diff --git a/.gitignore b/.gitignore index d1ae980..3edb21f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,27 +1,3 @@ -# ---> CakePHP -# CakePHP 3 - -/vendor/* -/config/app.php - -/tmp/cache/models/* -!/tmp/cache/models/empty -/tmp/cache/persistent/* -!/tmp/cache/persistent/empty -/tmp/cache/views/* -!/tmp/cache/views/empty -/tmp/sessions/* -!/tmp/sessions/empty -/tmp/tests/* -!/tmp/tests/empty - -/logs/* -!/logs/empty - -# CakePHP 2 - -/app/tmp/* -/app/Config/core.php -/app/Config/database.php -/vendors/* - +scans/ +script-args.ini +test.php diff --git a/README.md b/README.md index 7bd1916..9365ac1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,19 @@ -# LanScan +# nmap-webui +A simple web interface for Nmap for network discovery and monitoring -Web UI for nmap \ No newline at end of file +## Dependencies + +As most of the `nmap` features requires to be `root`, you will have to run this command to avoid the need to specify the password when the interface will invocate `nmap`. + +```bash +# Authorize nmap to run as root without password +echo "$USER ALL = NOPASSWD: $(which nmap)" | sudo tee -a /etc/sudoers.d/nmap +``` + +Allow web server to save scans: + +```bash +mkdir scans +chown www-data scans +chmod 750 scans +``` \ No newline at end of file diff --git a/bg.jpg b/bg.jpg new file mode 100644 index 0000000..15d9c86 Binary files /dev/null and b/bg.jpg differ diff --git a/bg2.jpg b/bg2.jpg new file mode 100644 index 0000000..ad5b7e2 Binary files /dev/null and b/bg2.jpg differ diff --git a/bg3.jpg b/bg3.jpg new file mode 100644 index 0000000..5dd07eb Binary files /dev/null and b/bg3.jpg differ diff --git a/config.php b/config.php new file mode 100644 index 0000000..b5cdd06 --- /dev/null +++ b/config.php @@ -0,0 +1,28 @@ + $DATADIR, + "--script-args-file" => $SCRIPTARGSFILE, +]; +$PRESETS = [ + "lanScan" => [ + "-PS" => "microsoft-ds", + "-F" => true, + "-T" => 5, + "--script" => "http-info,smb-shares-size", + "--stylesheet" => "lanTable.xsl", + ], + "host" => [ + "-A" => true, + "-T" => 5, + "--script" => "http-info,smb-shares-size", + "--stylesheet" => "hostDetails.xsl", + ], +]; diff --git a/favicon.ico b/favicon.ico new file mode 100644 index 0000000..7126596 Binary files /dev/null and b/favicon.ico differ diff --git a/index.php b/index.php new file mode 100644 index 0000000..d90cbdb --- /dev/null +++ b/index.php @@ -0,0 +1,145 @@ + + + + + + + lanScan + + + + + + + + +
+
+ + + +
+ +
Erreur
+

+
+ + +
+
+

Découvrir ou superviser un réseau

+
+
+ +
+
+ +
+ +
+ +
+
+
+ +
+ Options avancées +
+
+ + +
+
+
Scans enregistrés
+
+ + + \n"; + } + } + ?> + +
$nameRescanner
+
+
+
+ +
+
+ + + + + + + + + + + + + + + + + + + lanScan + + + + + + + + +
+
+ + + +
+ +
Erreur
+

+
+ + +
+
+

Découvrir ou superviser un réseau

+
+ +
+
+ +
+ Options avancées +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/moi.xml b/moi.xml new file mode 100644 index 0000000..2d4a2ab --- /dev/null +++ b/moi.xml @@ -0,0 +1,147 @@ + + + + + + + + + +
+
+ + + + +
+
+ + + + +
+
+ + + + +
+
+ + + + +
+
+ + + + +
+
+ + + + + + + + + + + + +
+
+ + + + + + + + + +
+
+ + + + + + + + + +
+
+ + + + + + + + + + + + +
+
+ + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + diff --git a/options.php b/options.php new file mode 100755 index 0000000..fd413a9 --- /dev/null +++ b/options.php @@ -0,0 +1,830 @@ + + + + + + + + lanScan + + + + + + + + + + + + + +
+ +

Scanner un réseau

+ +
+
+ + +
+ +
+
Spécification des cibles
+
+
+ + +
+ +
+ + +
+
+ +
Découverte des hôtes actifs
+
+
+
+ + +
+
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ +
+ + +
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+ +
+ + +
+
+ +
Techniques de scan de ports
+
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+
+ + +
+
+
+ +
Spécifications des ports et ordre du scan
+
+
+
+ + +
+
+ +
+
+ + +
+
+ +
+ + +
+ +
+
+ + +
+
+
+ +
Détection de services et de versions
+
+
+
+ + +
+
+ +
+
+ + +
+
+ +
+ + +
+ +
+
+ + +
+
+
+ +
Scripts
+
+
+
+ + +
+
+ +
+ + +
+ +
+ + +
+ +
+
+ + +
+
+ +
+
+ + +
+
+
+ +
Détection du système d'exploitation
+
+
+
+ + +
+
+ +
+
+ + +
+
+ +
+
+ + +
+
+ +
+ + +
+
+ +
Temporisation et performances
+
+
+ + +
+ +
+ +
+
+ + +
+
+ + +
+
+
+ +
+ +
+
+ + +
+
+ + +
+
+
+ +
+ +
+
+ +
+ + +
+ +
+
+ +
+ + +
+ +
+
+ +
+ + +
+ +
+
+
+ +
+ + +
+ +
+ +
+ + +
+ +
+ +
+
+ +
+ + +
+ +
+
+ +
+ + +
+ +
+
+
+
+ + +
+
+
+ +
Évitement de pare-feux/IDS et mystification
+
+
+
+
+ + +
+
+
+
+ + +
+
+
+ +
+
+ +
+ +
bits
+
+
+ +
+ +
+ +
bits
+
+
+
+ +
+ + +
+ +
+
+ + +
+
+ + +
+
+ +
+
+ + +
+
+ + +
+
+ +
+ + +
+ +
+
+ + +
+
+
+ +
Options diverses
+
+
+ + +
+ +
+
+ + +
+
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+
+
+ +
+ +
+ +
+
+ + +
+
+ + + + + $name\n"; + } + } + } + ?> + + + + \n"; + if (file_exists("$dir/nmap-services")) { + $nmap_services = file("$dir/nmap-services"); + foreach ($nmap_services as $service) { + if (0 !== strpos($service, '#')) { + [$name, $port] = explode("\t", $service); + $services[$name] = explode("/", $port); + } + } + } + } + foreach ($services as $name => [$portid, $protocol]) { + echo " \n"; + } + ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \n"; + } + } + } + ?> + + + + + + + \ No newline at end of file diff --git a/rdp.php b/rdp.php new file mode 100644 index 0000000..5ef0e94 --- /dev/null +++ b/rdp.php @@ -0,0 +1,15 @@ +:\/|?]+$/'; + +$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $fileNameRegex], "flags" => FILTER_NULL_ON_FAILURE]); +if (!$name) { + die("Paramètre manquant ou incorrect : name"); +} + +$path = "$SCANSDIR/$name.xml"; +if (!file_exists($path)) { + die("Scan inconnu : $name"); +} + +$xml = simplexml_load_file($path); +$cmd = $xml["args"]; +if (substr($cmd, 0, 5) != "nmap ") { + die("Erreur : $path n'est pas un fichier de scan nmap"); +} + +$cmd = $NMAP . substr($xml["args"], 4); + +header('Content-type: text/xml'); +system("$cmd", $retcode); + +exit(); diff --git a/rm.php b/rm.php new file mode 100644 index 0000000..7e1771a --- /dev/null +++ b/rm.php @@ -0,0 +1,23 @@ + ['regexp' => $fileNameRegex], "flags" => FILTER_NULL_ON_FAILURE]); +if (!$name) { + die("Paramètre manquant ou incorrect : name"); +} + +$path = "$SCANSDIR/$name.xml"; +if (!file_exists($path)) { + die("Scan inconnu : $name"); +} + +unlink($path); + +header('Location: .'); \ No newline at end of file diff --git a/scan.php b/scan.php new file mode 100644 index 0000000..8cd4111 --- /dev/null +++ b/scan.php @@ -0,0 +1,162 @@ + ['regexp' => $targetListRegex], "flags" => FILTER_NULL_ON_FAILURE]); +$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $fileNameRegex], "flags" => FILTER_NULL_ON_FAILURE]); + +$preset = filter_input(INPUT_GET, "preset", FILTER_SANITIZE_FULL_SPECIAL_CHARS); +if ($preset && isset($PRESETS[$preset])) { + $inputs = $PRESETS[$preset]; +} else { + $hostsListRegex = '/^[\da-zA-Z-.,:\/]+$/'; + $protocolePortsListRegex = '/^(([TU]:)?[0-9\-]+|[a-z\-]+)(,([TU]:)?[0-9\-]+|,[a-z\-]+)*$/'; + $portsListRegex = '/^([0-9\-]+|[a-z\-]+)(,[0-9\-]+|,[a-z\-]+)*$/'; + $tempoRegex = '/^\d+[smh]?$/'; + + $inputs = filter_input_array(INPUT_GET, [ + // TARGET SPECIFICATION: + '-iR' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]], + '--exclude' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]], + // HOST DISCOVERY: + '-sL' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]], + '-sP' => FILTER_VALIDATE_BOOLEAN, + '-P0' => FILTER_VALIDATE_BOOLEAN, + '-Pn' => FILTER_VALIDATE_BOOLEAN, + '-PS' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]], + '-PA' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]], + '-PU' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]], + '-PE' => FILTER_VALIDATE_BOOLEAN, + '-PP' => FILTER_VALIDATE_BOOLEAN, + '-PM' => FILTER_VALIDATE_BOOLEAN, + '-PO' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 255]], + '-PR' => FILTER_VALIDATE_BOOLEAN, + '--send-ip' => FILTER_VALIDATE_BOOLEAN, + '-n' => FILTER_VALIDATE_BOOLEAN, + '-R' => FILTER_VALIDATE_BOOLEAN, + '--dns-servers' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]], + // SCAN TECHNIQUES: + '-sS' => FILTER_VALIDATE_BOOLEAN, + '-sT' => FILTER_VALIDATE_BOOLEAN, + '-sA' => FILTER_VALIDATE_BOOLEAN, + '-sW' => FILTER_VALIDATE_BOOLEAN, + '-sM' => FILTER_VALIDATE_BOOLEAN, + '-sF' => FILTER_VALIDATE_BOOLEAN, + '-sN' => FILTER_VALIDATE_BOOLEAN, + '-sX' => FILTER_VALIDATE_BOOLEAN, + '-sU' => FILTER_VALIDATE_BOOLEAN, + '--scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^(URG|ACK|PSH|RST|SYN|FIN|,)+|[1-9]?[0-9]|[1-2][0-9][0-9]$/']], + '-sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-zA-Z\d:.-]+(:\d+)?$/']], + '-sO' => FILTER_VALIDATE_BOOLEAN, + '-b' => FILTER_VALIDATE_URL, + '--traceroute' => FILTER_VALIDATE_BOOLEAN, + '--reason' => FILTER_VALIDATE_BOOLEAN, + // PORT SPECIFICATION AND SCAN ORDER: + '-p' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]], + '-F' => FILTER_VALIDATE_BOOLEAN, + '-r' => FILTER_VALIDATE_BOOLEAN, + '--top-ports' => FILTER_VALIDATE_INT, + '--port-ratio' => ['filter' => FILTER_VALIDATE_FLOAT, 'options' => ['min_range' => 0, 'max_range' => 1]], + // SERVICE/VERSION DETECTION: + '-sV' => FILTER_VALIDATE_BOOLEAN, + '--version-light' => FILTER_VALIDATE_BOOLEAN, + '--version-intensity' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 9]], + '--version-all' => FILTER_VALIDATE_BOOLEAN, + '--version-trace' => FILTER_VALIDATE_BOOLEAN, + // SCRIPT SCAN: + '-sC' => FILTER_VALIDATE_BOOLEAN, + '--script' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z][a-z0-9,\-\.\/]*$/']], + '--script-args' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^([a-zA-Z][a-zA-Z0-9\-_]*=[^"]+(,[a-zA-Z][a-zA-Z0-9\-_]*=[^"]+)?)$/']], + // OS DETECTION: + '-O' => FILTER_VALIDATE_BOOLEAN, + '--osscan-limit' => FILTER_VALIDATE_BOOLEAN, + '--osscan-guess' => FILTER_VALIDATE_BOOLEAN, + '--max-os-tries' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]], + // TIMING AND PERFORMANCE: + '-T' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 5]], + '--min-hostgroup' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]], + '--max-hostgroup' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]], + '--min-parallelism' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]], + '--max-parallelism' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]], + '--min-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]], + '--max-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]], + '--initial-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]], + '--max-retries' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]], + '--host-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]], + '--scan-delay' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]], + '--max-scan-delay' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]], + // FIREWALL/IDS EVASION AND SPOOFING: + '-f' => FILTER_VALIDATE_INT, + '--mtu' => FILTER_VALIDATE_INT, + '-D' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]], + '-S' => ['filter' => FILTER_VALIDATE_IP], + '-e' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z\d]+$/']], + '-g' => FILTER_VALIDATE_INT, + '--source-port' => FILTER_VALIDATE_INT, + '--data-length' => FILTER_VALIDATE_INT, + '--ip-options' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^(R|T|U|L [\da-zA-Z-.: ]+|S [\da-zA-Z-.: ]+|\\\\x[\da-fA-F]{1,2}(\*[\d]+)?|\\\\[0-2]?[\d]{1,2}(\*[\d]+)?)$/']], + '--ttl' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 255]], + '--spoof-mac' => FILTER_VALIDATE_MAC, + '--badsum' => FILTER_VALIDATE_BOOLEAN, + // MISC: + // '-6' => FILTER_VALIDATE_BOOLEAN, + '-A' => FILTER_VALIDATE_BOOLEAN, + '--send-eth' => FILTER_VALIDATE_BOOLEAN, + '--send-ip' => FILTER_VALIDATE_BOOLEAN, + '--privileged' => FILTER_VALIDATE_BOOLEAN, + '--unprivileged' => FILTER_VALIDATE_BOOLEAN, + '--stylesheet' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $fileNameRegex]], + ], false); +} + +$inputs['--stylesheet'] = "$BASEDIR/$STYLESHEETSDIR/{$inputs['--stylesheet']}?"; +if ($name) $inputs['--stylesheet'] .= "name=$name"; + +$options = ""; +foreach (array_merge($COMMONOPTIONS, $inputs) as $option => $value) { + if (substr($option, 0, 1) == '-') { + if (is_null($value)) { + http_response_code(400); + $errorMessage = "Valeur incorrecte pour le paramètre $option : " . filter_input(INPUT_GET, $option, FILTER_SANITIZE_FULL_SPECIAL_CHARS); + include_once "index.php"; + die(); + } else if ($value) { + if ($value === true) { + $options .= " $option"; + } else { + if (substr($option, 0, 2) == '--') + $options .= " $option " . escapeshellarg($value); + else + $options .= " $option" . escapeshellarg($value); + } + } + } +} + +$cmd = "$NMAP$options -oX - $target"; + +if ($cmd) { + if ($name) { + if (!file_exists($SCANSDIR)) + mkdir($SCANSDIR); + + $path = "$SCANSDIR/$name.xml"; + $cmd .= " | tee " . escapeshellarg($path); + } + + header('Content-type: text/xml'); + system("$cmd", $retcode); + + if ($retcode) { + http_response_code(405); + die(); + } + + exit(); +} + +include_once "index.php"; +die(); diff --git a/script-args.ini b/script-args.ini new file mode 100644 index 0000000..088260e --- /dev/null +++ b/script-args.ini @@ -0,0 +1,3 @@ +smbdomain = AUTH +smbuser = application.drieat +smbpassword = d+iFiWn4!cAzdr3KopiM>EA diff --git a/script.js b/script.js new file mode 100644 index 0000000..0acedea --- /dev/null +++ b/script.js @@ -0,0 +1,15 @@ +function toggleTheme() { + if (document.body.classList.contains('inverted')) { + $(".inverted").addClass("light").removeClass("inverted") + $("#toggleThemeButton i").addClass("moon").removeClass("sun") + localStorage.setItem("laScanTheme", "light") + } else { + $(".light").addClass("inverted").removeClass("light") + $("#toggleThemeButton i").addClass("sun").removeClass("moon") + localStorage.setItem("laScanTheme", "dark") + } +} + +if (localStorage.getItem("laScanTheme") === "light") { + toggleTheme() +} \ No newline at end of file diff --git a/scripts/README.md b/scripts/README.md new file mode 100644 index 0000000..10f436d --- /dev/null +++ b/scripts/README.md @@ -0,0 +1,34 @@ +# nmap-scripts + +## http-info.nse + +Return status, title and favicon URL of a webpage + +```lua +@args http-get.path Path to get. Default /. +@usage nmap -phttp,https --script http-info.nse --script-args http-info.path=/ +@output +80/tcp open http +| http-info: +| status-line: HTTP/1.1 200 OK\x0D +| +| title: Go ahead and ScanMe! +| favicon: http://scanme.nmap.org:80/shared/images/tiny-eyeicon.png +|_ status: 200 +``` + +## smb-shares-size.nse + +Return free and total size in octets of each SMB shares + +```lua +@args See the documentation for the smbauth library. +@usage nmap -p137-139,445 --script smb-shares-size.nse --script-args-file smb-shares-size.ini +@output +Host script results: +| smb-shares-size: +| data: +| FreeSize: 38495883264 +| TotalSize: 500961574912 +|_ IPC$: NT_STATUS_ACCESS_DENIED +``` diff --git a/scripts/http-info.nse b/scripts/http-info.nse new file mode 100644 index 0000000..885c5cd --- /dev/null +++ b/scripts/http-info.nse @@ -0,0 +1,113 @@ +local shortport = require "shortport" + +description = [[ +Return status, title and favicon URL of a webpage +]] + +--- +-- @args http-get.path Path to get. Default /. +-- +-- @usage nmap -phttp,https --script http-info.nse --script-args http-info.path=/ +-- +-- @output +-- 80/tcp open http +-- | http-info: +-- | status-line: HTTP/1.1 200 OK\x0D +-- | +-- | title: Go ahead and ScanMe! +-- | favicon: http://scanme.nmap.org:80/shared/images/tiny-eyeicon.png +-- |_ status: 200 +--- + +categories = {"discovery", "intrusive"} +author = "Adrien Malingrey" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +portrule = shortport.http + +local http = require "http" +local stdnse = require "stdnse" + +action = function(host, port) + local scheme = "" + local hostaddress = (host.name ~= '' and host.name) or host.ip + local path = "/" + local favicon_relative_uri = "/favicon.ico" + local favicon + + stdnse.debug1("port", port.service) + if (port.service == "ssl") then + scheme = "https" + else + scheme = port.service + end + stdnse.debug1("scheme", scheme) + + if(stdnse.get_script_args('http-get.path')) then + path = stdnse.get_script_args('http-info.path') + end + + stdnse.debug1("Try to download %s", path) + local answer = http.get(hostaddress, port, path) + + local output = {status=answer.status, ["status-line"]=answer["status-line"]} + + if (answer and answer.status == 200) then + stdnse.debug1("[SUCCESS] Load page %s", path) + -- Taken from http-title.nse by Diman Todorov + local title = string.match(answer.body, "<[Tt][Ii][Tt][Ll][Ee][^>]*>([^<]*)") + if (title) then + output.title = title + end + stdnse.debug1("[INFO] Try favicon %s", favicon_relative_uri) + favicon_relative_uri = parseIcon(answer.body) or favicon_relative_uri + else + stdnse.debug1("[ERROR] Can't load page %s", path) + end + + favicon = http.get(hostaddress, port, favicon_relative_uri) + + if (favicon and favicon.status == 200) then + stdnse.debug1("[SUCCESS] Load favicon %s", favicon_relative_uri) + output.favicon = favicon_relative_uri + else + stdnse.debug1("[ERROR] Can't load favicon %s", favicon_relative_uri) + end + + return output +end + +--- function taken from http_favicon.nse by Vlatko Kosturjak + +function parseIcon( body ) + local _, i, j + local rel, href, word + + -- Loop through link elements. + i = 0 + while i do + _, i = string.find(body, "<%s*[Ll][Ii][Nn][Kk]%s", i + 1) + if not i then + return nil + end + -- Loop through attributes. + j = i + while true do + local name, quote, value + _, j, name, quote, value = string.find(body, "^%s*(%w+)%s*=%s*([\"'])(.-)%2", j + 1) + if not j then + break + end + if string.lower(name) == "rel" then + rel = value + elseif string.lower(name) == "href" then + href = value + end + end + for word in string.gmatch(rel or "", "%S+") do + if string.lower(word) == "icon" then + return href + end + end + end +end diff --git a/scripts/smb-shares-size.nse b/scripts/smb-shares-size.nse new file mode 100644 index 0000000..324bf2a --- /dev/null +++ b/scripts/smb-shares-size.nse @@ -0,0 +1,206 @@ +local shortport = require "shortport" + +description = [[ +Return free and total size in octets of each SMB shares +]] + +--- +-- @args See the documentation for the smbauth library. +-- +-- @usage nmap -p137-139,445 --script smb-shares-size.nse --script-args-file smb-authentication.ini +-- +-- @output +-- Host script results: +-- | smb-shares-size: +-- | data: +-- | FreeSize: 38495883264 +-- | TotalSize: 500961574912 +-- |_ IPC$: NT_STATUS_ACCESS_DENIED +--- + +categories = {"discovery", "intrusive"} +author = "Adrien Malingrey" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +portrule = shortport.service({"microsoft-ds", "netbios-ssn", "smb"}) + +local stdnse = require "stdnse" +local smb = require "smb" +local smb2 = require "smb2" +local msrpc = require "msrpc" +local bin = require "bin" + +action = function(host) + local status, shares, extra + local response = stdnse.output_table() + + -- Try and do this the good way, make a MSRPC call to get the shares + stdnse.debug1("SMB: Attempting to log into the system to enumerate shares") + status, shares = msrpc.enum_shares(host) + if(status == false) then + return stdnse.format_output(false, string.format("Couldn't enumerate shares: %s", shares)) + end + + -- Get more information on each share + for i = 1, #shares, 1 do + local share = shares[i] + if (share ~= nil) then + local status, result = get_share_info(host, share) + if (status) then + response[share] = result + end + end + end + + return response +end + +TRANS2_QUERY_FS_INFORMATION = 0x0003 +SMB_QUERY_FS_SIZE_INFO = 0x0103 +---Attempts to retrieve additional information about a share. Will fail unless we have +-- administrative access. +-- +--@param host The host object. +--@return Status (true or false). +--@return A table of information about the share (if status is true) or an an error string (if +-- status is false). +function get_share_info(host, share) + local status, smbstate, err + local hostaddress = (host.name ~= '' and host.name) or host.ip + local path = "\\\\" .. hostaddress .. "\\" .. share + + status, smbstate = smb.start(host) + status, err = smb.negotiate_protocol(smbstate, {}) + status, err = smb.start_session(smbstate, {}) + status, err = smb.tree_connect(smbstate, path, {}) + + stdnse.debug1("SMB: Getting information for share: %s", path) + + local status, err = send_transaction2(smbstate, TRANS2_QUERY_FS_INFORMATION, bin.pack(" .detail { + margin-left: 0.3em; + text-transform: capitalize; +} + +.ui.form .fields > .field { + width: 100%; +} + +.ui.ui.form .field .fields .field:not(:only-child) .ui.checkbox { + margin-top: 0; +} + +.ui.dropdown.label { + min-width: auto; +} + +.ui.dropdown.label > .remove.icon { + right: 2.3em; +} + +.toast-container .ui.header { + text-transform: capitalize; +} + +.share-size { + --free-ratio: calc(var(--free) / var(--total)); + --used-percent: calc(100% - 100% * var(--free-ratio)); + --color: hsl(calc(120 * var(--free-ratio)) 100% 50%); + background-image: linear-gradient( + to right, + var(--color) var(--used-percent), + transparent var(--used-percent), + transparent + ) !important; + text-align: center !important; +} + +.mini.share-size { + font-size: 0.64285714rem !important; +} + +.ui.card .table { + overflow-x: auto; +} + +.inverted tags { + background-color: white; +} diff --git a/stylesheets/hostDetails.xsl b/stylesheets/hostDetails.xsl new file mode 100644 index 0000000..2a4536e --- /dev/null +++ b/stylesheets/hostDetails.xsl @@ -0,0 +1,426 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
+ +
Résultat de la commande :
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+
+ + ui horizontal label + + green + red + + + +
+ + + + + + + + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Adresse IPv4Adresse MACConstructeurOSDistanceDernier redémarrage
+ + + + + + + + + + + + étape(s) + + +
+ + +
+
+ Informations supplémentaires
+
+ +
+
+ + +

Services

+ +
+ + + + + +
+ + + + + + + + + + + + + + red + orange + green + green + orange + red + + + +
+
+
+
+
+ + : +
+ +
+ + + + / + + + +
+
+ + + + + + + + v + + + + + + + + +
+ +
+
+ Détails
+
+ +
+
+ +
+
+
+ + + + + + rdp.php?v= + + &p= + + + + + + https + + + + + + :// + + : + + + + + + Ouvrir + + + + + +
+ + + + +
+
+ + +
+
+ + + + + + + +
+ + + + + + + +
+
+ + + + + +
+
+ + +
+
+ + + + + +
+ + +
+
+ + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + +

Traceroute

+ + + + + + + + + + + + +
ÉtapeAdresseTemps
+ + + + + + + + + + + + ( + + ) + + + + + + + + + ms + + + + + \ No newline at end of file diff --git a/stylesheets/lanTable.xsl b/stylesheets/lanTable.xsl new file mode 100644 index 0000000..7c6e0c4 --- /dev/null +++ b/stylesheets/lanTable.xsl @@ -0,0 +1,316 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +

+ + + +
+ +
+ + + + + +

+ + + + + + + + + + + + + + + + + + + + +
ÉtatAdresse IPNomConstructeurServices + +
+
+ +
Résultat de la commande :
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + positive + negative + + + + + +
+ + ui mini circular label + + green + red + + + +
+ + +
down
+ + + + + + + + + + + + + . + + + + + + + + + + + + + + + + + + + + scan.php?target= + + &preset=host + + + + + + + + + + + + + + + + + + ui mini label + dropdown button share-size + + red + orange + green + green + orange + red + + + + + + + + --free: + + ; --total: + + + + + + + + + + https + + + + + + :// + + : + + + + + + rdp.php?v= + + &p= + + + + + : + + + + + : + : + + + + + + + + + +
+ + + +
+ + + + + + + + + + \ No newline at end of file diff --git a/stylesheets/lib/head.xsl b/stylesheets/lib/head.xsl new file mode 100644 index 0000000..10b4c83 --- /dev/null +++ b/stylesheets/lib/head.xsl @@ -0,0 +1,59 @@ + + + + + + + + + + + + + + 300 + + ;URL=rescan.php?name= + + + + + + <xsl:choose> + <xsl:when test="$name"> + <xsl:value-of select="$name" /> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$target" /> + </xsl:otherwise> + </xsl:choose> + <xsl:text> - lanScan</xsl:text> + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/stylesheets/lib/nav.xsl b/stylesheets/lib/nav.xsl new file mode 100644 index 0000000..44d978f --- /dev/null +++ b/stylesheets/lib/nav.xsl @@ -0,0 +1,115 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/stylesheets/lib/services.xsl b/stylesheets/lib/services.xsl new file mode 100644 index 0000000..b4c5c80 --- /dev/null +++ b/stylesheets/lib/services.xsl @@ -0,0 +1,116 @@ + + + + + + + + + + + + + + + + + dropdown button + share-size + + + red + + orange + + green + green + orange + red + + + + + + + + --free: + + ; --total: + + + + + + + + + + https + + + + + + :// + + : + + + + + + rdp.php?v= + + &p= + + + + + : + + + + + : + : + + + + + + + + + +
+ + + +
+ + + + + + + + + \ No newline at end of file diff --git a/stylesheets/lib/toast.xsl b/stylesheets/lib/toast.xsl new file mode 100644 index 0000000..d8ed49a --- /dev/null +++ b/stylesheets/lib/toast.xsl @@ -0,0 +1,44 @@ + + + + + + + + + \ No newline at end of file