NMAP Test Results - '"security.services.unknown.XXX' and convoluted results structure

[noursaidi]

Service detection is failing against unknown ports.

I also don't think the structure of the nmap tests are feasible - each nmap test (e.g. security.services.ftp) should be it's own test like the other items, and a final security.services.unknown test as a catchall.

I don't undestand why the nmap tests have a special convoluted structure to the results.

        "security.services.unknown.993": {
          "tcp_ports": {
            "993": {
              "description": "Undefined port",
              "allowed": false,
              "result": "non-compliant"
            }
          }
        },
        "security.services.unknown.995": {
          "tcp_ports": {
            "995": {
              "description": "Undefined port",
              "allowed": false,
              "result": "non-compliant"
            }
          }
        },
        "security.services.unknown.23451": {
          "tcp_ports": {
            "23451": {
              "description": "Undefined port",
              "allowed": false,
              "result": "non-compliant"
            }
          }

[jboddey]

Hi Nour, I agree. I am going to refactor this at some point. The UI will not be able to process these results.

[jboddey]

In addition to this, we need to decide how to handle unknown ports at a process level. Without an automation tool we just note them in the test plan and if they are secure protocols then this is usually fine. Is this covered under the secure_proprietary protocol test?

[jboddey]

The nmap module now provides the correct structure. However, we have not yet re implemented reporting of unknown ports. This will be added in the future. Closing.