adrien/lanScan3
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

--script-args

Browse Source
This commit is contained in:
Adrien MALINGREY
2024-10-20 12:33:50 +02:00
parent dfd89a5add
commit a7c67292ed
2 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
filter_inputs.php
View File

@ -2,11 +2,11 @@
include_once "config.php";
$targetsListRegex = "/^[\da-zA-Z-. \/]+$/";
$hostsListRegex = "/^[\da-zA-Z-.,:\/]+$/";
$protocolePortsListRegex = "/^(([TU]:)?[0-9\-]+|[a-z\-]+)(,([TU]:)?[0-9\-]+|,[a-z\-]+)*$/";
$portsListRegex = "/^([0-9\-]+|[a-z\-]+)(,[0-9\-]+|,[a-z\-]+)*$/";
$tempoRegex = "/^\d+[smh]?$/";
$targetsListRegex = '/^[\da-zA-Z-. \/]+$/';
$hostsListRegex = '/^[\da-zA-Z-.,:\/]+$/';
$protocolePortsListRegex = '/^(([TU]:)?[0-9\-]+|[a-z\-]+)(,([TU]:)?[0-9\-]+|,[a-z\-]+)*$/';
$portsListRegex = '/^([0-9\-]+|[a-z\-]+)(,[0-9\-]+|,[a-z\-]+)*$/';
$tempoRegex = '/^\d+[smh]?$/';
$fileNameRegex = '/^[^<>:"\/|?]+$/';
$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $targetsListRegex], "flags" => FILTER_NULL_ON_FAILURE]);
@ -46,8 +46,8 @@ if ($preset && isset($presets[$preset])) {
'-sN' => FILTER_VALIDATE_BOOLEAN,
'-sX' => FILTER_VALIDATE_BOOLEAN,
'-sU' => FILTER_VALIDATE_BOOLEAN,
'--scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^(URG|ACK|PSH|RST|SYN|FIN|,)+|[1-9]?[0-9]|[1-2][0-9][0-9]$/"]],
'-sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^[a-zA-Z\d:.-]+(:\d+)?$/"]],
'--scanflags' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^(URG|ACK|PSH|RST|SYN|FIN|,)+|[1-9]?[0-9]|[1-2][0-9][0-9]$/']],
'-sI' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-zA-Z\d:.-]+(:\d+)?$/']],
'-sO' => FILTER_VALIDATE_BOOLEAN,
'-b' => FILTER_VALIDATE_URL,
'--traceroute' => FILTER_VALIDATE_BOOLEAN,
@ -65,8 +65,9 @@ if ($preset && isset($presets[$preset])) {
'--version-all' => FILTER_VALIDATE_BOOLEAN,
'--version-trace' => FILTER_VALIDATE_BOOLEAN,
// SCRIPT SCAN:
'-sC' => FILTER_VALIDATE_BOOLEAN,
'--script' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^[a-z][a-z0-9,\-\.\/]*$/"]],
'-sC' => FILTER_VALIDATE_BOOLEAN,
'--script' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z][a-z0-9,\-\.\/]*$/']],
'--script-args' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^([a-zA-Z][a-zA-Z0-9\-_]*=[^"]+(,[a-zA-Z][a-zA-Z0-9\-_]*=[^"]+)?)$/']],
// OS DETECTION:
'-O' => FILTER_VALIDATE_BOOLEAN,
'--osscan-limit' => FILTER_VALIDATE_BOOLEAN,
@ -90,11 +91,11 @@ if ($preset && isset($presets[$preset])) {
'--mtu' => FILTER_VALIDATE_INT,
'-D' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $hostsListRegex]],
'-S' => ['filter' => FILTER_VALIDATE_IP],
'-e' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^[a-z\d]+$/"]],
'-e' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-z\d]+$/']],
'-g' => FILTER_VALIDATE_INT,
'--source-port' => FILTER_VALIDATE_INT,
'--data-length' => FILTER_VALIDATE_INT,
'--ip-options' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => "/^\"(R|T|U|L [\da-zA-Z-.: ]+|S [\da-zA-Z-.: ]+|\\\\x[\da-fA-F]{1,2}(\*[\d]+)?|\\\\[0-2]?[\d]{1,2}(\*[\d]+)?)\"$/"]],
'--ip-options' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^\"(R|T|U|L [\da-zA-Z-.: ]+|S [\da-zA-Z-.: ]+|\\\\x[\da-fA-F]{1,2}(\*[\d]+)?|\\\\[0-2]?[\d]{1,2}(\*[\d]+)?)\"$/']],
'--ttl' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['min_range' => 0, 'max_range' => 255]],
'--spoof-mac' => FILTER_VALIDATE_MAC,
'--badsum' => FILTER_VALIDATE_BOOLEAN,

12
index.php
View File

@ -349,6 +349,13 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
title="<catégories|répertoire|nom|all>" list="scripts" pattern="[a-z][a-z0-9\-\.\/]*"
value="<?= htmlentities($options["--script"] ?? "", ENT_QUOTES); ?>">
</div>
<div class="field">
<label for="scriptArgsInput" title="--script-args">Arguments des scripts</label>
<input type="text" id="scriptArgsInput" name="--script-args" placeholder="nom=valeur"
pattern='[a-zA-Z][a-zA-Z0-9\-_]*=[^"]+(,[a-zA-Z][a-zA-Z0-9\-_]*=[^"]+)?' value="<?= $options['--script-args'] ?? "" ?>"
title="<n1=v1,[n2=v2,...]>">
</div>
</div>
<div class="title"><i class="icon dropdown"></i>Détection du système d'exploitation</div>
@ -557,8 +564,8 @@ foreach ([$DATADIR, $NMAPDIR] as $dir) {
<script>
class TagsInput extends Tagify {
constructor(input, options={}, delim = ",") {
options.delimiters = " |,"
options.originalInputValueFormat = tags => tags.map(tag => tag.value).join(delim)
if (!options.delimiters) options.delimiters = " |,"
if (!options.originalInputValueFormat) options.originalInputValueFormat = tags => tags.map(tag => tag.value).join(delim)
if (input.list) options.whitelist = Array.from(input.list.options).map(option => option.value)
super(input, options)
}
@ -585,6 +592,7 @@ foreach ([$DATADIR, $NMAPDIR] as $dir) {
new TagsInput(dnsServersInput)
new TagsInput(scanflagsInput)
new TagsInput(scriptInput, {enforceWhitelist: true})
new TagsInput(scriptArgsInput, {delimiters: ','})
newScanForm.onsubmit = function(event) {
if (this.checkValidity()) {