diff --git a/.gitignore b/.gitignore index f5c2be8..16273ce 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -site/ +confs/ scans/ +site/ diff --git a/README.md b/README.md index c691f6c..7c21adb 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Scan hosts with nmap and display results in webpage. -* Create a configuration yaml file in site/ subdirectory (see example below). +* Create a configuration yaml file in confs/ subdirectory (see example below). It may be generated by scanning a network with `init.sh`. * Scan with `php scan_all.php` (use a cron task!). * Open index.php to see results. diff --git a/http-get.nse b/http-get.nse new file mode 100644 index 0000000..b66a981 --- /dev/null +++ b/http-get.nse @@ -0,0 +1,42 @@ +local shortport = require "shortport" + +description = [[ +Get and return a page info +]] + +--- +-- @args http-get.path Path to get. Default /. +-- +-- @usage nmap -p80 --script http-get.nse --script-args http-get.path=/ +-- +-- @output +-- body:... +-- status: 200 +-- status-line: HTTP/1.1 200 OK\x0D +-- header: ... +-- rawheader: ... +-- cookies: + +-- ssl: false +-- version: 1.1 +--- + +categories = {"discovery", "intrusive"} +author = "Adrien Malingrey" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +portrule = shortport.http + + +local http = require "http" +local stdnse = require "stdnse" + +action = function(host, port) + local path = "" + + if(stdnse.get_script_args('http-get.path')) then + path = "/" .. stdnse.get_script_args('http-get.path') + end + + return http.get( host, port, "/" .. path ) +end diff --git a/http-status.nse b/http-status.nse deleted file mode 100644 index 549d4e7..0000000 --- a/http-status.nse +++ /dev/null @@ -1,25 +0,0 @@ -local shortport = require "shortport" - -description = [[ -Get root page and return status code -]] - ---- --- @usage nmap -p80 --script http-status.nse --- --- @output --- 404 ---- - -categories = {"discovery", "intrusive"} -author = "Adrien Malingrey" -license = "Same as Nmap--See https://nmap.org/book/man-legal.html" - -portrule = shortport.http - - -local http = require "http" - -action = function(host, port) - return http.get( host, port, "/" ).status -end diff --git a/init.sh b/init.sh index 3d243aa..473e645 100755 --- a/init.sh +++ b/init.sh @@ -11,4 +11,4 @@ read site echo "Adresse réseau CIDR (xxx.xxx.xxx.xxx/xx) ?" read network nmap --script smb-enum-shares.nse -oX "scans/$site.xml" $network -xsltproc --stringparam site "$site" --stringparam network $network toyaml.xsl "scans/$site.xml" > "site/$site.yaml" +xsltproc --stringparam site "$site" --stringparam network $network toyaml.xsl "scans/$site.xml" > "confs/$site.yaml" diff --git a/results.xsl b/results.xsl index 2559652..44ce9f0 100644 --- a/results.xsl +++ b/results.xsl @@ -134,7 +134,7 @@ - ui red mini button + ui red mini button ui primary mini button diff --git a/scan_all.php b/scan_all.php index 90e4896..4821dd5 100644 --- a/scan_all.php +++ b/scan_all.php @@ -8,11 +8,12 @@ if (! function_exists('str_ends_with')) { } if (!file_exists("scans")) mkdir("scans"); +if (!file_exists("site")) mkdir("site"); -foreach (scandir("./site/") as $file) { +foreach (scandir("./confs/") as $file) { if (str_ends_with($file, ".yaml")) { $site = str_replace(".yaml", "", $file); - $yaml = yaml_parse_file("site/$file"); + $yaml = yaml_parse_file("confs/$file"); $targets = []; $services = []; @@ -46,7 +47,7 @@ foreach (scandir("./site/") as $file) { $targets = join(array_keys($targets), " "); $services = join(array_keys($services), ","); - exec("nmap -v -Pn -p $services --script smb-enum-shares.nse,./http-status.nse,./http-favicon-url.nse --script-args=httpspider.maxpagecount=1 -oX 'scans/$site.xml' $targets\n"); + exec("nmap -v -Pn -p $services --script smb-enum-shares.nse,./http-get.nse,./http-favicon-url.nse --script-args=httpspider.maxpagecount=1 -oX 'scans/$site.xml' $targets\n"); } };