From d5dd51921c7ceaaa12947371538c4e7ba08e42b3 Mon Sep 17 00:00:00 2001 From: adrien Date: Mon, 7 Oct 2024 20:42:16 +0200 Subject: [PATCH] new scan menu --- common.php | 13 +++++++ config.php | 4 +- index.php | 36 ++++++++---------- advanced-scan.php => scan-options.php | 9 +---- scan.php | 55 ++++++++++++++------------- stylesheet.xsl | 31 ++++++++------- 6 files changed, 77 insertions(+), 71 deletions(-) create mode 100644 common.php rename advanced-scan.php => scan-options.php (87%) diff --git a/common.php b/common.php new file mode 100644 index 0000000..c62e53a --- /dev/null +++ b/common.php @@ -0,0 +1,13 @@ + FILTER_NULL_ON_FAILURE, + 'options' => ['regexp' => '/^[^<>:"\/|?]+$/'], +]); + +$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [ + 'flags' => FILTER_NULL_ON_FAILURE, + 'options' => ['regexp' => '/^[\da-zA-Z.:\/_ -]+$/'], +]); diff --git a/config.php b/config.php index 3d884c7..fdbb304 100644 --- a/config.php +++ b/config.php @@ -1,4 +1,4 @@ \ No newline at end of file +$NMAP_OPTIONS = '-PSssh,http,https,msrpc,microsoft-ds -F -T5'; diff --git a/index.php b/index.php index eb1588d..0bf9bb6 100755 --- a/index.php +++ b/index.php @@ -1,11 +1,4 @@ - FILTER_NULL_ON_FAILURE, - 'options' => ['regexp' => '/^[\da-zA-Z.:\/_ -]+$/'], -]); -?> + @@ -27,18 +20,21 @@ $targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [ lancan -
- -
-
- -
- -
-
- -
+
+
+
+ + + +
+
+
+ +
+
diff --git a/advanced-scan.php b/scan-options.php similarity index 87% rename from advanced-scan.php rename to scan-options.php index f5178c1..9ae6f58 100755 --- a/advanced-scan.php +++ b/scan-options.php @@ -1,13 +1,6 @@ FILTER_NULL_ON_FAILURE, - 'options' => ['regexp' => '/^[^<>:"\/|?]+$/'], -]); +include_once 'common.php'; -$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [ - 'flags' => FILTER_NULL_ON_FAILURE, - 'options' => ['regexp' => '/^[\da-zA-Z.:\/_ -]+$/'], -]); if (!$targets) { $targets = $_SERVER['SERVER_NAME'].' '.$_SERVER['REMOTE_ADDR']; } diff --git a/scan.php b/scan.php index 63790be..ec713d4 100755 --- a/scan.php +++ b/scan.php @@ -1,14 +1,16 @@ FILTER_NULL_ON_FAILURE, 'options' => ['regexp' => "/^[\da-zA-Z.:\/_ -]+$/"], ]); -if (!$targets) { - http_response_code(400); - exit('Paramètre targets manquant.'); -} + +$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [ + 'flags' => FILTER_NULL_ON_FAILURE, + 'options' => ['regexp' => '/^[^@<>:"\/|!?]+$/'], +]); $dir = $SCANS_DIR; if (!file_exists($SCANS_DIR)) { @@ -26,28 +28,27 @@ if (file_exists($initPath)) { $basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}".dirname($_SERVER['REQUEST_URI']); $result = `nmap $NMAP_OPTIONS --stylesheet $basedir/stylesheet.xsl -oX - $targets`; - -if ($result) { - $xml = new DOMDocument(); - $xml->loadXML($result); - $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='targets' value='$targets'"), $xml->documentElement); - - $dir = $SCANS_DIR; - if (!file_exists($SCANS_DIR)) { - mkdir($SCANS_DIR); - } - - $path = "$SCANS_DIR/".str_replace('/', '!', $targets).'.xml'; - if (!file_exists($path)) { - $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value=''"), $xml->documentElement); - $xml->save($path); - } else { - $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$path'"), $xml->documentElement); - } - - header('Content-type: text/xml'); - exit($xml->saveXML()); -} else { +if (!$result) { http_response_code(500); exit(); -} \ No newline at end of file +} + +$xml = new DOMDocument(); +$xml->loadXML($result); +$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='targets' value='$targets'"), $xml->documentElement); + +$dir = $SCANS_DIR; +if (!file_exists($SCANS_DIR)) { + mkdir($SCANS_DIR); +} + +$path = "$SCANS_DIR/".str_replace('/', '!', $targets).'.xml'; +if (!file_exists($path)) { + $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value=''"), $xml->documentElement); + $xml->save($path); +} else { + $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$path'"), $xml->documentElement); +} + +header('Content-type: text/xml'); +exit($xml->saveXML()); diff --git a/stylesheet.xsl b/stylesheet.xsl index e70558c..43201c1 100755 --- a/stylesheet.xsl +++ b/stylesheet.xsl @@ -31,7 +31,7 @@
@@ -246,7 +249,7 @@ Exemple: scanme.nmap.org microsoft.com/24 192.168.0.1 10.0-255.0-255.1-254" patt - rdp.php?v=: + rdp.php?v=&p=