adrien/lanScan
adrien/lanScan
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

quote in name, params on index link

Browse Source
This commit is contained in:
Adrien MALINGREY 2024-10-13 04:37:49 +02:00
parent 97a4c5801b
commit b197af448a
6 changed files with 116 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
filter_inputs.php
View File

@ -5,7 +5,7 @@ $targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
'options' => ['regexp' => "/^[\da-zA-Z-. \/]+$/"],
]);
$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
$saveAs = filter_input(INPUT_GET, 'saveAs', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[^<>:"\/|?]+$/'],
]);
@ -49,10 +49,6 @@ $inputs = filter_input_array(INPUT_GET, [
'sF' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'sN' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'sX' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PU' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'PM' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^([URG|ACK|PSH|RST|SYN|FIN]+)$|^([0-2]?\d?\d)$/"]],
'sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^[a-zA-Z\d:.-]+(:\d+)?$/"]],
'sO' => ['filter' => FILTER_VALIDATE_BOOLEAN],
@ -110,7 +106,6 @@ $inputs = filter_input_array(INPUT_GET, [
//'6' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'A' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'send-eth' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'send-ip' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'privileged' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'V' => ['filter' => FILTER_VALIDATE_BOOLEAN],
'unprivileged' => ['filter' => FILTER_VALIDATE_BOOLEAN],

41
index.php
View File

@ -19,47 +19,50 @@ include_once 'filter_inputs.php';
</head>
<body>
<form>
<nav class="ui inverted teal fixed menu">
<a class="header item" href=".">
<button class="ui teal button item" type="submit" formmethod="get" formaction=".">
lan<?php include 'logo.svg'; ?>can
</a>
</button>
<div class="right menu">
<form class="ui category search item" onsubmit="targetsInputDiv.classList.add('loading')">
<div class="fiels">
<div class="ui category search item">
<div id="targetsInputDiv" class="ui icon input">
<input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required
pattern="[a-zA-Z0-9._\/ \-]+" value="<?= $targets; ?>" placeholder="Scanner un réseau..."
title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.0-255.0-255.1-254" />
Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.0-255.0-255.1-254" />
<i class="satellite dish icon"></i>
</div>
<button style="display: none;" type="submit" formmethod="get" formaction="scan.php"></button>
<?php
foreach($inputs as $name => $value) {
echo " <input type='hidden' name='$name' value='$value'/>\n";
}
?>
<button style="display: none;" type="submit" formmethod="get" formaction="scan.php" onsubmit="targetsInputDiv.classList.add('loading')"></button>
<button class="ui teal icon submit button" type="submit" formmethod="get" formaction="options.php" onclick="targetsInput.required=false">
<i class="sliders horizontal icon"></i>
</button>
</div>
</form>
</div>
</nav>
</form>
<main class="ui main container">
<div class="ui middle aligned center aligned grid">
<h1 class="ui header">Précédents scans</h1>
<div class="ui large relaxed card">
<div class="content">
<div class="header">Précédents scans</div>
<div class="ui divided link list">
<?php
if (!file_exists($SCANS_DIR)) {
<?php
if (!file_exists($SCANS_DIR)) {
mkdir($SCANS_DIR);
}
foreach (scandir($SCANS_DIR) as $filename) {
if (substr($filename, -4) == '.xml') {
$name = str_replace('!', '/', substr_replace($filename, '', -4));
echo "<a class='item' href='".htmlentities("$SCANS_DIR/$filename", ENT_QUOTES)."'>$name</a>\n";
}
foreach (scandir($SCANS_DIR) as $scan) {
if (substr($scan, -4) == '.xml') {
$targets = str_replace('!', '/', substr_replace($scan, '', -4));
echo "<a class='item' href='scan.php?targets=" . urlencode($targets) . "'>$targets</a>\n";
}
}
?>
</div>
}
?>
</div>
</div>
</div>

27
options.php
View File

@ -40,10 +40,10 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
</div>
<div class="field">
<label for="nameInput">Enregistrer sous le nom</label>
<input id="nameInput" type="text" name="name" placeholder="Réseau local" pattern='[^&lt;&gt;:&quot;\\\/\|@?]+'
title='Caractères interdits : &lt;&gt;:&quot;\/|@?'
value="<?= htmlspecialchars($name); ?>">
<label for="saveAsInput">Enregistrer sous le nom</label>
<input id="saveAsInput" type="text" name="saveAs" placeholder="Réseau local" pattern='[^&lt;&gt;:&quot;\\\/\|@?]+'
title="Caractères interdits : &lt;&gt;:&quot;\/|@?"
value="<?= htmlentities($saveAs, ENT_QUOTES); ?>">
</div>
<div class="ui styled fluid accordion field">
@ -225,25 +225,6 @@ foreach (scandir($SCANS_DIR) as $filename) {
<button type="submit" class="ui teal submit button">Démarrer</button>
</form>
<h2 class="ui header">Précédents scans</h2>
<div class="ui fluid relaxed card">
<div class="content">
<div class="ui divided link list">
<?php
if (!file_exists($SCANS_DIR)) {
mkdir($SCANS_DIR);
}
foreach (scandir($SCANS_DIR) as $scan) {
if (substr($scan, -4) == '.xml') {
$targets = str_replace('!', '/', substr_replace($scan, '', -4));
echo "<a class='item' href='scan.php?targets=" . urlencode($targets) . "'>$targets</a>\n";
}
}
?>
</div>
</div>
</div>
</main>
<datalist id='targetsList'>

13
scan.php
View File

@ -12,8 +12,6 @@ if (!file_exists($SCANS_DIR)) {
mkdir($SCANS_DIR);
}
$basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}" . dirname($_SERVER['REQUEST_URI']);
$args = '';
foreach ($inputs as $arg => $value) {
if (is_null($value)) {
@ -30,6 +28,7 @@ foreach ($inputs as $arg => $value) {
}
}
$basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}" . dirname($_SERVER['REQUEST_URI']);
exec("nmap$args --stylesheet $basedir/stylesheet.xsl -oX - $targets 2>&1", $result, $code);
if ($code) {
http_response_code(500);
@ -39,13 +38,13 @@ if ($code) {
$xml = new DOMDocument();
$xml->loadXML(implode("\n", $result));
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='name' value='$name'"), $xml->documentElement);
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='scansDir' value='$SCANS_DIR'"), $xml->documentElement);
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$compareWith'"), $xml->documentElement);
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='saveAs' value='".htmlentities($saveAs, ENT_QUOTES)."'"), $xml->documentElement);
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='scansDir' value='".htmlentities($SCANS_DIR, ENT_QUOTES)."'"), $xml->documentElement);
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='".htmlentities($compareWith, ENT_QUOTES)."'"), $xml->documentElement);
if ($name) {
if ($saveAs) {
if (!file_exists($SCANS_DIR)) mkdir($SCANS_DIR);
$path = "$SCANS_DIR/$name.xml";
$path = "$SCANS_DIR/$saveAs.xml";
$xml->save($path);
header("Location: $path");

2
style.css
View File

@ -1,4 +1,4 @@
.header svg {
svg {
margin: -.3em -.5em -.5em -.4em;
fill: currentColor;
}

27
stylesheet.xsl
View File

@ -8,13 +8,14 @@
<xsl:output indent="yes"/>
<xsl:strip-space elements='*'/>
<xsl:param name="name"/>
<xsl:param name="saveAs"/>
<xsl:param name="scansDir"/>
<xsl:param name="compareWith"/>
<xsl:variable name="nameOrCompareWith">
<xsl:variable name="name">
<xsl:choose>
<xsl:when test="$name"><xsl:value-of select="$name"/></xsl:when>
<xsl:when test="$saveAs"><xsl:value-of select="$saveAs"/></xsl:when>
<xsl:when test="$compareWith"><xsl:value-of select="$compareWith"/></xsl:when>
<xsl:otherwise><xsl:value-of select="false"/></xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:variable name="current" select="./nmaprun"/>
@ -33,7 +34,7 @@
<title>
<xsl:text>lanScan - </xsl:text>
<xsl:choose>
<xsl:when test="string-length($nameOrCompareWith)"><xsl:value-of select="$nameOrCompareWith"/></xsl:when>
<xsl:when test="$name"><xsl:value-of select="$name"/></xsl:when>
<xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise>
</xsl:choose>
</title>
@ -52,8 +53,9 @@
</head>
<body>
<form>
<nav class="ui inverted teal fixed menu">
<a class="header item" href="./?targets={$targets}">
<button class="ui teal button item" type="submit" formmethod="get" formaction=".">
<xsl:text>lan</xsl:text>
<svg class="logo" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 24 24" xml:space="preserve" width="40" height="40"
xmlns="http://www.w3.org/2000/svg"
@ -103,10 +105,9 @@
</g>
</svg>
<xsl:text>can</xsl:text>
</a>
</button>
<div class="right menu">
<form class="ui category search item" onsubmit="targetsInputDiv.classList.add('loading')">
<div class="fiels">
<div class="ui category search item">
<div id="targetsInputDiv" class="ui icon input">
<input class="prompt" type="text" id="targetsInput" name="targets" oninput="hiddenInput.value=this.value" required=""
pattern="[a-zA-Z0-9._\/ \-]+" value="{$targets}" placeholder="Scanner un réseau..."
@ -116,21 +117,21 @@ Exemples: 192.168.1.0/24 scanme.nmap.org 10.0-255.0-255.1-254"/>
</div>
<xsl:if test="$PS"><input type="hidden" name="PS" value="{$PS}"/></xsl:if>
<xsl:if test="$F"><input type="hidden" name="F" value="on"/></xsl:if>
<xsl:if test="string-length($nameOrCompareWith)"><input type="hidden" name="compareWith" value="{$nameOrCompareWith}"/></xsl:if>
<button style="display: none;" type="submit" formmethod="get" formaction="{$basedir}/scan.php"></button>
<xsl:if test="$name"><input type="hidden" name="compareWith" value="{$name}"/></xsl:if>
<button style="display: none;" type="submit" formmethod="get" formaction="{$basedir}/scan.php" onsubmit="targetsInputDiv.classList.add('loading')"></button>
<button class="ui teal icon submit button" type="submit" formmethod="get" formaction="{$basedir}/options.php" onclick="targetsInput.required=false">
<i class="sliders horizontal icon"></i>
</button>
</div>
</form>
</div>
</nav>
</form>
<main class="ui main container">
<h1 class="ui header">
<xsl:choose>
<xsl:when test="string-length($nameOrCompareWith)">
<xsl:value-of select="$nameOrCompareWith"/>
<xsl:when test="$name">
<xsl:value-of select="$name"/>
<div class="sub header"><xsl:value-of select="$targets"/></div>
</xsl:when>
<xsl:otherwise><xsl:value-of select="$targets"/></xsl:otherwise>