From b197af448ab5b1db640f8056715972b96364fa27 Mon Sep 17 00:00:00 2001
From: adrien <adrien@malingrey.fr>
Date: Sun, 13 Oct 2024 04:37:49 +0200
Subject: [PATCH] quote in name, params on index link
---
filter_inputs.php | 7 +--
index.php | 61 ++++++++++----------
options.php | 27 ++-------
scan.php | 13 ++---
style.css | 2 +-
stylesheet.xsl | 143 +++++++++++++++++++++++-----------------------
6 files changed, 116 insertions(+), 137 deletions(-)
diff --git a/filter_inputs.php b/filter_inputs.php
index ae9054d..db5c658 100644
--- a/filter_inputs.php
+++ b/filter_inputs.php
@@ -5,7 +5,7 @@ $targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
'options' => ['regexp' => "/^[\da-zA-Z-. \/]+$/"],
]);
-$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
+$saveAs = filter_input(INPUT_GET, 'saveAs', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[^<>:"\/|?]+$/'],
]);
@@ -49,10 +49,6 @@ $inputs = filter_input_array(INPUT_GET, [
'sF' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'sN' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'sX' => ['filter' => FILTER_VALIDATE_BOOLEAN],
- 'PU' => ['filter' => FILTER_VALIDATE_BOOLEAN],
- 'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
- 'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
- 'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^([URG|ACK|PSH|RST|SYN|FIN]+)$|^([0-2]?\d?\d)$/"]],
'sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^[a-zA-Z\d:.-]+(:\d+)?$/"]],
'sO' => ['filter' => FILTER_VALIDATE_BOOLEAN],
@@ -110,7 +106,6 @@ $inputs = filter_input_array(INPUT_GET, [
//'6' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'A' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'send-eth' => ['filter' => FILTER_VALIDATE_BOOLEAN],
- 'send-ip' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'privileged' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'V' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'unprivileged' => ['filter' => FILTER_VALIDATE_BOOLEAN],
diff --git a/index.php b/index.php
index fada129..e733b94 100755
--- a/index.php
+++ b/index.php
@@ -19,47 +19,50 @@ include_once 'filter_inputs.php';
</head>
<body>
- <nav class="ui inverted teal fixed menu">
- <a class="header item" href=".">
- lan<?php include 'logo.svg'; ?>can
- </a>
- <div class="right menu">
- <form class="ui category search item" onsubmit="targetsInputDiv.classList.add('loading')">
- <div class="fiels">
+ <form>
+ <nav class="ui inverted teal fixed menu">
+ <button class="ui teal button item" type="submit" formmethod="get" formaction=".">
+ lan<?php include 'logo.svg'; ?>can
+ </button>
+ <div class="right menu">
+ <div class="ui category search item">
<div id="targetsInputDiv" class="ui icon input">
<input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required
pattern="[a-zA-Z0-9._\/ \-]+" value="<?= $targets; ?>" placeholder="Scanner un réseau..."
title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
- Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.0-255.0-255.1-254" />
+Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.0-255.0-255.1-254" />
<i class="satellite dish icon"></i>
</div>
- <button style="display: none;" type="submit" formmethod="get" formaction="scan.php"></button>
+<?php
+foreach($inputs as $name => $value) {
+ echo " <input type='hidden' name='$name' value='$value'/>\n";
+}
+?>
+ <button style="display: none;" type="submit" formmethod="get" formaction="scan.php" onsubmit="targetsInputDiv.classList.add('loading')"></button>
<button class="ui teal icon submit button" type="submit" formmethod="get" formaction="options.php" onclick="targetsInput.required=false">
<i class="sliders horizontal icon"></i>
</button>
</div>
- </form>
- </div>
- </nav>
+ </div>
+ </nav>
+ </form>
<main class="ui main container">
- <div class="ui middle aligned center aligned grid">
- <div class="ui large relaxed card">
- <div class="content">
- <div class="header">Précédents scans</div>
- <div class="ui divided link list">
- <?php
- if (!file_exists($SCANS_DIR)) {
- mkdir($SCANS_DIR);
- }
- foreach (scandir($SCANS_DIR) as $scan) {
- if (substr($scan, -4) == '.xml') {
- $targets = str_replace('!', '/', substr_replace($scan, '', -4));
- echo "<a class='item' href='scan.php?targets=" . urlencode($targets) . "'>$targets</a>\n";
- }
- }
- ?>
- </div>
+ <h1 class="ui header">Précédents scans</h1>
+ <div class="ui large relaxed card">
+ <div class="content">
+ <div class="ui divided link list">
+<?php
+if (!file_exists($SCANS_DIR)) {
+ mkdir($SCANS_DIR);
+}
+foreach (scandir($SCANS_DIR) as $filename) {
+ if (substr($filename, -4) == '.xml') {
+ $name = str_replace('!', '/', substr_replace($filename, '', -4));
+ echo "<a class='item' href='".htmlentities("$SCANS_DIR/$filename", ENT_QUOTES)."'>$name</a>\n";
+ }
+}
+?>
</div>
</div>
</div>
diff --git a/options.php b/options.php
index b698ade..9aa1218 100755
--- a/options.php
+++ b/options.php
@@ -40,10 +40,10 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
</div>
<div class="field">
- <label for="nameInput">Enregistrer sous le nom</label>
- <input id="nameInput" type="text" name="name" placeholder="Réseau local" pattern='[^<>:"\\\/\|@?]+'
- title='Caractères interdits : <>:"\/|@?'
- value="<?= htmlspecialchars($name); ?>">
+ <label for="saveAsInput">Enregistrer sous le nom</label>
+ <input id="saveAsInput" type="text" name="saveAs" placeholder="Réseau local" pattern='[^<>:"\\\/\|@?]+'
+ title="Caractères interdits : <>:"\/|@?"
+ value="<?= htmlentities($saveAs, ENT_QUOTES); ?>">
</div>
<div class="ui styled fluid accordion field">
@@ -225,25 +225,6 @@ foreach (scandir($SCANS_DIR) as $filename) {
<button type="submit" class="ui teal submit button">Démarrer</button>
</form>
-
- <h2 class="ui header">Précédents scans</h2>
- <div class="ui fluid relaxed card">
- <div class="content">
- <div class="ui divided link list">
- <?php
- if (!file_exists($SCANS_DIR)) {
- mkdir($SCANS_DIR);
- }
- foreach (scandir($SCANS_DIR) as $scan) {
- if (substr($scan, -4) == '.xml') {
- $targets = str_replace('!', '/', substr_replace($scan, '', -4));
- echo "<a class='item' href='scan.php?targets=" . urlencode($targets) . "'>$targets</a>\n";
- }
- }
- ?>
- </div>
- </div>
- </div>
</main>
<datalist id='targetsList'>
diff --git a/scan.php b/scan.php
index 5ff162d..62a8958 100755
--- a/scan.php
+++ b/scan.php
@@ -12,8 +12,6 @@ if (!file_exists($SCANS_DIR)) {
mkdir($SCANS_DIR);
}
-$basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}" . dirname($_SERVER['REQUEST_URI']);
-
$args = '';
foreach ($inputs as $arg => $value) {
if (is_null($value)) {
@@ -30,6 +28,7 @@ foreach ($inputs as $arg => $value) {
}
}
+$basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}" . dirname($_SERVER['REQUEST_URI']);
exec("nmap$args --stylesheet $basedir/stylesheet.xsl -oX - $targets 2>&1", $result, $code);
if ($code) {
http_response_code(500);
@@ -39,13 +38,13 @@ if ($code) {
$xml = new DOMDocument();
$xml->loadXML(implode("\n", $result));
-$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='name' value='$name'"), $xml->documentElement);
-$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='scansDir' value='$SCANS_DIR'"), $xml->documentElement);
-$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$compareWith'"), $xml->documentElement);
+$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='saveAs' value='".htmlentities($saveAs, ENT_QUOTES)."'"), $xml->documentElement);
+$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='scansDir' value='".htmlentities($SCANS_DIR, ENT_QUOTES)."'"), $xml->documentElement);
+$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='".htmlentities($compareWith, ENT_QUOTES)."'"), $xml->documentElement);
-if ($name) {
+if ($saveAs) {
if (!file_exists($SCANS_DIR)) mkdir($SCANS_DIR);
- $path = "$SCANS_DIR/$name.xml";
+ $path = "$SCANS_DIR/$saveAs.xml";
$xml->save($path);
header("Location: $path");
diff --git a/style.css b/style.css
index a777870..cdda9d8 100644
--- a/style.css
+++ b/style.css
@@ -1,4 +1,4 @@
-.header svg {
+svg {
margin: -.3em -.5em -.5em -.4em;
fill: currentColor;
}
diff --git a/stylesheet.xsl b/stylesheet.xsl
index e7e1c8b..78ae2c0 100755
--- a/stylesheet.xsl
+++ b/stylesheet.xsl
@@ -8,13 +8,14 @@
<xsl:output indent="yes"/>
<xsl:strip-space elements='*'/>
- <xsl:param name="name"/>
+ <xsl:param name="saveAs"/>
<xsl:param name="scansDir"/>
<xsl:param name="compareWith"/>
- <xsl:variable name="nameOrCompareWith">
+ <xsl:variable name="name">
<xsl:choose>
- <xsl:when test="$name"><xsl:value-of select="$name"/></xsl:when>
+ <xsl:when test="$saveAs"><xsl:value-of select="$saveAs"/></xsl:when>
<xsl:when test="$compareWith"><xsl:value-of select="$compareWith"/></xsl:when>
+ <xsl:otherwise><xsl:value-of select="false"/></xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:variable name="current" select="./nmaprun"/>
@@ -33,7 +34,7 @@
<title>
<xsl:text>lanScan - </xsl:text>
<xsl:choose>
- <xsl:when test="string-length($nameOrCompareWith)"><xsl:value-of select="$nameOrCompareWith"/></xsl:when>
+ <xsl:when test="$name"><xsl:value-of select="$name"/></xsl:when>
<xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise>
</xsl:choose>
</title>
@@ -52,85 +53,85 @@
</head>
<body>
- <nav class="ui inverted teal fixed menu">
- <a class="header item" href="./?targets={$targets}">
- <xsl:text>lan</xsl:text>
- <svg class="logo" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 24 24" xml:space="preserve" width="40" height="40"
- xmlns="http://www.w3.org/2000/svg"
- xmlns:svg="http://www.w3.org/2000/svg">
- <defs id="defs206"/>
- <g id="g998" transform="matrix(0,0.04687491,-0.04687491,0,24,2.2682373e-5)">
- <g id="g147">
- <g id="g145">
- <path d="m 322.065,92.046 c -46.24,0 -83.851,37.619 -83.851,83.857 v 168.712 c 0,25.224 -21.148,45.745 -46.372,45.745 -25.224,0 -46.372,-20.521 -46.372,-45.745 V 199.464 h -38.114 v 145.151 c 0,46.24 38.246,83.859 84.486,83.859 46.24,0 84.486,-37.619 84.486,-83.859 V 175.903 c 0,-25.223 20.514,-45.743 45.737,-45.743 25.223,0 45.737,20.521 45.737,45.743 v 134.092 h 38.114 V 175.903 c 0,-46.239 -37.611,-83.857 -83.851,-83.857 z" id="path143"/>
+ <form>
+ <nav class="ui inverted teal fixed menu">
+ <button class="ui teal button item" type="submit" formmethod="get" formaction=".">
+ <xsl:text>lan</xsl:text>
+ <svg class="logo" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 24 24" xml:space="preserve" width="40" height="40"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:svg="http://www.w3.org/2000/svg">
+ <defs id="defs206"/>
+ <g id="g998" transform="matrix(0,0.04687491,-0.04687491,0,24,2.2682373e-5)">
+ <g id="g147">
+ <g id="g145">
+ <path d="m 322.065,92.046 c -46.24,0 -83.851,37.619 -83.851,83.857 v 168.712 c 0,25.224 -21.148,45.745 -46.372,45.745 -25.224,0 -46.372,-20.521 -46.372,-45.745 V 199.464 h -38.114 v 145.151 c 0,46.24 38.246,83.859 84.486,83.859 46.24,0 84.486,-37.619 84.486,-83.859 V 175.903 c 0,-25.223 20.514,-45.743 45.737,-45.743 25.223,0 45.737,20.521 45.737,45.743 v 134.092 h 38.114 V 175.903 c 0,-46.239 -37.611,-83.857 -83.851,-83.857 z" id="path143"/>
+ </g>
</g>
- </g>
- <g id="g153">
- <g id="g151">
- <path d="M 144.198,0 H 108.625 C 98.101,0 89.568,8.746 89.568,19.271 c 0,1.157 0.121,2.328 0.318,3.598 h 73.052 c 0.197,-1.27 0.318,-2.441 0.318,-3.598 C 163.256,8.746 154.723,0 144.198,0 Z" id="path149"/>
+ <g id="g153">
+ <g id="g151">
+ <path d="M 144.198,0 H 108.625 C 98.101,0 89.568,8.746 89.568,19.271 c 0,1.157 0.121,2.328 0.318,3.598 h 73.052 c 0.197,-1.27 0.318,-2.441 0.318,-3.598 C 163.256,8.746 154.723,0 144.198,0 Z" id="path149"/>
+ </g>
</g>
- </g>
- <g id="g159">
- <g id="g157">
- <path d="m 420.183,486.591 h -71.731 c -0.626,2.541 -0.978,4.077 -0.978,6.176 0,10.525 8.532,19.234 19.057,19.234 h 35.573 c 10.525,0 19.057,-8.709 19.057,-19.234 0,-2.098 -0.352,-3.635 -0.978,-6.176 z" id="path155"/>
+ <g id="g159">
+ <g id="g157">
+ <path d="m 420.183,486.591 h -71.731 c -0.626,2.541 -0.978,4.077 -0.978,6.176 0,10.525 8.532,19.234 19.057,19.234 h 35.573 c 10.525,0 19.057,-8.709 19.057,-19.234 0,-2.098 -0.352,-3.635 -0.978,-6.176 z" id="path155"/>
+ </g>
</g>
- </g>
- <g id="g165">
- <g id="g163">
- <rect x="87.027" y="41.925999" width="80.040001" height="138.481" id="rect161"/>
+ <g id="g165">
+ <g id="g163">
+ <rect x="87.027" y="41.925999" width="80.040001" height="138.481" id="rect161"/>
+ </g>
</g>
- </g>
- <g id="g171">
- <g id="g169">
- <rect x="344.93301" y="329.052" width="80.040001" height="138.481" id="rect167"/>
+ <g id="g171">
+ <g id="g169">
+ <rect x="344.93301" y="329.052" width="80.040001" height="138.481" id="rect167"/>
+ </g>
</g>
+ <g id="g173"></g>
+ <g id="g175"></g>
+ <g id="g177"></g>
+ <g id="g179"></g>
+ <g id="g181"></g>
+ <g id="g183"></g>
+ <g id="g185"></g>
+ <g id="g187"></g>
+ <g id="g189"></g>
+ <g id="g191"></g>
+ <g id="g193"></g>
+ <g id="g195"></g>
+ <g id="g197"></g>
+ <g id="g199"></g>
+ <g id="g201"></g>
</g>
- <g id="g173"></g>
- <g id="g175"></g>
- <g id="g177"></g>
- <g id="g179"></g>
- <g id="g181"></g>
- <g id="g183"></g>
- <g id="g185"></g>
- <g id="g187"></g>
- <g id="g189"></g>
- <g id="g191"></g>
- <g id="g193"></g>
- <g id="g195"></g>
- <g id="g197"></g>
- <g id="g199"></g>
- <g id="g201"></g>
- </g>
- </svg>
- <xsl:text>can</xsl:text>
- </a>
- <div class="right menu">
- <form class="ui category search item" onsubmit="targetsInputDiv.classList.add('loading')">
- <div class="fiels">
- <div id="targetsInputDiv" class="ui icon input">
- <input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required=""
- pattern="[a-zA-Z0-9._\/ \-]+" value="{$targets}" placeholder="Scanner un réseau..."
- title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
+ </svg>
+ <xsl:text>can</xsl:text>
+ </button>
+ <div class="right menu">
+ <div class="ui category search item">
+ <div id="targetsInputDiv" class="ui icon input">
+ <input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required=""
+ pattern="[a-zA-Z0-9._\/ \-]+" value="{$targets}" placeholder="Scanner un réseau..."
+ title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
Exemples: 192.168.1.0/24 scanme.nmap.org 10.0-255.0-255.1-254"/>
- <i class="satellite dish icon"></i>
- </div>
- <xsl:if test="$PS"><input type="hidden" name="PS" value="{$PS}"/></xsl:if>
- <xsl:if test="$F"><input type="hidden" name="F" value="on"/></xsl:if>
- <xsl:if test="string-length($nameOrCompareWith)"><input type="hidden" name="compareWith" value="{$nameOrCompareWith}"/></xsl:if>
- <button style="display: none;" type="submit" formmethod="get" formaction="{$basedir}/scan.php"></button>
- <button class="ui teal icon submit button" type="submit" formmethod="get" formaction="{$basedir}/options.php" onclick="targetsInput.required=false">
- <i class="sliders horizontal icon"></i>
- </button>
+ <i class="satellite dish icon"></i>
+ </div>
+ <xsl:if test="$PS"><input type="hidden" name="PS" value="{$PS}"/></xsl:if>
+ <xsl:if test="$F"><input type="hidden" name="F" value="on"/></xsl:if>
+ <xsl:if test="$name"><input type="hidden" name="compareWith" value="{$name}"/></xsl:if>
+ <button style="display: none;" type="submit" formmethod="get" formaction="{$basedir}/scan.php" onsubmit="targetsInputDiv.classList.add('loading')"></button>
+ <button class="ui teal icon submit button" type="submit" formmethod="get" formaction="{$basedir}/options.php" onclick="targetsInput.required=false">
+ <i class="sliders horizontal icon"></i>
+ </button>
+ </div>
</div>
- </form>
- </div>
- </nav>
+ </nav>
+ </form>
<main class="ui main container">
<h1 class="ui header">
<xsl:choose>
- <xsl:when test="string-length($nameOrCompareWith)">
- <xsl:value-of select="$nameOrCompareWith"/>
+ <xsl:when test="$name">
+ <xsl:value-of select="$name"/>
<div class="sub header"><xsl:value-of select="$targets"/></div>
</xsl:when>
<xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise>