strange error "(22 - 'Invalid argument')" when used with IPv4 - nmap

I have "(22 - 'Invalid argument')" using nmap.
I'V google'd and got https://seclists.org/nmap-dev/
but on that is it talks about IPv6 while I got this error using
IPv4 in no place IPv4 is mensionned, so why am I getting
this weird error ?
I entered
nmap --send-eth --release-memory --nsock-engine=epoll --allports --fuzzy
--randomize-hosts --log-errors --max-os-tries=9 -n --reason --append-output
--scanflags=URGACKPSHRSTSYNFIN --max-retries=6 --host-timeout=225s
--stats-every=10m --ttl=255 --min-hostgroup=5 --max-hostgroup=25
--max-rtt-timeout=60s --scan-delay=250ms --max-scan-delay=25s
--stats-every=1 -v5 -sT -sV -A -p 80-82 0.18.0.0
And got:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 16:05 CET
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
Initiating Ping Scan at 16:05
Scanning 0.18.0.0 [2 ports]
Stats: 0:00:01 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Ping Scan Timing: About 0.00% done
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Completed Ping Scan at 16:05, 0.50s elapsed (1 total hosts)
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 16:05
Completed NSE at 16:05, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.46 seconds
When trying with less arguements nmap -p 80-82 0.18.0.0
got:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 16:24 CET
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Strange read error from 0.18.0.0 (22 - 'Invalid argument')
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.12 seconds
When trying with ncat I got:
marc#platinum:~/NCat_test$ nc -vvv 0.18.0.0 80
0.18.0.0: inverse host lookup failed: Unknown host
(UNKNOWN) [0.18.0.0] 80 (http) : Invalid argument
sent 0, rcvd 0
marc#platinum:~/NCat_test$ nc -vvv 0.18.0.0 81
0.18.0.0: inverse host lookup failed: Unknown host
(UNKNOWN) [0.18.0.0] 81 (hosts2-ns) : Invalid argument
sent 0, rcvd 0
I still have "Invalid argument" but this time instead of 22 I got the post numbers and service
80 (http)
81 (hosts2-ns)
This raises a few questions
1) does the "Invalid argument" of ncat and nmap relate to the same thing ?
2) how can I make nmap for informative instead of printing 22 ?
3) how can I say that the remote port is really CLOSEd or is it really OPENned and rejecting because of the firewall ?
Thanks for your help

The IP addresses in the 0.0.0.0/8 network (anything with 0 in the first position) are reserved to mean "Current network" and are only valid as source addresses. Nmap generally prefers to not disallow unusual things like invalid addresses or port numbers (port 0 is similarly reserved in most implementations), because interesting things happen when you disobey conventions. But when Nmap makes calls to your system's networking functions, they may produce errors like this.

Related

Nmap script doesn't provide an answer

I'm running windows 11 and kali linux on Vmware, I tried to run Nmap script on smb with verbose mode and doesn't provide me with an answer.
nmap --script smb-enum-shares.nse -p445 192.168.189.129 -v
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-19 14:58 EST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:58
Completed NSE at 14:58, 0.00s elapsed
Initiating Ping Scan at 14:58
Scanning 192.168.189.129 [2 ports]
Completed Ping Scan at 14:58, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:58
Completed Parallel DNS resolution of 1 host. at 14:58, 13.00s elapsed
Initiating Connect Scan at 14:58
Scanning 192.168.189.129 [1 port]
Discovered open port 445/tcp on 192.168.189.129
Completed Connect Scan at 14:58, 0.00s elapsed (1 total ports)
NSE: Script scanning 192.168.189.129.
Initiating NSE at 14:58
Completed NSE at 14:58, 0.01s elapsed
Nmap scan report for 192.168.189.129
Host is up (0.00077s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
NSE: Script Post-scanning.
Initiating NSE at 14:58
Completed NSE at 14:58, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 13.31 seconds
I thought it was firewall so I disabled firewall and all it's rules but still got nothing.
Note:
I'm sharing C folder and Download folder.
Update:
I solved by opening smb on the machine.
Steps:
Open Control Panel.
Select Programs > Programs and Features > Turn Windows features on or off > SMB 1.0/CIFS File Sharing Support.
Check SMB 1.0/CIFS Client, and then press Enter.
should I delete the question or there is option to flag as solved?

Nessus Nmap script not providing desired results on localhost:8843

I'm running Nessus and I want to perform an Nmap script on it, Nessus are running on the localhost:8843.
When I run Nmap script it gives me nothing just normal scan
Nmap script:
C:\Users\mtaha>nmap --script nessus-brute.nse -p8834 <MY_IP> --unprivileged -Pn
The output:
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-03 22:44 Egypt Standard Time
Nmap scan report for 192.168.189.1
Host is up (0.00s latency).
PORT STATE SERVICE
8834/tcp open nessus-xmlrpc
Nmap done: 1 IP address (1 host up) scanned in 16.85 seconds
I didn't try anything else.

Nmap script error: "ssl_init_helper(): OpenSSL legacy provider failed to load."

I running Nessus on port 8834 and I when I run this Nmap script
nmap --script nessus-brute -p 8834 <MY_IP>
It gave me this output
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-03 10:38 Egypt Standard Time
NSOCK ERROR [0.0460s] ssl_init_helper(): OpenSSL legacy provider failed to load.
Nmap scan report for 192.168.189.1
Host is up (0.00s latency).
PORT STATE SERVICE
8834/tcp open nessus-xmlrpc
Nmap done: 1 IP address (1 host up) scanned in 17.00 seconds
I tried also to put args to the script
nmap --script nessus-brute --script-args userdb='admin',passdb='adminPass' -p 8834 <MY_IP>
And the same output as before.

Error Nmap NSE http-form-brute

I'm trying to get some time using the http-form-brute script, but every time it says that the path is wrong, but I already checked the path, yes, I also checked the syntax and it looks correct ... Point where I'm going wrong.
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-01-12 19:48 UTC
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.2.
NSE: Arguments from CLI: userdb=d.dic,passdb=d.dic,http-form-
brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php
NSE: Arguments parsed: userdb=d.dic,passdb=d.dic,http-form-brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
Completed NSE at 19:48, 0.00s elapsed
Initiating Ping Scan at 19:48
Scanning www.laboratoriohacker.com.br (31.170.164.209) [4 ports]
Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209)))
We got a ping packet back from 31.170.164.209: id = 1632 seq = 0 checksum = 63903
Completed Ping Scan at 19:48, 0.52s elapsed (1 total hosts)
Overall sending rates: 7.76 packets / s, 294.96 bytes / s.
mass_rdns: Using DNS server 192.168.0.1
Initiating Parallel DNS resolution of 1 host. at 19:48
mass_rdns: 0.01s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 19:48, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 19:48
Scanning www.laboratoriohacker.com.br (31.170.164.209) [1 port]
Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209)))
Discovered open port 80/tcp on 31.170.164.209
Completed SYN Stealth Scan at 19:48, 0.31s elapsed (1 total ports)
Overall sending rates: 3.24 packets / s, 142.60 bytes / s.
NSE: Script scanning 31.170.164.209.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
NSE: Starting http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80).
NSE: [http-form-brute 31.170.164.209:80] Form submission path: /admin/validar.php
NSE: [http-form-brute 31.170.164.209:80] HTTP method: POST
NSE: [http-form-brute 31.170.164.209:80] Username field: usuario
NSE: [http-form-brute 31.170.164.209:80] Password field: senha
NSE: [http-form-brute 31.170.164.209:80] Failed to get new session cookies: Unable to retrieve a login form from path "/admin/validar.php"
NSE: Finished http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80).
Completed NSE at 19:48, 1.35s elapsed
Nmap scan report for www.laboratoriohacker.com.br (31.170.164.209)
Host is up, received echo-reply ttl 52 (0.46s latency).
Scanned at 2017-01-12 19:48:02 UTC for 2s
PORT STATE SERVICE REASON
80/tcp open http syn-ack ttl 52
| http-form-brute:
|_ ERROR: Failed to submit the form to path "/admin/validar.php"
Final times for host: srtt: 457110 rttvar: 414875 to: 2116610
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
Completed NSE at 19:48, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
Raw packets sent: 5 (196B) | Rcvd: 2 (72B)
You have provided the path to the HTML form as /admin/validar.php, but the script is unable to GET a response containing a form from that page. Most likely, this is the path that the form POSTs to, not the page that the form exists on. The path provided should be the URI path that a user sees in his browser when filling out the form. Alternatively, you can try setting sessioncookies to 0 (false) to avoid the form detection, but if the form requires new cookies for each submission, then brute forcing will not be possible.

nmap seems to miss ports: doing something wrong?

If I specify a port range and scan for open ports such as the below
range, I get no result, even though ports (per netstat) are clearly
open and listening for web activity in this range:
[me#box ~]$ ./nmap --open -A --script ssl-enum-ciphers.nse,ssl-cert.nse -p [10050-65535] w.x.y.z
Starting Nmap 7.01 at 2016-01-21 16:24 CST
Service detection performed. Please report any incorrect results at http.../submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds
See above: nothing reported!
But if I scan a specific port in that same range (the same way), I get the
result I'd expect:
[me#box ~]$ ./nmap --open -A --script ssl-enum-ciphers.nse,ssl-cert.nse -p 10050 w.x.y.z
Starting Nmap 7.01 ( ) at 2016-01-21 16:24 CST
Nmap scan report for box-name (w.x.y.z)
Host is up (0.00010s latency).
PORT STATE SERVICE VERSION
10050/tcp open http Apache httpd
|_http-server-header: Apache
Service detection performed. Please report any incorrect results at ht.../submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds
What's wrong? Why doesn't it report that port (and some others) in the results
from the first command line? The second command line is the same except it
specifies a specific port that's known to be open (and output proves it is indeed open).
Makes no sense to me. Any advice?
This is nmap 7.01 if it matters.
Also I'm scanning the local box itself with its own specific IP address on which
the https ports are up and listening. (Not a scan of some other remote machine).
Using brackets around the port list means "Only scan ports if they occur in the services file." The nmap-services file that comes with Nmap does not contain a reference to port 10050, so that port is not scanned. In fact, you can see just which ports are scanned by using Grepable output and the -v flag:
$ ./nmap -p [10050-65535] -oG - -v
# Nmap 7.01SVN scan initiated Fri Jan 22 01:59:37 2016 as: ./nmap -p [10050-65535] -oG - -v
# Ports scanned: TCP(1371;10058,10064,10082-10083,10093,10101,10115,10160,10180,10215,10238,10243,10245-10246,10255,10280,10338,10347,10357,10387,10414,10443,10494,10500,10509,10529,10535,10550-10556,10565-10567,10601-10602,10616-10617,10621,10626,10628-10629,10699,10754,10778,10842,10852,10873,10878,10900,11000-11001,11003,11007,11019,11026,11031-11033,11089,11100,11110-11111,11180,11200,11224,11250,11288,11296,11371,11401,11552,11697,11735,11813,11862-11863,11940,11967,12000-12002,12005-12006,12009,12019,12021,12031,12034,12059,12077,12080,12090,12096-12097,12121,12132,12137,12146,12156,12171,12174,12192,12215,12225,12240,12243,12251,12262,12265,12271,12275,12296,12340,12345-12346,12380,12414,12452,12699,12702,12766,12865,12891-12892,12955,12962,13017,13093,13130,13132,13140,13142,13149,13167,13188,13192-13194,13229,13250,13261,13264-13265,13306,13318,13340,13359,13456,13502,13580,13695,13701,13713-13715,13718,13720-13724,13730,13766,13782-13784,13846,13899,14000-14001,14141,14147,14218,14237-14238,14254,14418,14441-14444,14534,14545,14693,14733,14827,14891,14916,15000-15005,15050,15145,15151,15190-15191,15275,15317,15344,15402,15448,15550,15631,15645-15646,15660,15670,15677,15722,15730,15742,15758,15915,16000-16001,16012,16016,16018,16048,16080,16113,16161,16270,16273,16283,16286,16297,16349,16372,16444,16464,16705,16723-16725,16797,16800,16845,16851,16900-16901,16992-16993,17007,17016-17017,17070,17089,17129,17251,17255,17300,17409,17413,17500,17595,17700-17702,17715,17801-17802,17860,17867,17877,17969,17985,17988,17997,18000,18012,18015,18018,18040,18080,18101,18148,18181-18184,18187,18231,18264,18333,18336-18337,18380,18439,18505,18517,18569,18669,18874,18887,18910,18962,18988,19010,19101,19130,19150,19200-19201,19283,19315,19333,19350,19353,19403,19464,19501,19612,19634,19715,19780,19801,19842,19852,19900,19995-19996,20000-20002,20005,20011,20017,20021,20031-20032,20039,20052,20076,20080,20085,20089,20102,20106,20111,20118,20125,20127,20147,20179-20180,20221-20228,20280,20473,20734,20828,20883,20934,20940,20990,21011,21078,21201,21473,21571,21631,21634,21728,21792,21891,21915,22022,22063,22100,22125,22128,22177,22200,22222-22223,22273,22290,22341,22350,22555,22563,22711,22719,22727,22769,22882,22939,22959,22969,23017,23040,23052,23219,23228,23270,23296,23342,23382,23430,23451,23502,23723,23796,23887,23953,24218,24392,24416,24444,24552,24554,24616,24800,24999-25001,25174,25260,25262,25288,25327,25445,25473,25486,25565,25703,25717,25734-25735,25847,26000-26001,26007,26208,26214,26340,26417,26470,26669,26972,27000-27003,27005,27007,27009-27010,27015-27019,27055,27074-27075,27087,27204,27316,27350-27353,27355-27357,27372,27374,27521,27537,27665,27715,27770,28017,28114,28142,28201,28211,28374,28567,28717,28850-28851,28924,28967,29045,29152,29243,29507,29672,29810,29831,30000-30001,30005,30087,30195,30299,30519,30599,30644,30659,30704-30705,30718,30896,30951,31033,31038,31058,31072,31337,31339,31386,31416,31438,31522,31657,31727-31728,32006,32022,32031,32088,32102,32200,32219,32260-32261,32764-32765,32767-32792,32797-32799,32803,32807,32814-32816,32820,32822,32835,32837,32842,32858,32868-32869,32871,32888,32897-32898,32904-32905,32908,32910-32911,32932,32944,32960-32961,32976,33000,33011,33017,33070,33087,33124,33175,33192,33200,33203,33277,33327,33335,33337,33354,33367,33395,33444,33453,33522-33523,33550,33554,33604-33605,33841,33879,33882,33889,33895,33899,34021,34036,34096,34189,34317,34341,34381,34401,34507,34510,34571-34573,34683,34728,34765,34783,34833,34875,35033,35050,35116,35131,35217,35272,35349,35392-35393,35401,35500,35506,35513,35553,35593,35731,35879,35900-35901,35906,35929,35986,36046,36104-36105,36256,36275,36368,36436,36508,36530,36552,36659,36677,36694,36710,36748,36823-36824,36914,36950,36962,36983,37121,37151,37174,37185,37218,37393,37522,37607,37614,37647,37674,37777,37789,37839,37855,38029,38037,38185,38188,38194,38205,38224,38270,38292,38313,38331,38358,38446,38481,38546,38561,38570,38761,38764,38780,38805,38936,39067,39117,39136,39265,39293,39376,39380,39433,39482,39489,39630,39659,39732,39763,39774,39795,39869,39883,39895,39917,40000-40003,40005,40011,40193,40306,40393,40400,40457,40489,40513,40614,40628,40712,40732,40754,40811-40812,40834,40911,40951,41064,41123,41142,41250,41281,41318,41342,41345,41348,41398,41442,41511,41523,41551,41632,41773,41794-41795,41808,42001,42035,42127,42158,42251,42276,42322,42449,42452,42510,42559-42560,42575,42590,42632,42675,42679,42685,42735,42906,42990,43000,43002,43018,43027,43103,43139,43143,43188,43212,43231,43242,43425,43654,43690,43734,43823,43868,44004,44101,44119,44176,44200,44334,44380,44410,44431,44442-44443,44479,44501,44505,44541,44616,44628,44704,44709,44711,44965,44981,45038,45050,45100,45136,45164,45220,45226,45413,45438,45463,45602,45624,45697,45777,45864,45960,46034,46069,46115,46171,46182,46200,46310,46372,46418,46436,46593,46813,46992,46996,47012,47029,47119,47197,47267,47348,47372,47448,47544,47557,47567,47581,47595,47624,47634,47700,47777,47806,47850,47858,47860,47966,47969,48009,48067,48080,48083,48127,48153,48167,48356,48434,48619,48631,48648,48682,48783,48813,48925,48966-48967,48973,49002,49048,49132,49152-49161,49163-49173,49175-49176,49179,49186,49189-49191,49195-49197,49201-49204,49211,49213,49216,49228,49232,49235-49236,49241,49275,49302,49352,49372,49398,49400-49401,49452,49498,49500,49519-49522,49597,49603,49678,49751,49762,49765,49803,49927,49999-50003,50006,50016,50019,50040,50050,50101,50189,50198,50202,50205,50224,50246,50258,50277,50300,50356,50389,50500,50513,50529,50545,50576-50577,50585,50636,50692,50733,50787,50800,50809,50815,50831,50833-50836,50849,50854,50887,50903,50945,50997,51011,51020,51037,51067,51103,51118,51139,51191,51233-51235,51240,51300,51343,51351,51366,51413,51423,51460,51484-51485,51488,51493,51515,51582,51658,51771-51772,51800,51809,51906,51909,51961,51965,52000-52003,52025,52046,52071,52173,52225-52226,52230,52237,52262,52391,52477,52506,52573,52660,52665,52673,52675,52710,52735,52822,52847-52851,52853,52869,52893,52948,53085,53178,53189,53211-53212,53240,53313-53314,53319,53361,53370,53460,53469,53491,53535,53633,53639,53656,53690,53742,53782,53827,53852,53910,53958,54045,54075,54101,54127,54235,54263,54276,54320-54321,54323,54328,54514,54551,54605,54658,54688,54722,54741,54873,54907,54987,54991,55000,55020,55055-55056,55183,55187,55227,55312,55350,55382,55400,55426,55479,55527,55555-55556,55568-55569,55576,55579,55600,55635,55652,55684,55721,55758,55773,55781,55901,55907,55910,55948,56016,56055,56259,56293,56507,56535,56591,56668,56681,56723,56725,56737-56738,56810,56822,56827,56973,56975,57020,57103,57123,57294,57325,57335,57347,57350,57352,57387,57398,57479,57576,57665,57678,57681,57702,57730,57733,57797,57891,57896,57923,57928,57988,57999,58001-58002,58072,58080,58107,58109,58164,58252,58305,58310,58374,58430,58446,58456,58468,58498,58562,58570,58610,58622,58630,58632,58634,58699,58721,58838,58908,58970,58991,59087,59107,59110,59122,59149,59160,59191,59200-59202,59239,59340,59499,59504,59509-59510,59525,59565,59684,59778,59810,59829,59841,59987,60000,60002-60003,60020,60055,60086,60111,60123,60146,60177,60227,60243,60279,60377,60401,60403,60443,60485,60492,60504,60544,60579,60612,60621,60628,60642,60713,60728,60743,60753,60782-60783,60789,60794,60989,61159,61169-61170,61402,61473,61516,61532,61613,61616-61617,61669,61722,61734,61827,61851,61900,61942,62006,62042,62078,62080,62188,62312,62519,62570,62674,62866,63105,63156,63331,63423,63675,63803,64080,64127,64320,64438,64507,64551,64623,64680,64726-64727,64890,65000,65048,65129,65301,65310-65311,65389,65488,65514) UDP(0;) SCTP(0;) PROTOCOLS(0;)
WARNING: No targets were specified, so 0 hosts scanned.
# Nmap done at Fri Jan 22 01:59:37 2016 -- 0 IP addresses (0 hosts up) scanned in 0.10 seconds
That shows 1371 scanned ports out of 55486 in the range you gave. Note that no packets were sent in this command: it's a nice way to see exactly which ports you will scan (like the default 1000, or the top 100 with -F, or some other list with --top-ports).