masscan icon indicating copy to clipboard operation
masscan copied to clipboard

Published 20 hours ago verified publisher icon robertdavidgraham

Not discovering httpd on port 80 while Nmap does

Open llach opened this issue 5 years ago • 4 comments

Hey everybody,

I ran nmap on a HackTheBox machine (postman), which shows that port 80 is open:

sudo nmap -p80 10.10.10.160
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 20:10 CET
Nmap scan report for 10.10.10.160
Host is up (0.028s latency).

PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 5.62 seconds

However if I use masscan, it doesn't report port 80 as open:

bin/masscan -p80 10.10.10.160 --wait 0

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-01-19 19:10:21 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [1 port/host]

I've tried building master and the current brew version with no luck. Any ideas why it does not discover the port?

OS: macOS Mojave I use Tunnelblick to connect to the HackTheBox VPN.

llach avatar Jan 19 '20 19:01 llach

I would try specifying your VPN interface, along the lines of --adapter tun0 and/or your gateway MAC address using --router-mac aa:bb:cc:dd:ee:ff

Use route -n and arp -n to get these values

This is required generally because nmap makes assumptions to keep things simple whereas masscan gives you more flexibility

mzpqnxow avatar Jan 20 '20 20:01 mzpqnxow

Thanks for the quick reply. Here is the output of route -n get 10.10.10.160:

   route to: 10.10.10.160
destination: 10.10.10.0
       mask: 255.255.255.0
    gateway: 10.10.14.1
  interface: utun1
      flags: <UP,GATEWAY,DONE,STATIC,PRCLONING>
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500         0

which means --adapter utun0 and --router-ip 10.10.14.1, right?

However, if I run arp -a -n, I can see local IPs (10.0.0.X) but none of the VPN interface (10.10.10.X). How can I get the correct MAC address for --adapter-mac?

llach avatar Jan 21 '20 21:01 llach

There will not be a value for --adapter-mac as it is not a physical device and thus has no MAC address. However, it may help to use:

--adapter utun0 --adapter-ip <ip address assigned to utun0> --router-ip 10.10.14.1

When it comes to tunneling, it is best to specify all 4 values (adapter MAC & IP, router MAC & IP)

If this doesn't work, please paste the full output of:

ifconfig route -n arp -n

mzpqnxow avatar Feb 26 '20 12:02 mzpqnxow

See #680

mzpqnxow avatar Dec 09 '23 16:12 mzpqnxow