Giters

projectdiscovery / naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Home Page:https://projectdiscovery.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[FR] OnNoResult callback

dogasantos opened this issue · comments

commented

when using as library, we have to work with the Onresult callback to handle found open ports.
But when we want to perform some other task on addresses that don't have any open port detected, we can't.
I'd like to ask for a OnNoResult callback or something like that

As this is an async scan, its a bit hard to handle negative results as is atm.

Would that be possible?

ty

commented

Can you show how you are handling OnResult's output? Additionally, would the following approach work?

package main

import (
	"context"
	"fmt"
	"log"
	"strconv"
	"strings"

	"github.com/projectdiscovery/goflags"
	"github.com/projectdiscovery/naabu/v2/pkg/result"
	"github.com/projectdiscovery/naabu/v2/pkg/runner"
	sliceutil "github.com/projectdiscovery/utils/slice"
)

func main() {
	portsToScan := "80,443,68,123"
	portsToScanSlice := strings.Split(portsToScan, ",")
	foundPorts := make([]string, 0, len(portsToScanSlice))

	options := runner.Options{
		Host:     goflags.StringSlice{"scanme.nmap.org"},
		ScanType: "s",
		OnResult: func(hr *result.HostResult) {
			for _, port := range hr.Ports {
				foundPort := strconv.Itoa(port.Port)
				foundPorts = append(foundPorts, foundPort)

				// Remove the found port from the list of ports to scan to find the remaining ports
				portsToScanSlice = sliceutil.PruneEqual(portsToScanSlice, foundPort)
			}
		},
		Ports:  portsToScan,
		Silent: true,
	}

	naabuRunner, err := runner.NewRunner(&options)
	if err != nil {
		log.Fatal(err)
	}
	defer naabuRunner.Close()

	naabuRunner.RunEnumeration(context.TODO())

	fmt.Println("Found ports:", foundPorts)
	fmt.Println("Not found ports:", portsToScanSlice)
}
commented

Hi @dogancanbakir
Thanks for your response!

yes, I've solved with similar approach
i send all hosts to a set and remove every host that got positive result (at least 1 open port)
the remaining hosts in the set are the ones with no open ports.

Although, one thing caught my attention on your response.
Other than Ports, these are the parameters I'm using on config:

                Host:                      goflags.StringSlice{ipaddr},
		Threads:                   runtime.NumCPU() * 2,
		Rate:                      800,
		IPVersion:                 goflags.StringSlice{ipversion},
		ScanType:                  "s",
		InputReadTimeout:          time.Duration(2 * time.Minute),
		Retries:                   1,
		Timeout:                   120,
		WarmUpTime:                2,
		IcmpEchoRequestProbe:      false,
		IcmpTimestampRequestProbe: false,
		Nmap:               false,
		Verbose:            false,
		Silent:             true,
		ExcludeCDN:         true,
		DisableStdin:       true,
		DisableUpdateCheck: true,
		OutputCDN:          true,
		Debug:              false,
		SkipHostDiscovery:  true,

Notice I set everything to be very "silent" there. However, still seeing output:

[INF] Running SYN scan with CAP_NET_RAW privileges
[INF] Found 1 ports on host (ipv4address)

Is there any bogus option I've set?
Ty

commented

It shouldn't happen, will fix it! Thanks for letting me know.

commented

It's already fixed in the dev branch and will be included in the upcoming release. Closing this.