Scan Port by External Port Scanner(nmap)
Starting with Vuls v0.13, port scanning is available to make related vulnerabilities more visible.
Unless you write the config
[servers.xxx-xxx-xxx-xxx.portscan], it will use the port scanning feature of the Vuls built-in. The following config.toml will use an external scanner (currently only nmap is supported) in
scannerBinPath to scan ports.
[servers] [servers.192-168-11-6] host = "192.168.11.6" port = "22" user = "root" scanMode = ["fast-root"] scanModules = ["ospkg", "port"] [servers.192-168-11-6.portscan] scannerBinPath = "/usr/bin/nmap" hasPrivileged = true scanTechniques = ["sS"] sourcePort = "65535"
scannerBinPath: PATH to the external scanner to be executed for port scanning in Vuls. Currently only nmap is supported.
hasPrivileged: Allows you to specify whether you have enough privileges to perform operations that require root privileges on UNIX systems (
--privileged). The following options affect
sourcePort. If you want to use this function as a non-root user, you need to set the capability appropriately. Try running the following command, and if the capability is set as well, it should work well. See also this document.
$ getcap /usr/bin/nmap /usr/bin/nmap = cap_net_bind_service,cap_net_admin,cap_net_raw+eip
scanTechniques: Allows you to specify the method of port scanning. Currently, the following are supported. Note that you need to set
hasPrivilegedto true if you want to use a scanning method other than
SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sN/sF/sX: TCP Null, FIN, and Xmas scans.
sourcePort: packets will be sent from the specified single port number, if possible(
-g). The port number can be from 0 to 65535, but if 0 is specified, it may not work on all systems, so a validation error is raised.
sourcePort(-g)is incompatible with the default TCPConnect scan (
-sT). If you want to set the source port, use a raw scan such as
- Nmap: https://nmap.org/