Accuracy

[XAR2012]

I tried mutiple IPs with different connection, however not sigle time its able to find any port.

Environment:

• Kali linux 2020
• 200 MBPS connection

[XAR2012]

and have manually verified that some ports are open and functioning correctly

[d0nutptr]

Hey thanks for the ticket. I definitely need more information than “do more accuracy”.

do you have an example of one of these ip addresses and expected open ports?

How fast were you trying to go (default speed?)?

Is this a virtual machine or running on the host machine?

thanks. The more information you can provide (especially the first item) the more likely I can help you.

[XAR2012]

Hey,

Thanks for the response.

“do more accuracy?"

-> Even tho ports are open its not detecting them.

do you have an example of one of these ip addresses and expected open ports?

-> So I simply tried to scan my router, which has port 80 open. But then I tried some of the bounty targets where on port 80 and 443 HTTP there and pages are loading, armada is still showing no open ports.

How fast were you trying to go (default speed?)?

-> No tweaking, ran it on dfault speed.

Is this a virtual machine or running on the host machine?

Tried on both. Vm= Kali, Host: Windows 10

And thanks for your efforts and great tools :)

[d0nutptr]

That's interesting.. This weekend I'll open a kali vm up and see if there are troubles with that. It not working on Windows doesn't surprise me too much, honestly, as I built this to specifically work on Linux, but since it's a problem on your kali as well I wonder if it being a VM is interfering somehow or, perhaps, something with your specific network that is causing a problem. I've heard that it works on Windows for others so whatever the issue is might be the issue for both Windows and Kali here.

Questions that could help me

• Which bug bounty target did you scan and fail to detect ports 80 and 443?

• Have you been able to find any ports on any target with armada? Or is it just failing for some targets?

[XAR2012]

Hey,

So the time I was scanning, I was able to scan open ports for my router, but the internet IPs's ports were not scannable.

Which bug bounty target did you scan and fail to detect ports 80 and 443?

Actually, It was a private target. So won't be able to say that.

 Have you been able to find any ports on any target with armada? Or is it just failing for some targets?

TBH, no I wasn't able to. None of the IPs(tried 7-8 of them), and I had verified that they had ports OPEN, but armada wasn't able to pick it up.

Please see the following screenshot

[d0nutptr]

Thanks for the IP to test against. I’ll check this later when I’m home. It’s suspicious that you have been unable to see ports on any IP address.

can you attempt to port scan 8.8.8.8 (google dns) and see if you get any results? Three ports should be open. If it fails then there are two possibilities in my mind.

thanks!

[XAR2012]

Hey,

No luck on 8.8.8.8.

[XAR2012]

Hey D0nut,

To add more info, same thing happens on Ubuntu 20 Vm.

[d0nutptr]

Thanks for the additional info! Definitely seems to be something to do with running armada inside a vm. I’ll look saturday

[d0nutptr]

Heyo! I haven't actually checked this myself but a different user had discovered a bug where armada was sending up some extra bytes in the packet which caused some systems to not respond properly. I've patched armada with this commit

https://github.com/resyncgg/armada/commit/c78ef98666270adbc6b2524af66024a54d0866f8

Can you try with the very latest version of Armada and let me know if this fixed your issue? Otherwise I'll pull a VM down and try it myself.

Thanks!

[TarasZelyk]

Hi @d0nutptr, I have the same problem as @XAR2012 I just tried Armada 1.0.1, which includes the patch, and it's still not able to find open ports for 8.8.8.8. I am using Ubuntu 20 on my host machine. Let me know what additional details you may need to reproduce the issue.

[d0nutptr]

Ahh thanks for the info. I'll open Virtualbox right now and get a VM going. Thanks for the information :)

[d0nutptr]

Hello @TarasZelyk!

I ended up pulling Ubuntu 20.04 iso down and creating an Ubuntu 20.04 virtual machine via an up-to-date virtualbox (my host machine is also Ubuntu 20.04).

After making sure the machine was up-to-date, armada installed and given CAP_NET_RAW, I was able to successfully port scan remote targets.

Would you be able to give me reproduction steps (starting from scratch) on how to build a VM that does not port scan properly?

Thanks!

[XAR2012]

Hey Man,

Have updated as directed still seeing inconsistent results.

[d0nutptr]

Wait... I thought you said you weren't getting any results? I see you actually saw a port when you scanned the first time.

You're just port scanning too fast for your connection.

Armada, by default, has a rate limit of 10,000 packets each second, which works relatively well for ethernet connected, high speed connections; however, you may be on a less reliable connection (which has nothing to do with MBps). You may need to slow armada down. I recommend you try the following as a simple test:

armada 8.8.8.8 -p 1-1000 --rate-limit 100

See if this works for you and let me know. If it does, then you should play around with the rate-limit number a few more times and see if it improves.

[TarasZelyk]

Hi @d0nutptr, Setting --rate-limit helped me, and now it finds ports, although I believe I tried this before. Thanks!

[AaronChen0]

Hi @d0nutptr, I am scanning 182.173.169.11 (www.starbucks.co.kr), but find no port. While running nmap 182.173.169.11 -p 1-1000, I get port 80 and 443 open.

~# armada --version armada 1.0.2 ~# armada 182.173.169.11 -p 1-1000 ~# armada 182.173.169.11 -p 80

The system I am using is a $5 digitalocean Ubuntu 21.04 vps located at Singapore. Can you have this as a test?

[d0nutptr]

Hey @AaronChen0!

Good news: I identified another issue that was causing some ports to report closed. I'll push an update relatively soon.

[d0nutptr]

I pushed a new version that should work against the starbucks target. I also noticed that this host apparently doesn't take kindly to extensive scanning so if you find armada 182.173.169.11 -p 1-1000 failing, you may need to wait a bit and slow down the scan significantly. Even nmap starts to report filtered on all of the ports.

To update armada, you should do the following:

cargo install armada --force

and then follow the instructions in the README.md if you choose to give the binary cap_net_raw.

[d0nutptr]

I'll close this ticket if there are no more issues in a couple of days.

[AaronChen0]

~# armada 65.160.247.102 --top100 --rate-limit 20 65.160.247.102:443 ~# armada 65.160.247.102 --top100 65.160.247.102:443 ~# armada 65.160.247.102 --top1000 --rate-limit 20 ~# armada 65.160.247.102 --top1000 --rate-limit 12

After setting a low rate limit, why armada can't discover 443 port open among the top 1000 ports. Does it follow the --rate-limit?

[AaronChen0]

What's the relationship of In-flight Packets in the progress bar and the rate limit? I see the number of In-flight Packets is bigger than the rate limit most of the time.

[d0nutptr]

Hey @AaronChen0,

Armada does not require that packets be expired or responded to before sending more out, as such the total number of in-flight packets can be much higher than rate-limit depending on the per-packet timeout applied.

That being said, the metric is currently bugged a bit (you may notice the packet count drop to 0 regularly) and it's something I need to fix at some point.

[AaronChen0]

Right.

time armada 65.160.247.102 --top1000 --rate-limit 12 The timing seems odd. Only 12 seconds. I assume it will need more than 80 seconds (possible retries). --rate-limit 120 also needs 12 seconds. Is this reasonable?

[rustxj]

armada x.x.x.x -p 1-65535 Without any results, the problem remains.

[d0nutptr]

@rustxj do you have any information or do you want me to guess what the issue is?

What OS are you on. What does NMAP show? Are you in a virtual machine? etc etc