Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Script results may contain "None" dict keys #124

Open
happyc0ding opened this issue Feb 25, 2021 · 2 comments
Open

Script results may contain "None" dict keys #124

happyc0ding opened this issue Feb 25, 2021 · 2 comments

Comments

@happyc0ding
Copy link

When parsing Nmap XML files with service detection I ran into an interesting scenario: Let's assume I have the following script output in a file:
<script id="http-server-header" output="CerberusFTPServer/11.0"><elem>CerberusFTPServer/11.0</elem></script>
This will result in the following object in the attribute services of NmapHost (NmapService):
{'id': 'http-server-header', 'output': 'CerberusFTPServer/11.0', 'elements': {None: 'CerberusFTPServer/11.0'}}
As the output shows, the key inside elements is None. This may lead to problems when processing the data with other software, i.e. elasticsearch.

In comparison other elements within the XML have a key attribute which seems to be used like here:
<script id="http-methods" output="&#xa; Supported Methods: GET HEAD POST OPTIONS"><table key="Supported Methods"><elem>GET</elem><elem>HEAD</elem><elem>POST</elem><elem>OPTIONS</elem></table></script>
This results in:
{'id': 'http-methods', 'output': '\n Supported Methods: GET HEAD POST OPTIONS', 'elements': {'Supported Methods': {None: ['GET', 'HEAD', 'POST', 'OPTIONS']}}}
(Please note the key inside Supported Methods is also None.)

Tested with libnmap versions 0.7.0 and 0.7.2. Nmap version 7.80.
@0x303
Copy link

0x303 commented Apr 11, 2023

I experienced this same issue. This only seems to happen with certain NSE scan modules.

The data above (for the http=methods NSE scan results) SHOULD look like this {'id': 'http-methods', 'output': '\n Supported Methods: GET HEAD POST OPTIONS', 'elements': {'Supported Methods': ['GET', 'HEAD', 'POST', 'OPTIONS']}}
Where the Supported Methods key has an array as its value rather than a dictionary (object).

This same issue also occurs in the ssl-cert NSE scan within the extensions sub-key.

@0x303
Copy link

0x303 commented Apr 11, 2023

To be more specific, I have identified that the problem seems to be occurring in the the elements attribute of an NSE object. I think you can access it by like this:

nmap_process = NmapProcess(targets=target_list)
nmap_process_output = NmapParser.parse(nmap_process.stdout)

hosts = nmap_process_output.hosts

for host in hosts:
  services = host.services
  for service in services:
    nse_results = service.script_results
    
    for nse_script in nse_results:
      nse_id = nse_script.get('id')
      nse_output = nse_script.get('output')
      nse_elements = nse_script.get('elements') # THIS IS WHERE THE PROBLEM APPEARS TO BE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@happyc0ding @0x303