sensepost
Nessus Parser Misses Ports
Describe the bug
While using the nessus parser, I noticed that it missed a www service. I had 2 www in my .nessus file. It detected one while missing the other
To Reproduce Steps to reproduce the behavior:
- Perform a Basic Network Scan in Nessus
- Run:
gowitness nessus --file report.nessus
Expected behavior It should have detected both of them
Version Information:
- OS: Fedora Linux 36
- gowitness:
$ gowitness version
gowitness: 2.4.2
git hash: c9c6b17
go version: go1.19_linux/amd64
Additional context
$ grep -i "www" report.nessus
<ReportItem port="80" svc_name="www" protocol="tcp" severity="0" pluginID="10107" pluginName="HTTP Server Type and Version" pluginFamily="Web Servers">
<ReportItem port="11127" svc_name="www" protocol="tcp" severity="0" pluginID="22964" pluginName="Service Detection" pluginFamily="Service detection">
The full report is available here
I have this issue as well. I believe it is due to the plugin name not being "Service Detection" possibly an issue with the plugin output as well. I cannot get gowitness to respect the replacement command arguments I provide though.
This is interesting. We're filtering based on the service name passed through as an option that defaults to www and https. I'd need to test this to debug what is happening.
I changed a bunch of the plugin names in the xml to "Service Detection" and got it to work more but not completely
I'm facing the same issue. I did some troubleshooting and the parsing seems to be OK. With the --debug option, I can see that all ports are parsed (thanks to this debug line). However, I think that there is an issue when the ip:port are added to the target list [here]. I'm not proficient in Go but I think that if an IP has multiple open ports, only the latest port will be stored in the target list (others will be overwritten because the map can only have one value pre key). I'm not able to propose a pull request (du to my poor level in Go) but I hope this could help resolve the issue. [Edit: I tried finally]
