adrien/lanScan
adrien/lanScan
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

quote in name, params on index link

Browse Source
This commit is contained in:
Adrien MALINGREY 2024-10-13 04:37:49 +02:00
parent 97a4c5801b
commit b197af448a
6 changed files with 116 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
filter_inputs.php
View File

@ -5,7 +5,7 @@ $targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
'options' => ['regexp' => "/^[\da-zA-Z-. \/]+$/"], 'options' => ['regexp' => "/^[\da-zA-Z-. \/]+$/"],
]); ]);
$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [ $saveAs = filter_input(INPUT_GET, 'saveAs', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE, 'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[^<>:"\/|?]+$/'], 'options' => ['regexp' => '/^[^<>:"\/|?]+$/'],
]); ]);
@ -49,10 +49,6 @@ $inputs = filter_input_array(INPUT_GET, [
'sF' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'sF' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'sN' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'sN' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'sX' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'sX' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PU' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^([URG|ACK|PSH|RST|SYN|FIN]+)$|^([0-2]?\d?\d)$/"]], 'scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^([URG|ACK|PSH|RST|SYN|FIN]+)$|^([0-2]?\d?\d)$/"]],
'sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^[a-zA-Z\d:.-]+(:\d+)?$/"]], 'sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^[a-zA-Z\d:.-]+(:\d+)?$/"]],
'sO' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'sO' => ['filter' => FILTER_VALIDATE_BOOLEAN],
@ -110,7 +106,6 @@ $inputs = filter_input_array(INPUT_GET, [
//'6' => ['filter' => FILTER_VALIDATE_BOOLEAN], //'6' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'A' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'A' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'send-eth' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'send-eth' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'send-ip' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'privileged' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'privileged' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'V' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'V' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'unprivileged' => ['filter' => FILTER_VALIDATE_BOOLEAN], 'unprivileged' => ['filter' => FILTER_VALIDATE_BOOLEAN],

29
index.php
View File

@ -19,13 +19,13 @@ include_once 'filter_inputs.php';
</head> </head>
<body> <body>
<form>
<nav class="ui inverted teal fixed menu"> <nav class="ui inverted teal fixed menu">
<a class="header item" href="."> <button class="ui teal button item" type="submit" formmethod="get" formaction=".">
lan<?php include 'logo.svg'; ?>can lan<?php include 'logo.svg'; ?>can
</a> </button>
<div class="right menu"> <div class="right menu">
<form class="ui category search item" onsubmit="targetsInputDiv.classList.add('loading')"> <div class="ui category search item">
<div class="fiels">
<div id="targetsInputDiv" class="ui icon input"> <div id="targetsInputDiv" class="ui icon input">
<input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required <input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required
pattern="[a-zA-Z0-9._\/ \-]+" value="<?= $targets; ?>" placeholder="Scanner un réseau..." pattern="[a-zA-Z0-9._\/ \-]+" value="<?= $targets; ?>" placeholder="Scanner un réseau..."
@ -33,36 +33,39 @@ include_once 'filter_inputs.php';
Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.0-255.0-255.1-254" /> Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.0-255.0-255.1-254" />
<i class="satellite dish icon"></i> <i class="satellite dish icon"></i>
</div> </div>
<button style="display: none;" type="submit" formmethod="get" formaction="scan.php"></button> <?php
foreach($inputs as $name => $value) {
echo " <input type='hidden' name='$name' value='$value'/>\n";
}
?>
<button style="display: none;" type="submit" formmethod="get" formaction="scan.php" onsubmit="targetsInputDiv.classList.add('loading')"></button>
<button class="ui teal icon submit button" type="submit" formmethod="get" formaction="options.php" onclick="targetsInput.required=false"> <button class="ui teal icon submit button" type="submit" formmethod="get" formaction="options.php" onclick="targetsInput.required=false">
<i class="sliders horizontal icon"></i> <i class="sliders horizontal icon"></i>
</button> </button>
</div> </div>
</form>
</div> </div>
</nav> </nav>
</form>
<main class="ui main container"> <main class="ui main container">
<div class="ui middle aligned center aligned grid"> <h1 class="ui header">Précédents scans</h1>
<div class="ui large relaxed card"> <div class="ui large relaxed card">
<div class="content"> <div class="content">
<div class="header">Précédents scans</div>
<div class="ui divided link list"> <div class="ui divided link list">
<?php <?php
if (!file_exists($SCANS_DIR)) { if (!file_exists($SCANS_DIR)) {
mkdir($SCANS_DIR); mkdir($SCANS_DIR);
} }
foreach (scandir($SCANS_DIR) as $scan) { foreach (scandir($SCANS_DIR) as $filename) {
if (substr($scan, -4) == '.xml') { if (substr($filename, -4) == '.xml') {
$targets = str_replace('!', '/', substr_replace($scan, '', -4)); $name = str_replace('!', '/', substr_replace($filename, '', -4));
echo "<a class='item' href='scan.php?targets=" . urlencode($targets) . "'>$targets</a>\n"; echo "<a class='item' href='".htmlentities("$SCANS_DIR/$filename", ENT_QUOTES)."'>$name</a>\n";
} }
} }
?> ?>
</div> </div>
</div> </div>
</div> </div>
</div>
</main> </main>
</body> </body>

27
options.php
View File

@ -40,10 +40,10 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
</div> </div>
<div class="field"> <div class="field">
<label for="nameInput">Enregistrer sous le nom</label> <label for="saveAsInput">Enregistrer sous le nom</label>
<input id="nameInput" type="text" name="name" placeholder="Réseau local" pattern='[^&lt;&gt;:&quot;\\\/\|@?]+' <input id="saveAsInput" type="text" name="saveAs" placeholder="Réseau local" pattern='[^&lt;&gt;:&quot;\\\/\|@?]+'
title='Caractères interdits : &lt;&gt;:&quot;\/|@?' title="Caractères interdits : &lt;&gt;:&quot;\/|@?"
value="<?= htmlspecialchars($name); ?>"> value="<?= htmlentities($saveAs, ENT_QUOTES); ?>">
</div> </div>
<div class="ui styled fluid accordion field"> <div class="ui styled fluid accordion field">
@ -225,25 +225,6 @@ foreach (scandir($SCANS_DIR) as $filename) {
<button type="submit" class="ui teal submit button">Démarrer</button> <button type="submit" class="ui teal submit button">Démarrer</button>
</form> </form>
<h2 class="ui header">Précédents scans</h2>
<div class="ui fluid relaxed card">
<div class="content">
<div class="ui divided link list">
<?php
if (!file_exists($SCANS_DIR)) {
mkdir($SCANS_DIR);
}
foreach (scandir($SCANS_DIR) as $scan) {
if (substr($scan, -4) == '.xml') {
$targets = str_replace('!', '/', substr_replace($scan, '', -4));
echo "<a class='item' href='scan.php?targets=" . urlencode($targets) . "'>$targets</a>\n";
}
}
?>
</div>
</div>
</div>
</main> </main>
<datalist id='targetsList'> <datalist id='targetsList'>

13
scan.php
View File

@ -12,8 +12,6 @@ if (!file_exists($SCANS_DIR)) {
mkdir($SCANS_DIR); mkdir($SCANS_DIR);
} }
$basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}" . dirname($_SERVER['REQUEST_URI']);
$args = ''; $args = '';
foreach ($inputs as $arg => $value) { foreach ($inputs as $arg => $value) {
if (is_null($value)) { if (is_null($value)) {
@ -30,6 +28,7 @@ foreach ($inputs as $arg => $value) {
} }
} }
$basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}" . dirname($_SERVER['REQUEST_URI']);
exec("nmap$args --stylesheet $basedir/stylesheet.xsl -oX - $targets 2>&1", $result, $code); exec("nmap$args --stylesheet $basedir/stylesheet.xsl -oX - $targets 2>&1", $result, $code);
if ($code) { if ($code) {
http_response_code(500); http_response_code(500);
@ -39,13 +38,13 @@ if ($code) {
$xml = new DOMDocument(); $xml = new DOMDocument();
$xml->loadXML(implode("\n", $result)); $xml->loadXML(implode("\n", $result));
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='name' value='$name'"), $xml->documentElement); $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='saveAs' value='".htmlentities($saveAs, ENT_QUOTES)."'"), $xml->documentElement);
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='scansDir' value='$SCANS_DIR'"), $xml->documentElement); $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='scansDir' value='".htmlentities($SCANS_DIR, ENT_QUOTES)."'"), $xml->documentElement);
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$compareWith'"), $xml->documentElement); $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='".htmlentities($compareWith, ENT_QUOTES)."'"), $xml->documentElement);
if ($name) { if ($saveAs) {
if (!file_exists($SCANS_DIR)) mkdir($SCANS_DIR); if (!file_exists($SCANS_DIR)) mkdir($SCANS_DIR);
$path = "$SCANS_DIR/$name.xml"; $path = "$SCANS_DIR/$saveAs.xml";
$xml->save($path); $xml->save($path);
header("Location: $path"); header("Location: $path");

2
style.css
View File

@ -1,4 +1,4 @@
.header svg { svg {
margin: -.3em -.5em -.5em -.4em; margin: -.3em -.5em -.5em -.4em;
fill: currentColor; fill: currentColor;
} }

27
stylesheet.xsl
View File

@ -8,13 +8,14 @@
<xsl:output indent="yes"/> <xsl:output indent="yes"/>
<xsl:strip-space elements='*'/> <xsl:strip-space elements='*'/>
<xsl:param name="name"/> <xsl:param name="saveAs"/>
<xsl:param name="scansDir"/> <xsl:param name="scansDir"/>
<xsl:param name="compareWith"/> <xsl:param name="compareWith"/>
<xsl:variable name="nameOrCompareWith"> <xsl:variable name="name">
<xsl:choose> <xsl:choose>
<xsl:when test="$name"><xsl:value-of select="$name"/></xsl:when> <xsl:when test="$saveAs"><xsl:value-of select="$saveAs"/></xsl:when>
<xsl:when test="$compareWith"><xsl:value-of select="$compareWith"/></xsl:when> <xsl:when test="$compareWith"><xsl:value-of select="$compareWith"/></xsl:when>
<xsl:otherwise><xsl:value-of select="false"/></xsl:otherwise>
</xsl:choose> </xsl:choose>
</xsl:variable> </xsl:variable>
<xsl:variable name="current" select="./nmaprun"/> <xsl:variable name="current" select="./nmaprun"/>
@ -33,7 +34,7 @@
<title> <title>
<xsl:text>lanScan - </xsl:text> <xsl:text>lanScan - </xsl:text>
<xsl:choose> <xsl:choose>
<xsl:when test="string-length($nameOrCompareWith)"><xsl:value-of select="$nameOrCompareWith"/></xsl:when> <xsl:when test="$name"><xsl:value-of select="$name"/></xsl:when>
<xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise> <xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise>
</xsl:choose> </xsl:choose>
</title> </title>
@ -52,8 +53,9 @@
</head> </head>
<body> <body>
<form>
<nav class="ui inverted teal fixed menu"> <nav class="ui inverted teal fixed menu">
<a class="header item" href="./?targets={$targets}"> <button class="ui teal button item" type="submit" formmethod="get" formaction=".">
<xsl:text>lan</xsl:text> <xsl:text>lan</xsl:text>
<svg class="logo" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 24 24" xml:space="preserve" width="40" height="40" <svg class="logo" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 24 24" xml:space="preserve" width="40" height="40"
xmlns="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg"
@ -103,10 +105,9 @@
</g> </g>
</svg> </svg>
<xsl:text>can</xsl:text> <xsl:text>can</xsl:text>
</a> </button>
<div class="right menu"> <div class="right menu">
<form class="ui category search item" onsubmit="targetsInputDiv.classList.add('loading')"> <div class="ui category search item">
<div class="fiels">
<div id="targetsInputDiv" class="ui icon input"> <div id="targetsInputDiv" class="ui icon input">
<input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required="" <input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required=""
pattern="[a-zA-Z0-9._\/ \-]+" value="{$targets}" placeholder="Scanner un réseau..." pattern="[a-zA-Z0-9._\/ \-]+" value="{$targets}" placeholder="Scanner un réseau..."
@ -116,21 +117,21 @@ Exemples: 192.168.1.0/24 scanme.nmap.org 10.0-255.0-255.1-254"/>
</div> </div>
<xsl:if test="$PS"><input type="hidden" name="PS" value="{$PS}"/></xsl:if> <xsl:if test="$PS"><input type="hidden" name="PS" value="{$PS}"/></xsl:if>
<xsl:if test="$F"><input type="hidden" name="F" value="on"/></xsl:if> <xsl:if test="$F"><input type="hidden" name="F" value="on"/></xsl:if>
<xsl:if test="string-length($nameOrCompareWith)"><input type="hidden" name="compareWith" value="{$nameOrCompareWith}"/></xsl:if> <xsl:if test="$name"><input type="hidden" name="compareWith" value="{$name}"/></xsl:if>
<button style="display: none;" type="submit" formmethod="get" formaction="{$basedir}/scan.php"></button> <button style="display: none;" type="submit" formmethod="get" formaction="{$basedir}/scan.php" onsubmit="targetsInputDiv.classList.add('loading')"></button>
<button class="ui teal icon submit button" type="submit" formmethod="get" formaction="{$basedir}/options.php" onclick="targetsInput.required=false"> <button class="ui teal icon submit button" type="submit" formmethod="get" formaction="{$basedir}/options.php" onclick="targetsInput.required=false">
<i class="sliders horizontal icon"></i> <i class="sliders horizontal icon"></i>
</button> </button>
</div> </div>
</form>
</div> </div>
</nav> </nav>
</form>
<main class="ui main container"> <main class="ui main container">
<h1 class="ui header"> <h1 class="ui header">
<xsl:choose> <xsl:choose>
<xsl:when test="string-length($nameOrCompareWith)"> <xsl:when test="$name">
<xsl:value-of select="$nameOrCompareWith"/> <xsl:value-of select="$name"/>
<div class="sub header"><xsl:value-of select="$targets"/></div> <div class="sub header"><xsl:value-of select="$targets"/></div>
</xsl:when> </xsl:when>
<xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise> <xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise>