERVICE VERSION 993/tcp open ssl/imap Google ...

Opengraph URL: https://github.com/secureCodeBox/secureCodeBox/pull/369

X: @github

direct link

Domain: github.com

Links:

Viewport: width=device-width