-Pn flag not working as expected depending on command used
MetzinAround opened this issue · comments
from Discord user: greenfreq
Naabu version:
current
Current Behavior:
Example:
naabu -l ips.lst -retries 1 -timeout 500 -o fileout -Pn
results in host discovery being performed despite the -Pn scan.
naabu -Pn -l ips.lst -retries 1 -timeout 500 -o fileout
runs without host discovery
Tried to replicate on a work VM, couldn't at first, but then:
sudo /home/kali/.pdtm/go/bin/naabu -l ips.lst -retries 1 -timeout 500 -o ips.naabu.scn -j file.json -Pn
if I add a file name to the -j option it runs but attempts the host discovery, it never saves a file as file.json so I think that must not be an option (to save both a 'normal' and a json file)
Expected Behavior:
No matter the flag placement, naabu will read all flags and toggle them correctly.
Steps To Reproduce:
- run
naabu -l ips.lst -retries 1 -timeout 500 -o fileout -Pn - run
naabu -Pn -l ips.lst -retries 1 -timeout 500 -o fileout
One minor correction to the above. The command I used to replicate included the option '-j' and applied an argument to that option of 'file.json'
sudo /home/jon/.pdtm/go/bin/naabu -l ips.lst -retries 1 -timeout 500 -o ips.naabu.scn -j file.json -Pn
I was unable to reproduce the issue using the provided steps and the outcome was the same:
run naabu -l ips.lst -retries 1 -timeout 500 -o fileout -Pn
run naabu -Pn -l ips.lst -retries 1 -timeout 500 -o fileout
Same with the following:
sudo /home/jon/.pdtm/go/bin/naabu -l ips.lst -retries 1 -timeout 500 -o ips.naabu.scn -j file.json -Pn
Also, -j, -json write output in JSON lines format is a boolean flag. Therefore, the output will be written in -o ips.naabu.scn in your case. Additionally,
without providing an arg to -j
$ echo scanme.sh | sudo ./naabu -p 80 -j -Pn
__
___ ___ ___ _/ / __ __
/ _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/
projectdiscovery.io
[INF] Current naabu version 2.2.0 (latest)
[INF] Running SYN scan with CAP_NET_RAW privileges
[INF] Found 1 ports on host scanme.sh (128.199.158.128)
{"host":"scanme.sh","ip":"128.199.158.128","timestamp":"2023-12-05T10:41:53.103596134Z","port":80,"protocol":"tcp","tls":false}with providing an arg to -j
$ echo scanme.sh | sudo ./naabu -p 80 -j aa -Pn
__
___ ___ ___ _/ / __ __
/ _ \/ _ \/ _ \/ _ \/ // /
/_//_/\_,_/\_,_/_.__/\_,_/
projectdiscovery.io
[INF] Current naabu version 2.2.0 (latest)
Starting host discovery
[INF] Running host discovery scan
[INF] Running SYN scan with CAP_NET_RAW privileges
[INF] Found 1 ports on host scanme.sh (128.199.158.128)
{"host":"scanme.sh","ip":"128.199.158.128","timestamp":"2023-12-05T10:43:01.807686764Z","port":80,"protocol":"tcp","tls":false}I do realize (after the fact) that the -j option doesnt function like nmap where you can have multiple output files in different formats. That said, I would expect the command to fail as improper. It does not. So I am wondering what naabu thinks that argument is.
Additional details, I can replicate this on two different VMs one is a Kali VM and the other is a VM with a fresh install of Kali via iso.
sudo /home/kali/.pdtm/go/bin/naabu -host 192.168.100.1 -retries 1 -timeout 500 -o file1 -j file.json -Pn
sudo /home/kali/.pdtm/go/bin/naabu -host 192.168.100.1 -retries 1 -timeout 500 -o file1 -j -Pn
Here is a cli with a junk argument thrown in that seems to cause naabu to stop parsing the command line and just run. Notice that the output is not in json format and that host discovery is run, both of these options come after the "junkarg" argument.
sudo /home/kali/.pdtm/go/bin/naabu -host 192.168.100.64 -retries 1 -timeout 500 -o file1 junkarg -j -Pn
Looks like this is actually related to: projectdiscovery/goflags#118 so we can probably close this one out. Thanks to pdteam in discord for pointing it out to me.