Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Naabu on macos is looping to scan some IP addresses.Only the first 7 or 8 can scans can be successful. #952

Closed
wealeson1 opened this issue Feb 1, 2024 · 3 comments · Fixed by #946
Closed

Naabu on macos is looping to scan some IP addresses.Only the first 7 or 8 can scans can be successful. #952

wealeson1 opened this issue Feb 1, 2024 · 3 comments · Fixed by #946
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
naabu v2.3.0

Comments

@wealeson1
Copy link

OS. : Macos 14.2.1
go version : go1.21.5 darwin/arm64

Naabu on macos is looping to scan some IP addresses.Only the first 7 or 8 can scans can be successful.

Code :

package main

import (
	"context"
	"fmt"
	"net"

	"github.com/gogf/gf/v2/frame/g"
	"github.com/projectdiscovery/goflags"

	"github.com/projectdiscovery/naabu/v2/pkg/result"
	"github.com/projectdiscovery/naabu/v2/pkg/runner"
)

func main() {
	for i := 0; i < 20; i++ {
		err := portScan("127.0.0.1")
		if err != nil {
			g.Log().Errorf(context.Background(), err.Error())
			continue
		}
	}
}

func portScan(ip string) (err error) {
	ipAddr := net.ParseIP(ip)
	if ipAddr == nil {
		return fmt.Errorf("invalid IP address: %s", ip)
	}
	fmt.Println(ip)
	option := runner.Options{
		Host:              goflags.StringSlice{ip},
		SkipHostDiscovery: true,
		ScanType:          "s",
		TopPorts:          "full",
		Rate:              10000,
		Retries:           3,
		OnResult: func(hr *result.HostResult) {
			fmt.Println(*hr)
		},
	}
	newRunner, err := runner.NewRunner(&option)
	if err != nil {
		panic(err)
	}
	err = newRunner.RunEnumeration()
	if err != nil {
		return err
	}
	defer newRunner.Close()
	return nil
}

Issue:

127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1:60022
127.0.0.1:53893
127.0.0.1:58971
127.0.0.1:3306
127.0.0.1:8021
127.0.0.1:63342
127.0.0.1:5000
127.0.0.1:50010
127.0.0.1:33060
127.0.0.1:30975
127.0.0.1:30974
127.0.0.1:49159
127.0.0.1:7000
127.0.0.1:56742
127.0.0.1:7890
127.0.0.1:8080
{127.0.0.1 127.0.0.1 [60022-0-false 53893-0-false 58971-0-false 3306-0-false 8021-0-false 63342-0-false 5000-0-false 50010-0-false 33060-0-false 30975-0-false 30974-0-false 49159-0-false 7000-0-false 56742-0-false 7890-0-false 8080-0-false]}
127.0.0.1
[�[34mINF�[0m] Found 16 ports on host 127.0.0.1 (127.0.0.1)
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1:8080
127.0.0.1:30975
127.0.0.1:53893
127.0.0.1:7000
127.0.0.1:49159
127.0.0.1:58971
127.0.0.1:63342
127.0.0.1:3306
127.0.0.1:33060
127.0.0.1:50010
127.0.0.1:7890
127.0.0.1:30974
127.0.0.1:60022
127.0.0.1:5000
127.0.0.1:56742
127.0.0.1:8021
{127.0.0.1 127.0.0.1 [8080-0-false 30975-0-false 53893-0-false 7000-0-false 49159-0-false 58971-0-false 63342-0-false 3306-0-false 33060-0-false 50010-0-false 7890-0-false 30974-0-false 60022-0-false 5000-0-false 56742-0-false 8021-0-false]}
127.0.0.1
[�[34mINF�[0m] Found 16 ports on host 127.0.0.1 (127.0.0.1)
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1:33060
127.0.0.1:56742
127.0.0.1:7000
127.0.0.1:53893
127.0.0.1:3306
127.0.0.1:7890
127.0.0.1:58971
127.0.0.1:30974
127.0.0.1:49159
127.0.0.1:5000
127.0.0.1:30975
127.0.0.1:63342
127.0.0.1:8080
127.0.0.1:50010
127.0.0.1:631
127.0.0.1:60022
127.0.0.1:8021
{127.0.0.1 127.0.0.1 [33060-0-false 56742-0-false 7000-0-false 53893-0-false 3306-0-false 7890-0-false 58971-0-false 30974-0-false 49159-0-false 5000-0-false 30975-0-false 63342-0-false 8080-0-false 50010-0-false 631-0-false 60022-0-false 8021-0-false]}
127.0.0.1
[�[34mINF�[0m] Found 17 ports on host 127.0.0.1 (127.0.0.1)
[�[34mINF�[0m] Running SYN scan with root privileges
[�[34mINF�[0m] Found 16 ports on host 127.0.0.1 (127.0.0.1)
127.0.0.1:8080
127.0.0.1:60022
127.0.0.1:49159
127.0.0.1:58971
127.0.0.1:3306
127.0.0.1:8021
127.0.0.1:50010
127.0.0.1:7000
127.0.0.1:7890
127.0.0.1:56742
127.0.0.1:30975
127.0.0.1:63342
127.0.0.1:33060
127.0.0.1:53893
127.0.0.1:30974
127.0.0.1:5000
{127.0.0.1 127.0.0.1 [8080-0-false 60022-0-false 49159-0-false 58971-0-false 3306-0-false 8021-0-false 50010-0-false 7000-0-false 7890-0-false 56742-0-false 30975-0-false 63342-0-false 33060-0-false 53893-0-false 30974-0-false 5000-0-false]}
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1:53893
127.0.0.1:3306
127.0.0.1:50010
127.0.0.1:7000
127.0.0.1:63342
127.0.0.1:30975
127.0.0.1:33060
127.0.0.1:7890
127.0.0.1:5000
127.0.0.1:8080
127.0.0.1:49159
127.0.0.1:58971
127.0.0.1:56742
127.0.0.1:8021
127.0.0.1:60022
127.0.0.1:30974
{127.0.0.1 127.0.0.1 [53893-0-false 3306-0-false 50010-0-false 7000-0-false 63342-0-false 30975-0-false 33060-0-false 7890-0-false 5000-0-false 8080-0-false 49159-0-false 58971-0-false 56742-0-false 8021-0-false 60022-0-false 30974-0-false]}
127.0.0.1
[�[34mINF�[0m] Found 16 ports on host 127.0.0.1 (127.0.0.1)
[�[34mINF�[0m] Running SYN scan with root privileges
[�[34mINF�[0m] Found 16 ports on host 127.0.0.1 (127.0.0.1)
127.0.0.1:30974
127.0.0.1:60022
127.0.0.1:63342
127.0.0.1:49159
127.0.0.1:3306
127.0.0.1:53893
127.0.0.1:5000
127.0.0.1:30975
127.0.0.1:50010
127.0.0.1:8080
127.0.0.1:56742
127.0.0.1:58971
127.0.0.1:7890
127.0.0.1:8021
127.0.0.1:33060
127.0.0.1:7000
{127.0.0.1 127.0.0.1 [30974-0-false 60022-0-false 63342-0-false 49159-0-false 3306-0-false 53893-0-false 5000-0-false 30975-0-false 50010-0-false 8080-0-false 56742-0-false 58971-0-false 7890-0-false 8021-0-false 33060-0-false 7000-0-false]}
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1:63342
127.0.0.1:49159
127.0.0.1:7000
127.0.0.1:8080
127.0.0.1:8021
127.0.0.1:30975
127.0.0.1:50010
127.0.0.1:30974
127.0.0.1:7890
127.0.0.1:56742
127.0.0.1:60022
127.0.0.1:3306
127.0.0.1:53893
127.0.0.1:58971
127.0.0.1:64239
127.0.0.1:33060
127.0.0.1:5000
{127.0.0.1 127.0.0.1 [63342-0-false 49159-0-false 7000-0-false 8080-0-false 8021-0-false 30975-0-false 50010-0-false 30974-0-false 7890-0-false 56742-0-false 60022-0-false 3306-0-false 53893-0-false 58971-0-false 64239-0-false 33060-0-false 5000-0-false]}
127.0.0.1
[�[34mINF�[0m] Found 17 ports on host 127.0.0.1 (127.0.0.1)
[�[34mINF�[0m] Running SYN scan with root privileges
[�[34mINF�[0m] Found 16 ports on host 127.0.0.1 (127.0.0.1)
127.0.0.1:33060
127.0.0.1:8080
127.0.0.1:50010
127.0.0.1:60022
127.0.0.1:63342
127.0.0.1:30974
127.0.0.1:3306
127.0.0.1:5000
127.0.0.1:64239
127.0.0.1:56742
127.0.0.1:7890
127.0.0.1:7000
127.0.0.1:30975
127.0.0.1:49159
127.0.0.1:58971
127.0.0.1:8021
{127.0.0.1 127.0.0.1 [33060-0-false 8080-0-false 50010-0-false 60022-0-false 63342-0-false 30974-0-false 3306-0-false 5000-0-false 64239-0-false 56742-0-false 7890-0-false 7000-0-false 30975-0-false 49159-0-false 58971-0-false 8021-0-false]}
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1:8021
127.0.0.1:7000
127.0.0.1:33060
127.0.0.1:60022
127.0.0.1:56742
127.0.0.1:3306
127.0.0.1:64239
127.0.0.1:50010
127.0.0.1:5000
127.0.0.1:63342
127.0.0.1:30974
127.0.0.1:58971
127.0.0.1:30975
127.0.0.1:49159
127.0.0.1:7890
127.0.0.1:8080
{127.0.0.1 127.0.0.1 [8021-0-false 7000-0-false 33060-0-false 60022-0-false 56742-0-false 3306-0-false 64239-0-false 50010-0-false 5000-0-false 63342-0-false 30974-0-false 58971-0-false 30975-0-false 49159-0-false 7890-0-false 8080-0-false]}
127.0.0.1
[�[34mINF�[0m] Found 16 ports on host 127.0.0.1 (127.0.0.1)
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
127.0.0.1
[�[34mINF�[0m] Running SYN scan with root privileges
@wealeson1 wealeson1 added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Feb 1, 2024
@Mzack9999
Copy link
Member

This is being worked on at #946 - Unfortunately there is some internal lock within gopacket that prevents a complete release of interface handlers. Additionally a few active handlers literally kill kernel performances in populating their ring buffers, making them unresponsive. So the internals are being reworked to create only one handler per interface and using a pool of workers with demultiplexed traffic. Until the PR is ready you can switch to connect scan where the kernel manages all connections independently via syscall:

...
ScanType:          "c",
...

@Mzack9999 Mzack9999 linked a pull request Feb 1, 2024 that will close this issue
Making pcap handlers shared globally #946
Merged
@wealeson1
Copy link
Author

Thanks for your answer. Thanks for your work.

@Mzack9999 Mzack9999 mentioned this issue Feb 1, 2024
Merged
@JoshuaMart
Copy link
Contributor

Hi,
I am taking advantage of this issue which may explain my problem.

Additionally a few active handlers literally kill kernel performances in populating their ring buffers, making them unresponsive

Is it global to the use of the library? @Mzack9999
Here's my Go code :

package main

import (
	"log"

	"github.com/projectdiscovery/goflags"
	"github.com/projectdiscovery/naabu/v2/pkg/result"
	"github.com/projectdiscovery/naabu/v2/pkg/runner"
)

func main() {
	options := runner.Options{
		Host:      goflags.StringSlice{"domain.tld"},
		ScanType: "s",
		OnResult: func(hr *result.HostResult) {
			log.Println(hr.Host, hr.Ports)
		},
		TopPorts: "100",
		Threads: 25,
	}

	naabuRunner, _ := runner.NewRunner(&options)
	defer naabuRunner.Close()

	naabuRunner.RunEnumeration()
}

Performance is terrible compared to using the CLI :/

jomar@SRV:~$ time naabu -host domain.tld -tp 100 -silent
domain.tld:80
domain.tld:22
domain.tld:443

real    0m17.698s

jomar@SRV:~$ ./main
[INF] Running CONNECT scan with non root privileges
[INF] Found 3 ports on host domain.tld (x.x.x.x)
domain.tld:80
domain.tld:22
domain.tld:443

real    1m12.432s

Regards

@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Mar 4, 2024
@ehsandeep ehsandeep added this to the naabu v2.3.0 milestone Mar 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
naabu v2.3.0
Development

Successfully merging a pull request may close this issue.

Making pcap handlers shared globally projectdiscovery/naabu
4 participants
@ehsandeep @Mzack9999 @JoshuaMart @wealeson1