Knowledge Base

Ask A Question

Questions

8

memcached DrDoS cmty check

I have been working on and testing the following check (text content to be improved). The following has been working well so far in my test environment. I have seen at least response instance where I did not receive a STAT command back but it was early in my testing so it may have been a poorly formed request on my end. What I'm running into within my test environment is that the memcached service on 11211 is only showing as TCP in the UI and the system is listening on 11211/udp and tcp on the test server. The check below (unless I miss-understand the logic) should only trigger if the query is successful on UDP. The signature is firing and the proof shows 11211 TCP. If the same port 11211 is available on both TCP and UDP does the UI fail to show one or does my check potentially have an error? I'm also looking to see if the XML schema has any hints to further restrict the NetworkService to be UDP only. *I'm open to any improvements. ``` <VulnerabilityCheck id="cmty-memcached-amplification" scope="endpoint" potential="0"> <NetworkService type="memcached"/> <UDPCheck> <UDPRequestResponse> <UDPRequest><value format="base64">AAEAAAABAABzdGF0cw0KCg==</value></UDPRequest> <UDPResponse><regex ctags="REG_DOT_NEWLINE,REG_MULTILINE">STAT</regex></UDPResponse> </UDPRequestResponse> </UDPCheck> </VulnerabilityCheck> ``` [cmty-memcached-amplification.xml](https://github.com/BrianWGray/cmty-nexpose-checks/blob/master/cmty-memcached-amplification.xml) [cmty-memcached-amplification.vck](https://github.com/BrianWGray/cmty-nexpose-checks/blob/master/cmty-memcached-amplification.vck) [memcached-restrict.sol](https://github.com/BrianWGray/cmty-nexpose-checks/blob/master/memcached-restrict.sol)

Posted by BrianWGray 9 months ago

1

I have installed and attempted to run and got the logs attached as errors.

Issues with Nexpose community trial. Here's log: 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] Logging initialized. [Name = scanLogger-2] [Level = INFO, WARN, ERROR] [Timezone = America/New_York (Eastern Standard Time, GMT-5:00)] 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Scan for site xxxxxxx.com started by policysup. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Debug logging is not enabled for this scan. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] ACES logging is not enabled. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Enabling of Windows Services is off. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Invulnerable Data Storage is on. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Nmap Host Discovery Ignore TCP Reset is off. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Nmap ARP Ping for local networks is on. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] [Engine ID: 3(local)] Checking if engine is online. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] [Engine ID: 3(local)] Engine is online. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Scan for site xxxxxxx.com started by policysup. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Initializing alerters. 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] [Scan ID: 2] Starting scan against xxxxxxx.com with scan template: full-audit-without-web-spider. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Initializing alerters. 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan engine hostname: DESKTOP-CJUFJQT/192.168.1.74 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan engine serial number: 5CCE875D314BBF7CF792EB8FE72BFF5D1740BEF9 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan engine version: 6.5.7 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Last product update ID: 4239920555 (2018-02-22) 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Last content update ID: 3471063746 (2018-02-20) 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Last auto content update ID: 1580990612 (2018-02-28) 2018-03-01T02:14:46 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loading plugins. 2018-03-01T02:14:50 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing WindowsPolicyScanner policy scans. 2018-03-01T02:14:50 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing NotesPolicyScanner policy scans. 2018-03-01T02:14:50 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing web scans. 2018-03-01T02:14:51 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing OraclePolicyScanner policy scans. 2018-03-01T02:14:51 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.nse.CheckProcessor.disableVulnerabilityCheckSynchronization is not configured - returning default value true. 2018-03-01T02:14:54 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 28 Jess rules in module ACCTSCAN 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 38745 Jess rules in module VULNSCAN 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 0 Jess rules in module DOSSCAN 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 38773 Jess rules from 355849 vulnerability checks 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Creating network scanning globals. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Creating default services mapper with default-services.properties. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Creating VMware update mapper with: C:\Program Files\rapid7\nexpose\plugins\java\1\VMwarePatchScanner\1\update-id.properties 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded 160 built-in trusted certificates. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.net.protocol.fingerprinter.timeout is not configured - returning default value 3600000. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.net.protocol.fingerprinter.socketExceptionLimit is not configured - returning default value 7. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.net.protocol.fingerprinter.minimumPreference is not configured - returning default value 0.0. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Windows Command Shell 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Quake3 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DHCP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: TDS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RSH 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NNTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Shell Backdoor 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Unreal Tournament 2003 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: VMware Authentication Daemon 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: timeserver 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SymScanEngSSL_50 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NAT-PMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: H.323 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: IMAP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: LDAP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Microsoft Exchange Routing 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Back Orifice 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: XFS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SerComm Config 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Oracle TNS Listener 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Novell Netware 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: FTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: mDNS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HTTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Check Point Topology 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Mydoom 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: BGP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: UUCP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: AS/400 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NetBus v2 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Postgres 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Back Orifice 2000 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SMTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DCE RPC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Kerberos 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: ASF-RMCP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RPC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Quote of the Day 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SIPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SMTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CVS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Character Generator 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Shell Backdoor over SSL 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Telnet 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HP Data Protector 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NNTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: FTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: MySQL 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Zotob Worm FTP Daemon 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SIP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: UPnP-HTTPU 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: POP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CIFS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CIFS Name Service 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SubSeven Trojan 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Rapid7 Agent 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DNS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NetBus v1 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: pcAnywhere 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Canon Uniflow CPCA 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: XWindows 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Rsync 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NDMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Trin00 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: UPnP over HTTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: POPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HP JetDirect Data 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: daytime 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Microsoft SQL Server 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RMI 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: discard 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DCE-RPC over HTTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: IMAPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Zincite 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: LDAPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DB2 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SSH 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CCTV-DVR 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: ISAKMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: TFTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: echo 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SNMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: AFP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: WDBRPC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Lotus Notes 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: finger 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NFS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: PPTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Sasser backdoor FTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: LPD 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: VNC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Steam 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HTTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RTSP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol helper framework factory version: 1.1 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol helper framework factory version: 1.0 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Crimson v3 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: ident 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded verbose XML protocol fingerprint: ident 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: memcached 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: memcached 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: mongodb 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Oracle Services for Microsoft Transaction Server 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: ormi 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: ProRat Server 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: RDP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Smart Install 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Service Location 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan startup took 58 seconds 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Non-EPSEC scan 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.isEnabled is not configured - returning default value true. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.expressionsEvaluatorFrequency is not configured - returning default value 60000. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.tcpPort.connectTimeout is not configured - returning default value 30000. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.tcpPort.remoteClosedTimeout is not configured - returning default value 500. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.tcpPort.failureLimit is not configured - returning default value 3. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.networkNode.concurrencyLimit is not configured - returning default value 8. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.networkNode.failureLimit is not configured - returning default value 32. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] NMAP: IPV4 ARGUMENTS: C:\Program Files\rapid7\nexpose\nse\nmap\nmap.exe --privileged -n -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,5353,49152 -sS -sU -O --osscan-guess --max-os-tries 1 -p T:1-1040,1080,1125,1194,1214,1220,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812-1813,1953,1959,2000,2002,2030,2049,2100,2200,2222,2301,2381,2401,2433,2456,2500,2556,2745,3000-3001,3121,3127-3128,3230-3235,3268-3269,3306,3339,3389,3460,3527,4000,4045,4100,4242,4430,4443,4661-4662,4711,4786,4848,5000,5010,5059-5061,5101,5180,5190-5193,5250,5432,5554-5555,5560,5566,5631,5678,5800-5803,5900-6009,6101,6106,6112,6346,6588,6777,7001-7002,7070,7100,7510,7777-7778,8000-8001,8004-8005,8008,8080-8083,8098-8100,8180-8181,8383-8384,8443-8444,8470-8480,8500,8866,8888,9090,9100-9102,9343,9470-9476,9480,9495,9996,9999-10000,10025,10168,11211,12345-12346,13659,16080,18181-18185,18207-18208,18231-18232,19190-19191,20034,22226,27017,27374,27665,31337,32764,32771,33333,49152,49400,50000,51080,51443,54320,60000,60148,63148,U:7,9,11,13,17,19,37,53,67-69,88,111,123,135,137-139,161-162,177,213,259-260,445,464,500,514,520,523,623,631,749-751,1194,1434,1701,1812-1813,1900,2049,2746,3230-3235,3401,4045,4500,4665-4666,4672,5059-5061,5351,5353,5632,6429,7777,9100-9102,11211,17185,18233,23945,26000-26004,26198,27015-27030,27444,27960-27964,30720-30724,31337,32771,34555,44400,47545,49152,54321 --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 -oX - -v 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] NMAP: IPV6 ARGUMENTS: C:\Program Files\rapid7\nexpose\nse\nmap\nmap.exe --privileged -n -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,5353,49152 -sS -sU -O --osscan-guess --max-os-tries 1 -p T:1-1040,1080,1125,1194,1214,1220,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812-1813,1953,1959,2000,2002,2030,2049,2100,2200,2222,2301,2381,2401,2433,2456,2500,2556,2745,3000-3001,3121,3127-3128,3230-3235,3268-3269,3306,3339,3389,3460,3527,4000,4045,4100,4242,4430,4443,4661-4662,4711,4786,4848,5000,5010,5059-5061,5101,5180,5190-5193,5250,5432,5554-5555,5560,5566,5631,5678,5800-5803,5900-6009,6101,6106,6112,6346,6588,6777,7001-7002,7070,7100,7510,7777-7778,8000-8001,8004-8005,8008,8080-8083,8098-8100,8180-8181,8383-8384,8443-8444,8470-8480,8500,8866,8888,9090,9100-9102,9343,9470-9476,9480,9495,9996,9999-10000,10025,10168,11211,12345-12346,13659,16080,18181-18185,18207-18208,18231-18232,19190-19191,20034,22226,27017,27374,27665,31337,32764,32771,33333,49152,49400,50000,51080,51443,54320,60000,60148,63148,U:7,9,11,13,17,19,37,53,67-69,88,111,123,135,137-139,161-162,177,213,259-260,445,464,500,514,520,523,623,631,749-751,1194,1434,1701,1812-1813,1900,2049,2746,3230-3235,3401,4045,4500,4665-4666,4672,5059-5061,5351,5353,5632,6429,7777,9100-9102,11211,17185,18233,23945,26000-26004,26198,27015-27030,27444,27960-27964,30720-30724,31337,32771,34555,44400,47545,49152,54321 --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 -oX - -v -6 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Nmap phase started. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Nmap will scan 1024 IP addresses at a time. 2018-03-01T02:15:38 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Nmap scan of 1 IP address starting. 2018-03-01T02:15:39 [INFO] [Thread: Scan 2:nmap:stdin] [Site: xxxxxxx.com] Nmap task Ping Scan started. 2018-03-01T02:15:45 [WARN] [Thread: Scan 2:nmap:stdin] [Site: xxxxxxx.com] NMAP: EXCEPTION: STDIN: java.io.IOException: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[11,1] Message: XML document structures must start and end within the same entity. at com.rapid7.nexpose.scan.nmap.xml.NmapXMLOutputCallback.handle(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.scan.nmap.NmapInputStreamRunnable.run(Unknown Source) [nxshared.jar:na] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102] Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[11,1] Message: XML document structures must start and end within the same entity. at com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.next(XMLStreamReaderImpl.java:596) ~[na:1.8.0_102] at com.rapid7.xml.stax.XMLStreamReaderHelper.getNextSiblingElement(Unknown Source) ~[r7shared.jar:na] ... 3 common frames omitted 2018-03-01T02:15:45 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] NMAP: PROCESS: EXIT VALUE: 255 2018-03-01T02:15:45 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan failed: java.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) 2018-03-01T02:15:50 [INFO] [Thread: scan-executor-service-5] [Site: xxxxxxx.com] Scan failed: java.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) 2018-03-01T02:15:51 [INFO] [Thread: scan-executor-service-5] [Site: xxxxxxx.com] Scan discovered 0 live devices, 0 vulnerabilities. 2018-03-01T02:16:23 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan discovered 0 live devices, 0 vulnerabilities.

Posted by Sherman 9 months ago