diff --git a/index.php b/index.php
index 08ecc4b..3c95d95 100644
--- a/index.php
+++ b/index.php
@@ -54,8 +54,8 @@ Exemples: /24 10.
@@ -78,7 +78,7 @@ Exemples: /24 10.
foreach (scandir($SCANSDIR) as $filename) {
if (substr($filename, -4) == '.xml') {
$name = str_replace('!', '/', substr_replace($filename, '', -4));
- echo "| $name | Rescanner |
\n";
+ echo "| $name | Rescanner | |
\n";
}
}
?>
diff --git a/rm.php b/rm.php
new file mode 100644
index 0000000..7e1771a
--- /dev/null
+++ b/rm.php
@@ -0,0 +1,23 @@
+ ['regexp' => $fileNameRegex], "flags" => FILTER_NULL_ON_FAILURE]);
+if (!$name) {
+ die("Paramètre manquant ou incorrect : name");
+}
+
+$path = "$SCANSDIR/$name.xml";
+if (!file_exists($path)) {
+ die("Scan inconnu : $name");
+}
+
+unlink($path);
+
+header('Location: .');
\ No newline at end of file
diff --git a/scan.php b/scan.php
index db0be00..d43e735 100644
--- a/scan.php
+++ b/scan.php
@@ -2,128 +2,128 @@
include_once 'config.php';
-$fileNameRegex = '/^[^<>:\/|?]+$/';
+$fileNameRegex = '/^[0-9a-zA-Z-_. ]+$/';
$targetsListRegex = '/^[\da-zA-Z-. \/]+$/';
$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $fileNameRegex], "flags" => FILTER_NULL_ON_FAILURE]);
$lan = filter_input(INPUT_GET, 'lan', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $targetsListRegex], "flags" => FILTER_NULL_ON_FAILURE]);
if ($lan) {
- $cmd = "$NMAP $LANSCANOPTIONS --stylesheet '$BASEDIR/$STYLESHEETSDIR/lanScan.xsl?name=$name&' -oX - $lan";
+ $cmd = "$NMAP $LANSCANOPTIONS --stylesheet '$BASEDIR/$STYLESHEETSDIR/lanScan.xsl?name=$name' -oX - $lan";
$filename = str_replace("/", "!", $lan);
}
$host = filter_input(INPUT_GET, 'host', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $targetsListRegex], "flags" => FILTER_NULL_ON_FAILURE]);
if ($host) {
- $cmd = "$NMAP $HOSTSCANOPTIONS --stylesheet '$BASEDIR/$STYLESHEETSDIR/hostScan.xsl?name=$name&' -oX - $host";
+ $cmd = "$NMAP $HOSTSCANOPTIONS --stylesheet '$BASEDIR/$STYLESHEETSDIR/hostScan.xsl?name=$name' -oX - $host";
$filename = str_replace("/", "!", $host);
}
$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $targetsListRegex], "flags" => FILTER_NULL_ON_FAILURE]);
if ($targets) {
- $hostsListRegex = '/^[\da-zA-Z-.,:\/]+$/';
+ $hostsListRegex = '/^[\da-zA-Z-.,:\/]+$/';
$protocolePortsListRegex = '/^(([TU]:)?[0-9\-]+|[a-z\-]+)(,([TU]:)?[0-9\-]+|,[a-z\-]+)*$/';
- $portsListRegex = '/^([0-9\-]+|[a-z\-]+)(,[0-9\-]+|,[a-z\-]+)*$/';
- $tempoRegex = '/^\d+[smh]?$/';
+ $portsListRegex = '/^([0-9\-]+|[a-z\-]+)(,[0-9\-]+|,[a-z\-]+)*$/';
+ $tempoRegex = '/^\d+[smh]?$/';
$inputs = filter_input_array(INPUT_GET, [
// TARGET SPECIFICATION:
- '-iR' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
+ '-iR' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
'--exclude' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]],
// HOST DISCOVERY:
- '-sL' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]],
- '-sP' => FILTER_VALIDATE_BOOLEAN,
- '-P0' => FILTER_VALIDATE_BOOLEAN,
- '-Pn' => FILTER_VALIDATE_BOOLEAN,
- '-PS' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
- '-PA' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
- '-PU' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
- '-PE' => FILTER_VALIDATE_BOOLEAN,
- '-PP' => FILTER_VALIDATE_BOOLEAN,
- '-PM' => FILTER_VALIDATE_BOOLEAN,
- '-PO' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 255]],
- '-PR' => FILTER_VALIDATE_BOOLEAN,
- '--send-ip' => FILTER_VALIDATE_BOOLEAN,
- '-n' => FILTER_VALIDATE_BOOLEAN,
- '-R' => FILTER_VALIDATE_BOOLEAN,
+ '-sL' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]],
+ '-sP' => FILTER_VALIDATE_BOOLEAN,
+ '-P0' => FILTER_VALIDATE_BOOLEAN,
+ '-Pn' => FILTER_VALIDATE_BOOLEAN,
+ '-PS' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
+ '-PA' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
+ '-PU' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
+ '-PE' => FILTER_VALIDATE_BOOLEAN,
+ '-PP' => FILTER_VALIDATE_BOOLEAN,
+ '-PM' => FILTER_VALIDATE_BOOLEAN,
+ '-PO' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 255]],
+ '-PR' => FILTER_VALIDATE_BOOLEAN,
+ '--send-ip' => FILTER_VALIDATE_BOOLEAN,
+ '-n' => FILTER_VALIDATE_BOOLEAN,
+ '-R' => FILTER_VALIDATE_BOOLEAN,
'--dns-servers' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]],
// SCAN TECHNIQUES:
- '-sS' => FILTER_VALIDATE_BOOLEAN,
- '-sT' => FILTER_VALIDATE_BOOLEAN,
- '-sA' => FILTER_VALIDATE_BOOLEAN,
- '-sW' => FILTER_VALIDATE_BOOLEAN,
- '-sM' => FILTER_VALIDATE_BOOLEAN,
- '-sF' => FILTER_VALIDATE_BOOLEAN,
- '-sN' => FILTER_VALIDATE_BOOLEAN,
- '-sX' => FILTER_VALIDATE_BOOLEAN,
- '-sU' => FILTER_VALIDATE_BOOLEAN,
- '--scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^(URG|ACK|PSH|RST|SYN|FIN|,)+|[1-9]?[0-9]|[1-2][0-9][0-9]$/']],
- '-sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-zA-Z\d:.-]+(:\d+)?$/']],
- '-sO' => FILTER_VALIDATE_BOOLEAN,
- '-b' => FILTER_VALIDATE_URL,
+ '-sS' => FILTER_VALIDATE_BOOLEAN,
+ '-sT' => FILTER_VALIDATE_BOOLEAN,
+ '-sA' => FILTER_VALIDATE_BOOLEAN,
+ '-sW' => FILTER_VALIDATE_BOOLEAN,
+ '-sM' => FILTER_VALIDATE_BOOLEAN,
+ '-sF' => FILTER_VALIDATE_BOOLEAN,
+ '-sN' => FILTER_VALIDATE_BOOLEAN,
+ '-sX' => FILTER_VALIDATE_BOOLEAN,
+ '-sU' => FILTER_VALIDATE_BOOLEAN,
+ '--scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^(URG|ACK|PSH|RST|SYN|FIN|,)+|[1-9]?[0-9]|[1-2][0-9][0-9]$/']],
+ '-sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-zA-Z\d:.-]+(:\d+)?$/']],
+ '-sO' => FILTER_VALIDATE_BOOLEAN,
+ '-b' => FILTER_VALIDATE_URL,
'--traceroute' => FILTER_VALIDATE_BOOLEAN,
- '--reason' => FILTER_VALIDATE_BOOLEAN,
+ '--reason' => FILTER_VALIDATE_BOOLEAN,
// PORT SPECIFICATION AND SCAN ORDER:
- '-p' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
- '-F' => FILTER_VALIDATE_BOOLEAN,
- '-r' => FILTER_VALIDATE_BOOLEAN,
- '--top-ports' => FILTER_VALIDATE_INT,
+ '-p' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $portsListRegex]],
+ '-F' => FILTER_VALIDATE_BOOLEAN,
+ '-r' => FILTER_VALIDATE_BOOLEAN,
+ '--top-ports' => FILTER_VALIDATE_INT,
'--port-ratio' => ['filter' => FILTER_VALIDATE_FLOAT, 'options' => ['min_range' => 0, 'max_range' => 1]],
// SERVICE/VERSION DETECTION:
- '-sV' => FILTER_VALIDATE_BOOLEAN,
- '--version-light' => FILTER_VALIDATE_BOOLEAN,
+ '-sV' => FILTER_VALIDATE_BOOLEAN,
+ '--version-light' => FILTER_VALIDATE_BOOLEAN,
'--version-intensity' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 9]],
- '--version-all' => FILTER_VALIDATE_BOOLEAN,
- '--version-trace' => FILTER_VALIDATE_BOOLEAN,
+ '--version-all' => FILTER_VALIDATE_BOOLEAN,
+ '--version-trace' => FILTER_VALIDATE_BOOLEAN,
// SCRIPT SCAN:
- '-sC' => FILTER_VALIDATE_BOOLEAN,
- '--script' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z][a-z0-9,\-\.\/]*$/']],
+ '-sC' => FILTER_VALIDATE_BOOLEAN,
+ '--script' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z][a-z0-9,\-\.\/]*$/']],
'--script-args' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^([a-zA-Z][a-zA-Z0-9\-_]*=[^"]+(,[a-zA-Z][a-zA-Z0-9\-_]*=[^"]+)?)$/']],
// OS DETECTION:
- '-O' => FILTER_VALIDATE_BOOLEAN,
+ '-O' => FILTER_VALIDATE_BOOLEAN,
'--osscan-limit' => FILTER_VALIDATE_BOOLEAN,
'--osscan-guess' => FILTER_VALIDATE_BOOLEAN,
'--max-os-tries' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
// TIMING AND PERFORMANCE:
- '-T' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 5]],
- '--min-hostgroup' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
- '--max-hostgroup' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
- '--min-parallelism' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
- '--max-parallelism' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
- '--min-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
- '--max-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
+ '-T' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 5]],
+ '--min-hostgroup' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
+ '--max-hostgroup' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
+ '--min-parallelism' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
+ '--max-parallelism' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
+ '--min-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
+ '--max-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
'--initial-rtt-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
- '--max-retries' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
- '--host-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
- '--scan-delay' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
- '--max-scan-delay' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
+ '--max-retries' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
+ '--host-timeout' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
+ '--scan-delay' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
+ '--max-scan-delay' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $tempoRegex]],
// FIREWALL/IDS EVASION AND SPOOFING:
- '-f' => FILTER_VALIDATE_INT,
- '--mtu' => FILTER_VALIDATE_INT,
- '-D' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]],
- '-S' => ['filter' => FILTER_VALIDATE_IP],
- '-e' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z\d]+$/']],
- '-g' => FILTER_VALIDATE_INT,
+ '-f' => FILTER_VALIDATE_INT,
+ '--mtu' => FILTER_VALIDATE_INT,
+ '-D' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]],
+ '-S' => ['filter' => FILTER_VALIDATE_IP],
+ '-e' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z\d]+$/']],
+ '-g' => FILTER_VALIDATE_INT,
'--source-port' => FILTER_VALIDATE_INT,
'--data-length' => FILTER_VALIDATE_INT,
- '--ip-options' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^\"(R|T|U|L [\da-zA-Z-.: ]+|S [\da-zA-Z-.: ]+|\\\\x[\da-fA-F]{1,2}(\*[\d]+)?|\\\\[0-2]?[\d]{1,2}(\*[\d]+)?)\"$/']],
- '--ttl' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 255]],
- '--spoof-mac' => FILTER_VALIDATE_MAC,
- '--badsum' => FILTER_VALIDATE_BOOLEAN,
+ '--ip-options' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^\"(R|T|U|L [\da-zA-Z-.: ]+|S [\da-zA-Z-.: ]+|\\\\x[\da-fA-F]{1,2}(\*[\d]+)?|\\\\[0-2]?[\d]{1,2}(\*[\d]+)?)\"$/']],
+ '--ttl' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 255]],
+ '--spoof-mac' => FILTER_VALIDATE_MAC,
+ '--badsum' => FILTER_VALIDATE_BOOLEAN,
// MISC:
// '6' => FILTER_VALIDATE_BOOLEAN,
- '-A' => FILTER_VALIDATE_BOOLEAN,
- '--send-eth' => FILTER_VALIDATE_BOOLEAN,
- '--privileged' => FILTER_VALIDATE_BOOLEAN,
- '-V' => FILTER_VALIDATE_BOOLEAN,
+ '-A' => FILTER_VALIDATE_BOOLEAN,
+ '--send-eth' => FILTER_VALIDATE_BOOLEAN,
+ '--privileged' => FILTER_VALIDATE_BOOLEAN,
+ '-V' => FILTER_VALIDATE_BOOLEAN,
'--unprivileged' => FILTER_VALIDATE_BOOLEAN,
- '-h' => FILTER_VALIDATE_BOOLEAN,
- '--stylesheet' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $fileNameRegex]],
+ '-h' => FILTER_VALIDATE_BOOLEAN,
+ '--stylesheet' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $fileNameRegex]],
// lanScan
- 'name' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $fileNameRegex]],
- 'originalURL' => FILTER_VALIDATE_URL,
+ 'name' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $fileNameRegex]],
+ 'originalURL' => FILTER_VALIDATE_URL,
'refreshPeriod' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0]],
- 'sudo' => FILTER_VALIDATE_BOOLEAN,
+ 'sudo' => FILTER_VALIDATE_BOOLEAN,
], false);
$options = "";
@@ -138,23 +138,26 @@ if ($targets) {
if ($value === true) {
$options .= " $option";
} else {
- if (substr($option, 0, 2) == '--') $options .= " $option " . escapeshellarg($value);
- else $options .= " $option" . escapeshellarg($value);
+ if (substr($option, 0, 2) == '--')
+ $options .= " $option " . escapeshellarg($value);
+ else
+ $options .= " $option" . escapeshellarg($value);
}
}
}
}
- $cmd = "$NMAP$options $CUSTOMSCANOPTIONS --stylesheet $BASEDIR/$STYLESHEETSDIR/lanScan.xsl?name=$name&' -oX - $targets";
+ $cmd = "$NMAP$options $CUSTOMSCANOPTIONS --stylesheet $BASEDIR/$STYLESHEETSDIR/lanScan.xsl?name=$name' -oX - $targets";
$filename = str_replace("/", "!", $targets);
}
if ($cmd) {
if ($name) {
- if (!file_exists($SCANSDIR)) mkdir($SCANSDIR);
+ if (!file_exists($SCANSDIR))
+ mkdir($SCANSDIR);
$path = "$SCANSDIR/$name.xml";
- $cmd .= " | tee " .escapeshellarg($path);
+ $cmd .= " | tee " . escapeshellarg($path);
}
header('Content-type: text/xml');
diff --git a/stylesheets/hostScan.xsl b/stylesheets/hostScan.xsl
index 349552f..d892093 100644
--- a/stylesheets/hostScan.xsl
+++ b/stylesheets/hostScan.xsl
@@ -13,7 +13,7 @@
-
+
diff --git a/stylesheets/lanScan.xsl b/stylesheets/lanScan.xsl
index fc13774..cb81384 100644
--- a/stylesheets/lanScan.xsl
+++ b/stylesheets/lanScan.xsl
@@ -7,13 +7,12 @@
-
-
+
-
+
diff --git a/stylesheets/toast.xsl b/stylesheets/toast.xsl
index 5753551..38ce1b5 100644
--- a/stylesheets/toast.xsl
+++ b/stylesheets/toast.xsl
@@ -7,6 +7,16 @@