Correct the issue with port scanner output (#978)

The issue caused the program to erroneously run a regex pattern on HTML content instead of the request data. This was because the port number wasn't displayed in the HTML's body content. The commit rectifies this problem, ensuring that regex operates on the correct data.
OWASP · Dec 22, 2024 · 9aaa703 · 9aaa703
1 parent f65f9bc
commit 9aaa703
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/nettacker/core/lib/socket.py b/nettacker/core/lib/socket.py
@@ -233,10 +233,12 @@ def response_conditions_matched(self, sub_step, response):
             return response
         if sub_step["method"] == "tcp_connect_send_and_receive":
             if response:
-                received_content = response["response"]
                 for condition in conditions:
                     regex = re.findall(
-                        re.compile(conditions[condition]["regex"]), received_content
+                        re.compile(conditions[condition]["regex"]),
+                        response["response"]
+                        if condition != "open_port"
+                        else str(response["peer_name"][1]),
                     )
                     reverse = conditions[condition]["reverse"]
                     condition_results[condition] = reverse_and_regex_condition(regex, reverse)

diff --git a/nettacker/modules/scan/port.yaml b/nettacker/modules/scan/port.yaml
@@ -1028,7 +1028,7 @@ payloads:
           condition_type: or
           conditions:
             open_port:
-              regex: ""
+              regex: \d{{1,5}}
               reverse: false
 
             ftp: &ftp

diff --git a/tests/core/lib/test_socket.py b/tests/core/lib/test_socket.py
@@ -9,6 +9,10 @@ class Responses:
 
     tcp_connect_send_and_receive = {
         "response": 'HTTP/1.1 400 Bad Request\r\nServer: Apache/2.4.62 (Debian)\r\nContent-Length: 302\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n<hr>\n<address>Apache/2.4.62 (Debian)</address>\n</body></html>\n',
+        "peer_name": (
+            "127.0.0.1",
+            80,
+        ),
         "ssl_flag": True,
     }