datadir

2024-10-18 12:11:45 +02:00 · 2024-10-18 12:11:45 +02:00 · a773e8b8d9
commit a773e8b8d9
parent 54116d27d0
3 changed files with 13 additions and 16 deletions
--- a/config.php
+++ b/config.php
@ -2,7 +2,8 @@

 $BASEDIR = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}" . dirname($_SERVER['REQUEST_URI']);
 $SCANSDIR = 'scans';
-$DATADIR  = '/usr/share/nmap';
+$NMAPDIR  = dirname(`which nmap`) . "/../share/nmap";
+$DATADIR = ".";

 $presets = [
    "lan" => [
@ -18,7 +19,7 @@ $presets = [
        '-F'            => true,
        '-sV'           => true,
        '-T5'           => true,
-        '--script'      => "scripts",
+        '--datadir'     => "$DATADIR",
        '--stylesheet'  => "$BASEDIR/xslt/servicesTable.xsl",
        'refreshPeriod' => 60,
        'sudo'          => true,
--- a/options.php
+++ b/options.php
@ -473,7 +473,7 @@ foreach (scandir($SCANSDIR) as $filename) {

  <datalist id='servicesList'>
 <?php
-$nmap_services = file("$DATADIR/nmap-services");
+$nmap_services = file("$NMAPDIR/nmap-services");
 $services = [];
 foreach ($nmap_services as $service) {
  if (0 !== strpos($service, '#')) {
@ -513,19 +513,14 @@ foreach ($services as $name => [$portid, $protocol]) {
    <option value="version"></option>
    <option value="vuln"></option>
    <!-- names -->
-    <option value="scripts/"></option>
 <?php
-foreach (scandir("scripts") as $filename) {
-  if (substr($filename, -4) === '.nse') {
-    $name = substr($filename, 0, -4);
-    echo "    <option value='scripts/$name'></option>\n";
-  }
-}
-foreach (scandir("$DATADIR/scripts") as $filename) {
+foreach ([$NMAPDIR, $DATADIR] as $dir) {
+  foreach (scandir("$dir/scripts") as $filename) {
    if (substr($filename, -4) === '.nse') {
      $name = substr($filename, 0, -4);
      echo "    <option value='$name'></option>\n";
    }
+  }
 }
 ?>
  </datalist>
--- a/scan.php
+++ b/scan.php
@ -1,5 +1,6 @@
 <?php

+include_once 'config.php';
 include_once 'filter_inputs.php';

 if (!file_exists($SCANSDIR)) mkdir($SCANSDIR);
@ -16,8 +17,8 @@ foreach ($options as $arg => $value) {
            if ($value === true) {
                $command .= " $arg";
            } else {
-                if (substr($arg, 0, 2) == '--') $command .= " $arg $value";
-                else $command .= " $arg$value";
+                if (substr($arg, 0, 2) == '--') $command .= " $arg " . escapeshellarg($value);
+                else $command .= " $arg" . escapeshellarg($value);
            }
        }
    }