new scan menu

2024-10-07 20:42:16 +02:00 · 2024-10-07 20:42:16 +02:00 · d5dd51921c
commit d5dd51921c
parent b02c89973c
6 changed files with 77 additions and 71 deletions
--- a/common.php
+++ b/common.php
@ -0,0 +1,13 @@
+<?php
+
+include_once 'config.php';
+
+$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
+  'flags' => FILTER_NULL_ON_FAILURE,
+  'options' => ['regexp' => '/^[^<>:"\/|?]+$/'],
+]);
+
+$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
+  'flags' => FILTER_NULL_ON_FAILURE,
+  'options' => ['regexp' => '/^[\da-zA-Z.:\/_ -]+$/'],
+]);
--- a/config.php
+++ b/config.php
@ -1,4 +1,4 @@
 <?php
-$NMAP_OPTIONS = '-PSssh,http,https,msrpc,microsoft-ds -F -T5';
+
 $SCANS_DIR = 'scans';
-?>
+$NMAP_OPTIONS = '-PSssh,http,https,msrpc,microsoft-ds -F -T5';
--- a/index.php
+++ b/index.php
@ -1,11 +1,4 @@
-<?php
-include_once 'config.php';
-
-$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
-  'flags' => FILTER_NULL_ON_FAILURE,
-  'options' => ['regexp' => '/^[\da-zA-Z.:\/_ -]+$/'],
-]);
-?>
+<?php include_once 'common.php'; ?>
 <!DOCTYPE html>
 <html lang="fr">

@ -27,18 +20,21 @@ $targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
      <a class="header item" href=".">
        lan<?php include 'logo.svg'; ?>can
      </a>
-      <div class="right menu">
-          <iconsearch class="ui right aligned search category item">
-              <div class="ui icon input">
-                  <form id="newScanForm" class="ui form" method="get" action="scan.php">
-                      <input class="prompt" type="text" name="targets" placeholder="Scanner un réseau..." required="" autocomplete="off" title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
-Exemple: <?=$_SERVER['REMOTE_ADDR']; ?>/24 <?=$_SERVER['SERVER_NAME']; ?>" pattern="[a-zA-Z0-9._\/ \-]+" value="<?=$targets; ?>" />
-                  </form>
-                  <i class="satellite dish icon"></i>
-              </div>
-              <div class="results"></div>
-          </iconsearch>
-      </div>
+      <form class="right menu">
+        <div class="ui category search item">
+          <div class="ui icon input">
+            <input class="prompt" type="text" id="targetsInput" name="targets" required=""
+            pattern="[a-zA-Z0-9._\/ \-]+" value="<?=$targets; ?>" placeholder="Scanner un réseau..."
+            title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
+Exemple: <?=$_SERVER['REMOTE_ADDR']; ?>/24 <?=$_SERVER['SERVER_NAME']; ?>"/>
+            <i class="satellite dish icon"></i>
+            <button style="display:none" type="submit" formaction="scan.php" formmethod="get"></button>
+          </div>
+        </div>
+        <div class="item" >
+          <button class="ui teal button" type="submit" formaction="scan-options.php" formmethod="get">Options</button>
+        </div>
+      </form>
    </nav>

    <main class="ui main container">
--- a/advanced-scan.php
+++ b/advanced-scan.php
@ -1,13 +1,6 @@
 <?php
-$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
-  'flags' => FILTER_NULL_ON_FAILURE,
-  'options' => ['regexp' => '/^[^<>:"\/|?]+$/'],
-]);
+include_once 'common.php';

-$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
-  'flags' => FILTER_NULL_ON_FAILURE,
-  'options' => ['regexp' => '/^[\da-zA-Z.:\/_ -]+$/'],
-]);
 if (!$targets) {
    $targets = $_SERVER['SERVER_NAME'].' '.$_SERVER['REMOTE_ADDR'];
 }
--- a/scan.php
+++ b/scan.php
@ -1,14 +1,16 @@
 <?php
+
 include_once 'config.php';

 $targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
    'flags' => FILTER_NULL_ON_FAILURE,
    'options' => ['regexp' => "/^[\da-zA-Z.:\/_ -]+$/"],
 ]);
-if (!$targets) {
-    http_response_code(400);
-    exit('Paramètre targets manquant.');
-}
+
+$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
+    'flags' => FILTER_NULL_ON_FAILURE,
+    'options' => ['regexp' => '/^[^@<>:"\/|!?]+$/'],
+]);

 $dir = $SCANS_DIR;
 if (!file_exists($SCANS_DIR)) {
@ -26,28 +28,27 @@ if (file_exists($initPath)) {
 $basedir = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}:{$_SERVER['SERVER_PORT']}".dirname($_SERVER['REQUEST_URI']);

 $result = `nmap $NMAP_OPTIONS --stylesheet $basedir/stylesheet.xsl -oX - $targets`;
-
-if ($result) {
-    $xml = new DOMDocument();
-    $xml->loadXML($result);
-    $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='targets' value='$targets'"), $xml->documentElement);
-
-    $dir = $SCANS_DIR;
-    if (!file_exists($SCANS_DIR)) {
-        mkdir($SCANS_DIR);
-    }
-    
-    $path = "$SCANS_DIR/".str_replace('/', '!', $targets).'.xml';
-    if (!file_exists($path)) {
-        $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value=''"), $xml->documentElement);
-        $xml->save($path);
-    } else {
-        $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$path'"), $xml->documentElement);
-    }
-
-    header('Content-type: text/xml');
-    exit($xml->saveXML());
-} else {
+if (!$result) {
    http_response_code(500);
    exit();
 }
+
+$xml = new DOMDocument();
+$xml->loadXML($result);
+$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='targets' value='$targets'"), $xml->documentElement);
+
+$dir = $SCANS_DIR;
+if (!file_exists($SCANS_DIR)) {
+    mkdir($SCANS_DIR);
+}
+
+$path = "$SCANS_DIR/".str_replace('/', '!', $targets).'.xml';
+if (!file_exists($path)) {
+    $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value=''"), $xml->documentElement);
+    $xml->save($path);
+} else {
+    $xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$path'"), $xml->documentElement);
+}
+
+header('Content-type: text/xml');
+exit($xml->saveXML());
--- a/stylesheet.xsl
+++ b/stylesheet.xsl
@ -31,7 +31,7 @@

            <body>
                <nav class="ui inverted teal fixed menu">
-                    <a class="header item" href=".">
+                    <a class="header item" href="./?targets={$targets}">
                        <xsl:text>lan</xsl:text>
                        <svg class="logo" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 24 24" xml:space="preserve" width="40" height="40"
                            xmlns="http://www.w3.org/2000/svg"
@ -83,18 +83,21 @@
                        <xsl:text>can</xsl:text>
                    </a>

-                    <div class="right menu">
-                        <iconsearch class="ui right aligned search category item">
-                            <div class="ui icon input">
-                                <form id="newScanForm" class="ui form" method="get" action="scan.php">
-                                    <input class="prompt" type="text" name="targets" placeholder="Scanner un réseau..." required="" autocomplete="off" title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
-Exemple: scanme.nmap.org microsoft.com/24 192.168.0.1 10.0-255.0-255.1-254" pattern="[a-zA-Z0-9._\/ \-]+" value="{$targets}" />
-                                </form>
-                                <i class="satellite dish icon"></i>
-                            </div>
-                            <div class="results"></div>
-                        </iconsearch>
-                    </div>
+                    <form class="right menu">
+                      <div class="ui category search item">
+                        <div class="ui icon input">
+                          <input class="prompt" type="text" id="targetsInput" name="targets" required=""
+                            pattern="[a-zA-Z0-9._\/ \-]+" value="{$targets}" placeholder="Scanner un réseau..."
+                            title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
+Exemple: 192.168.1.0/24 scanme.nmap.org"/>
+                          <i class="satellite dish icon"></i>
+                          <button style="display:none" type="submit" formaction="scan.php" formmethod="get"></button>
+                        </div>
+                      </div>
+                      <div class="item" >
+                        <button class="ui teal button" type="submit" formaction="scan-options.php" formmethod="get">Options</button>
+                      </div>
+                    </form>
                </nav>

                <main class="ui main container">
@ -246,7 +249,7 @@ Exemple: scanme.nmap.org microsoft.com/24 192.168.0.1 10.0-255.0-255.1-254" patt
                </xsl:attribute>
            </xsl:if>
            <xsl:if test="service/@name='ms-wbt-server'">
-                <xsl:attribute name="href">rdp.php?v=<xsl:value-of select="$hostAddress" />:<xsl:value-of select="@portid" />
+                <xsl:attribute name="href">rdp.php?v=<xsl:value-of select="$hostAddress" />&amp;p=<xsl:value-of select="@portid" />
            </xsl:attribute>
        </xsl:if>
        <xsl:if test="(service/@name='microsoft-ds' or service/@name='netbios-ssn') and ../../hostscript/script[@id='smb-shares-size']/table">