Comments (12)
Facing exact same issue... I even tried to allow all the connections using Windows Firewall on Metasploitable 3. Nmap Scan shows all port open but when nmap is run using proxychains it shows all ports are closed. @matcon can you run nmap using proxychains? Please provide the output of nmap when run with proxychains.
from machine_learning_security.
@matcon
Please show me the all content of the nmap_result_192.168.56.101.xml.
.
If XML format of Nmap result has changed, DeepExploit can't extract open ports information.
from machine_learning_security.
I had similar issue. You can modify the code to read nmap output directly from xml file.
from machine_learning_security.
this is xml i change to txt for upload here.
nmap_result_192.168.56.101.xml.txt
from machine_learning_security.
I had similar issue. You can modify the code to read nmap output directly from xml file.
@hamidb can you please send the modified code or tell where exactly to modify?
from machine_learning_security.
@cstayyab in get_port_list
method, just replace nmap_result
by nmap_result = open(nmap_result_file, 'rb').read()
before using BeautifulSoup
from machine_learning_security.
@matcon This issue occurred because Msgrpc client failed to read whole nmap result. The cat command show the whole result while just first line was returned from the rpc client. Maybe it is due to there is '\n\n' between first line and the rest of lines.
machine_learning_security/DeepExploit/DeepExploit.py
Lines 888 to 895 in 2fc2558
the ret should return:
{b'data': b'[*] exec: cat nmap_result_192.168.51.2.xml\n\n(and nmap result blabla...)', b'prompt': b'\x01\x02msf5\x01\x02 \x01\x02> ', b'busy': False}
it actually returned:
{b'data': b'[*] exec: cat nmap_result_192.168.51.2.xml\n\n', b'prompt': b'\x01\x02msf5\x01\x02 \x01\x02> ', b'busy': False}
from machine_learning_security.
Can the fixed portion of the code be uploaded into the main repo?
from machine_learning_security.
This error is because the Output of any bash command is not returned with the output. There should be a way to do that.
The line [*] exec: cat nmap_result_192.168.51.2.xml\n\n
is output from MSFConsole and all the other output of nmap is printed in the bash child process that Msfconsole has open. The output of that child process (bash) is not being included in 'console.read'
from machine_learning_security.
@cstayyab in
get_port_list
method, just replacenmap_result
bynmap_result = open(nmap_result_file, 'rb').read()
before usingBeautifulSoup
@qiwihui This solution does not work if Metasploit RPC is on another System in the network and the DeepExploit is running on some other System. Because the path to nmap file will be local but the file would actually exist on the Other System (which has Metasploit and MsgRPC)
from machine_learning_security.
As mentioned in #49 there were two things to change to get it work for me.
First thing is here:
Replace Line 2226 with nmap_result = os.getcwd() + '/nmap_result_' + env.rhost + '.xml'
machine_learning_security/DeepExploit/DeepExploit.py
Lines 2226 to 2229 in 76a283d
Second thing is:
Insert between line 914 and 915 nmap_result = open(nmap_result_file, 'rb').read()
as @qiwihui suggested.
machine_learning_security/DeepExploit/DeepExploit.py
Lines 914 to 915 in 2fc2558
from machine_learning_security.
[!] 302/2006 linux/pop3/cyrus_pop3d_popsubfolders module is danger (rank: normal). Can't load.
[] 303/2006 Loaded exploit: linux/postgres/postgres_payload
[] 304/2006 Loaded exploit: linux/pptp/poptop_negative_read
[] 305/2006 Loaded exploit: linux/proxy/squid_ntlm_authenticate
[] 306/2006 Loaded exploit: linux/redis/redis_replication_cmd_exec
[] 307/2006 Loaded exploit: linux/samba/chain_reply
[] 308/2006 Loaded exploit: linux/samba/is_known_pipename
[] 309/2006 Loaded exploit: linux/samba/lsa_transnames_heap
[!] 310/2006 linux/samba/setinfopolicy_heap module is danger (rank: normal). Can't load.
[] 311/2006 Loaded exploit: linux/samba/trans2open
[!] 312/2006 linux/smtp/apache_james_exec module is danger (rank: normal). Can't load.
[] 313/2006 Loaded exploit: linux/smtp/exim4_dovecot_exec
[] 314/2006 Loaded exploit: linux/smtp/exim_gethostbyname_bof
[!] type:<class 'KeyError'>
[!] args:(b'rank',)
[!] b'rank'
[!] Failed: module.info
Hi, how can I solve the above problem?
from machine_learning_security.
Related Issues (20)
- DeepExploit issues HOT 1
- pip3 install tensorflow error & auto killed HOT 1
- Could not find a version that satisfies the requirement tensorflow>=1.8.0 HOT 1
- python3 DeepExploit.py -h & SyntaxError: invalid syntax
- Problem with string matching HOT 1
- range of targets and modules
- Retry "auth.login" call. reason: [Errno 60] Operation timed out HOT 1
- Illegal instruction HOT 1
- int is not allowed for map key? HOT 3
- DeepExploit issue HOT 2
- Lots Of Bug HOT 3
- Msf5 exploitation
- Starting a Business
- how to s solve this question? HOT 4
- No ports found in host that has opened ports HOT 1
- Retry "auth.login" call. reason: [Errno 111] Connection refused HOT 3
- Installation Environment
- 'utf-8' codec can't decode byte 0xb5 in position 182: invalid start byte
- Retry "auth.login" call. reason: [Errno 110] Connection timed out HOT 1
- can only concatenate str (not "bytes") to str Failed: console.read type:<class 'TypeError'>
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from machine_learning_security.