udpx icon indicating copy to clipboard operation
udpx copied to clipboard
verified publisher icon nullt3r

Comparsion with nmap

Open CaledoniaProject opened this issue 2 years ago • 6 comments

I'm new to this project, and it looks interesting to me. But I'm wondering

  1. Does udpx recognize more service than nmap?
  2. Is there any compelling reasons for us to use udpx instead of nmap?

CaledoniaProject avatar Apr 24 '23 01:04 CaledoniaProject

Well, as far as I see, under my current limited circumstance, its result is 0 UDP port opened, but nmap find more.

kmahyyg avatar May 07 '23 04:05 kmahyyg

Provide more details, so I can replicate the issue:

  • Which ports were found by nmap?
  • On what platform did you run the scan?
  • What settings did you use?
  • Did you use WIFI for scanning?
  • Also, are the ports found by nmap actually open?

nullt3r avatar May 07 '23 07:05 nullt3r

@nullt3r

  • Which ports were found by nmap?

161/162 udp

  • On what platform did you run the scan?

parrot linux, or more precisely, hackthebox pwnbox

  • What settings did you use?

-t <TARGET IP, single IP> -o <RESULT>.json, nothing else

  • Did you use WIFI for scanning?

no, on the cloud

  • Also, are the ports found by nmap actually open?

yes.

And also, it's a lab machine in hackthebox. But masscan -pU -oX found nothing too, so I guess there might be something related to udp packet payload.

kmahyyg avatar May 07 '23 10:05 kmahyyg

Ok. First of all, the port number 162 is not in database:

	{
		Name: "snmp",
		Payloads: []string{"302902010004067075626C6963A01C0204565ADC5D020100020100300E300C06082B060102010101000500", "302602010104067075626C6963A1190204DC63C29A020100020100300B300906052B060102010500", "303A020103300F02024A69020300FFE30401040201030410300E0400020100020100040004000400301204000400A00C020237F00201000201003000"},
		Port: []int{161},
	},

I will add it to the snmp in the next release. Second, what version of snmp protocol is the remote host running? It is possible but highly unlikely, that I am missing some probes for specific implementation. Also, try to increase the wait time: -w 1000 - second or more.

nullt3r avatar May 07 '23 10:05 nullt3r

Ok. First of all, the port number 162 is not in database:

	{
		Name: "snmp",
		Payloads: []string{"302902010004067075626C6963A01C0204565ADC5D020100020100300E300C06082B060102010101000500", "302602010104067075626C6963A1190204DC63C29A020100020100300B300906052B060102010500", "303A020103300F02024A69020300FFE30401040201030410300E0400020100020100040004000400301204000400A00C020237F00201000201003000"},
		Port: []int{161},
	},

I will add it to the snmp in the next release. Second, what version of snmp protocol is the remote host running? It is possible but highly unlikely, that I am missing some probes for specific implementation. Also, try to increase the wait time: -w 1000 - second or more.

v2c. I will try later. I think the problem might be wait time, since previous scan might triggered icmp error message limit. Thanks for your quick response.

kmahyyg avatar May 07 '23 10:05 kmahyyg

I am always open to constructive criticism. UDPX is effective for scanning larger networks, /24 or so. Remember, that it is packet-based approach, so it does not wait for ICMP message, but rather a response.

nullt3r avatar May 07 '23 10:05 nullt3r