Skip to content

ftp-brute crashes #3250

Closed
Closed
ftp-brute crashes#3250
Labels
NSEbug
@seanhalbleib

Description

@seanhalbleib
seanhalbleib
opened on Dec 10, 2025

Describe the bug
nmap crashes with running ftp-brute

To Reproduce
run nmap ftp-brute script, no flags are necessary to see the crash

Expected behavior
nmap to run without crashing

Version info (please complete the following information):

  • OS: Ubuntu 24.04.3 LTS
  • Output of nmap --version:
Nmap version 7.98 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.8 openssl-1.1.1q nmap-libssh2-1.11.1 libz-1.3 nmap-libpcre2-10.45 nmap-libpcap-(with nmap-libdnet-1.18.0 ipv6
Compiled without:
Available nsock engines: epoll poll select
  • Output of nmap --iflist:
Starting Nmap 7.98 ( https://nmap.org ) at 2025-12-10 14:55 -0700
************************INTERFACES************************
DEV  (SHORT) IP/MASK                      TYPE     UP MTU   MAC
lo   (lo)    127.0.0.1/8                  loopback up 65536
lo   (lo)    ::1/128                      loopback up 65536
eth0 (eth0)  10.101.22.32/24              ethernet up 1500  BC:24:11:00:C0:80
eth0 (eth0)  fe80::be24:11ff:fe00:c080/64 ethernet up 1500  BC:24:11:00:C0:80

**************************ROUTES**************************
DST/MASK                      DEV  METRIC GATEWAY
10.101.22.0/24                eth0 0
0.0.0.0/0                     eth0 0      10.101.22.1
::1/128                       lo   0
fe80::be24:11ff:fe00:c080/128 eth0 0
fe80::/64                     eth0 256
ff00::/8                      eth0 256

Additional context
This command consistently fails nmap -p 21 --script ftp-brute REDACTED
with this output

Starting Nmap 7.98 ( https://nmap.org ) at 2025-12-10 15:30 -0700
nmap: nse_nsock.cc:381: void callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == LUA_YIELD' failed.
Aborted (core dumped)

With the -oX - flag added it produces this output

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.98 scan initiated Wed Dec 10 15:52:46 2025 as: nmap -oX - -p 21 -&#45;script ftp-brute REDACTED -->
<nmaprun scanner="nmap" args="nmap -oX - -p 21 -&#45;script ftp-brute REDACTED" start="1765407166" startstr="Wed Dec 10 15:52:46 2025" version="7.98" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="21"/>
<verbose level="0"/>
<debugging level="0"/>
<hosthint><status state="up" reason="unknown-response" reason_ttl="0"/>
<address addr="88.208.252.158" addrtype="ipv4"/>
<hostnames>
<hostname name="REDACTED" type="user"/>
</hostnames>
</hosthint>
nmap: nse_nsock.cc:381: void callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == LUA_YIELD' failed.
Aborted (core dumped)

and with the -d flag added as well it produces this output

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.98 scan initiated Wed Dec 10 15:54:33 2025 as: nmap -oX - -d -p 21 -&#45;script ftp-brute REDACTED -->
<nmaprun scanner="nmap" args="nmap -oX - -d -p 21 -&#45;script ftp-brute REDACTED" start="1765407273" startstr="Wed Dec 10 15:54:33 2025" version="7.98" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="21"/>
<verbose level="1"/>
<debugging level="1"/>
<taskbegin task="NSE" time="1765407273"/>
<taskend task="NSE" time="1765407273"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1765407273"/>
<taskend task="Parallel DNS resolution of 1 host." time="1765407274"/>
<taskbegin task="Ping Scan" time="1765407274"/>
<hosthint><status state="up" reason="unknown-response" reason_ttl="0"/>
<address addr="88.208.252.158" addrtype="ipv4"/>
<hostnames>
<hostname name="REDACTED" type="user"/>
</hostnames>
</hosthint>
<taskend task="Ping Scan" time="1765407274" extrainfo="1 total hosts"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1765407274"/>
<taskend task="Parallel DNS resolution of 1 host." time="1765407274"/>
<taskbegin task="Connect Scan" time="1765407274"/>
<taskend task="Connect Scan" time="1765407274" extrainfo="1 total ports"/>
<taskbegin task="NSE" time="1765407274"/>
nmap: nse_nsock.cc:381: void callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == LUA_YIELD' failed.
Aborted (core dumped)

and with the -sV flag added as well it produces this output

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.98 scan initiated Wed Dec 10 16:00:34 2025 as: nmap -oX - -d -sV -p 21 -&#45;script ftp-brute REDACTED -->
<nmaprun scanner="nmap" args="nmap -oX - -d -sV -p 21 -&#45;script ftp-brute REDACTED" start="1765407634" startstr="Wed Dec 10 16:00:34 2025" version="7.98" xmloutputversion="1.05">
<scaninfo type="connect" protocol="tcp" numservices="1" services="21"/>
<verbose level="1"/>
<debugging level="1"/>
<taskbegin task="NSE" time="1765407634"/>
<taskend task="NSE" time="1765407634"/>
<taskbegin task="NSE" time="1765407634"/>
<taskend task="NSE" time="1765407634"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1765407634"/>
<taskend task="Parallel DNS resolution of 1 host." time="1765407634"/>
<taskbegin task="Ping Scan" time="1765407634"/>
<hosthint><status state="up" reason="unknown-response" reason_ttl="0"/>
<address addr="88.208.252.158" addrtype="ipv4"/>
<hostnames>
<hostname name="REDACTED" type="user"/>
</hostnames>
</hosthint>
<taskend task="Ping Scan" time="1765407634" extrainfo="1 total hosts"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1765407634"/>
<taskend task="Parallel DNS resolution of 1 host." time="1765407634"/>
<taskbegin task="Connect Scan" time="1765407634"/>
<taskend task="Connect Scan" time="1765407634" extrainfo="1 total ports"/>
<taskbegin task="Service scan" time="1765407634"/>
Got nsock CONNECT response with status TIMEOUT - aborting this service
<taskend task="Service scan" time="1765407646" extrainfo="1 service on 1 host"/>
<taskbegin task="NSE" time="1765407646"/>
nmap: nse_nsock.cc:381: void callback(nsock_pool, nsock_event, void*): Assertion `lua_status(L) == LUA_YIELD' failed.
Aborted (core dumped)

Metadata

Metadata

Assignees

No one assigned

    Labels

    NSEbug

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions