adrien/lanScan3
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

second draft

Browse Source
This commit is contained in:
Adrien MALINGREY 2024-10-07 01:16:44 +02:00
parent 34a4058ba4
commit f44e1d8267
14 changed files with 993 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
scans/

4
config.php Normal file
View File

@ -0,0 +1,4 @@
<?php
$NMAP_OPTIONS = '-PS22,80,443,445 -F -T5';
$SCANS_DIR = 'scans';

68
index.php
View File

@ -1,68 +0,0 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<title>lanScan</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.min.css" integrity="sha384-HSMxcRTRxnN+Bdg0JdbxYKrThecOKuH5zCYotlSAcp1+c8xmyTe9GYg1l9a69psu" crossorigin="anonymous">
<link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-tagsinput/0.8.0/bootstrap-tagsinput.css" rel="stylesheet" />
<style>
.navbar-brand svg {
margin: -.1em -.6em 0 -.6em;
fill: currentColor;
}
.main.container {
margin-top: 5em;
}
</style>
</head>
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand text-white" href=".">
lan<? include "logo.svg" ?>can
</a>
</div>
</div>
</nav>
<main class="container my-4">
<div class="row">
<div class="col-6 mx-auto">
<form id="scanForm" class="card needs-validation" action="scan.php" method="get" novalidate>
<div class="card-body">
<h5 class="card-title">Scan de découverte</h3>
<div class="mb-3">
<label for="targetInput" class="form-label">Cibles</label>
<input type="text" class="form-control" id="targetInput" name="targets" placeholder="scanme.nmap.org microsoft.com/24 192.168.0.1 10.0.0-255.1-254" pattern="[a-zA-Z0-9/. -]+" required
title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc."
value="192.168.0.0/24">
</div>
<div class="mb-3">
<label for="serviceInput" class="form-label">Services</label>
<input type="text" class="form-control" id="serviceInput" name="p" placeholder="ftp,ssh,http,443,T:23-25,139,8080,U:53" pattern="[a-zA-Z0-9,:-]+"
title="Noms de protocole ou numéros de port TCP ou UDP."
value="ftp,ssh,telnet,http,https,137-139,445,8006,8007,9292" data-role="tagsinput">
</div>
<div class="d-flex justify-content-end">
<button class="btn btn-primary" type="submit">Scan</button>
</div>
</div>
</form>
</div>
</div>
</main>
<script src="https://code.jquery.com/jquery-3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.min.js" integrity="sha384-aJ21OjlMXNL5UyIl/XNwTMqvzeRMZH2w8c5cRVpzpU8Y5bApTppSuUkhZXN0VxHd" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-tagsinput/0.8.0/bootstrap-tagsinput.min.js"></script>
<script>
scanForm.onsubmit = (event) => {
if (!scanForm.checkValidity()) {
event.preventDefault()
event.stopPropagation()
}
scanForm.classList.add('was-validated')
}
</script>
</body>
</html>

0
logo.svg Normal file → Executable file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.0 KiB

After

Width:  |  Height:  |  Size: 2.0 KiB

73
new-scan.php Executable file
View File

@ -0,0 +1,73 @@
<?php
$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[^<>:"\/|?]+$/'],
]);
$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[\da-zA-Z.:\/_ -]+$/'],
]);
if (!$targets) {
$targets = $_SERVER['SERVER_NAME'].' '.$_SERVER['REMOTE_ADDR'];
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8" />
<title>lanScan</title>
<script src="https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.3/dist/semantic.min.js"></script>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.3/dist/semantic.min.css" />
<script src="https://cdn.jsdelivr.net/npm/@yaireo/tagify"></script>
<script src="https://cdn.jsdelivr.net/npm/@yaireo/tagify/dist/tagify.polyfills.min.js"></script>
<link href="https://cdn.jsdelivr.net/npm/@yaireo/tagify/dist/tagify.css" rel="stylesheet" type="text/css" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<nav class="ui inverted teal fixed menu">
<a class="header item" href=".">
lan<?php include 'logo.svg'; ?>can
</a>
</nav>
<main class="ui main container">
<form id="newScanForm" class="ui form" method="get" action="scan.php">
<h1 class="header">Nouveau scan</h1>
<div class="field">
<label for="nameInput">Nom</label>
<input id="nameInput" type="text" name="name" placeholder="Réseau local" pattern='[^&lt;&gt;:&quot;\\\/\|@?]+' required=""
title='Nom de fichier valide (ne contenant pas les caractères &lt;&gt;:&quot;\/|@?)'
value="<?= htmlspecialchars($name); ?>">
</div>
<div class="field">
<label for="targetsInput">Cibles</label>
<input id="targetsInput" type="text" name="targets" placeholder="scanme.nmap.org 192.168.0.0/24" required=""
title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
Exemple: scanme.nmap.org microsoft.com/24 192.168.0.1 10.0-255.0-255.1-254"
pattern="[a-zA-Z0-9._\/ \-]+" value="<?= htmlspecialchars($targets); ?>" />
</div>
<button id="newScanSubmitButton" type="submit" class="ui fluid large teal submit button">Démarrer</button>
</form>
</main>
<script>
tagify = new Tagify(targetsInput, {
pattern: /[a-zA-Z\d.-_/]+/,
delimiters: " ",
originalInputValueFormat: tags => tags.map(tag => tag.value).join(' ')
})
newScanForm.onsubmit = function(event) {
if (this.checkValidity()) return true
event.preventDefault()
this.reportValidity()
newScanSubmitButton.innerHTML = "<div class='ui active inline inverted loader'></div>"
}
</script>
</body>
</html>

109
nmap/scripts/http-info.nse Normal file
View File

@ -0,0 +1,109 @@
local shortport = require "shortport"
description = [[
Get and return a page info
]]
---
-- @args http-get.path Path to get. Default /.
--
-- @usage nmap -p80 --script http-info.nse --script-args http-info.path=/ <host>
--
-- @output
-- status: 200
-- status-line: HTTP/1.1 200 OK\x0D
---
categories = {"discovery", "intrusive"}
author = "Adrien Malingrey"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
portrule = shortport.service({"http", "https", "ssl"})
local http = require "http"
local stdnse = require "stdnse"
action = function(host, port)
local scheme = ""
local hostaddress = (host.name ~= '' and host.name) or host.ip
local path = "/"
local uri
local favicon_relative_uri = "/favicon.ico"
local favicon
if (port.service == "ssl") then
scheme = "https"
else
scheme = port.service
end
if(stdnse.get_script_args('http-get.path')) then
path = stdnse.get_script_args('http-info.path')
end
uri = scheme.."://"..hostaddress..":"..port.number..path
stdnse.debug1("Try to download %s", uri)
local answer = http.get_url(uri, {})
local info = {status=answer.status, ["status-line"]=answer["status-line"]}
if (answer and answer.status == 200) then
stdnse.debug1("[SUCCESS] Load page %s", uri)
-- Taken from http-title.nse by Diman Todorov
local title = string.match(answer.body, "<[Tt][Ii][Tt][Ll][Ee][^>]*>([^<]*)</[Tt][Ii][Tt][Ll][Ee]>")
if (title) then
info.title = title
end
stdnse.debug1("[INFO] Try favicon %s", favicon_relative_uri)
favicon_relative_uri = parseIcon(answer.body) or "favicon.ico"
else
stdnse.debug1("[ERROR] Can't load page %s", uri)
end
favicon_absolute_uri = scheme.."://"..hostaddress..":"..port.number..favicon_relative_uri
favicon = http.get_url(favicon_absolute_uri, {})
if (favicon and favicon.status == 200) then
stdnse.debug1("[SUCCESS] Load favicon %s", favicon_absolute_uri)
info.favicon = favicon_absolute_uri
else
stdnse.debug1("[ERROR] Can't load favicon %s", favicon_absolute_uri)
end
return info
end
--- function taken from http_favicon.nse by Vlatko Kosturjak
function parseIcon( body )
local _, i, j
local rel, href, word
-- Loop through link elements.
i = 0
while i do
_, i = string.find(body, "<%s*[Ll][Ii][Nn][Kk]%s", i + 1)
if not i then
return nil
end
-- Loop through attributes.
j = i
while true do
local name, quote, value
_, j, name, quote, value = string.find(body, "^%s*(%w+)%s*=%s*([\"'])(.-)%2", j + 1)
if not j then
break
end
if string.lower(name) == "rel" then
rel = value
elseif string.lower(name) == "href" then
href = value
end
end
for word in string.gmatch(rel or "", "%S+") do
if string.lower(word) == "icon" then
return href
end
end
end
end

2
nmap/scripts/script-args.ini Normal file
View File

@ -0,0 +1,2 @@
smbuser =
smbpassword =

206
nmap/scripts/smb-shares-size.nse Normal file
View File

@ -0,0 +1,206 @@
local stdnse = require "stdnse"
local smb = require "smb"
local smb2 = require "smb2"
local msrpc = require "msrpc"
local bin = require "bin"
local shortport = require "shortport"
description = [[
Return free and total size in octets of each SMB shares
]]
---
-- @args See the documentation for the smbauth library.
--
-- @usage nmap -p445 --script smb-shares-size.nse <host>
--
-- @output
-- Host script results:
-- | smb-shares-size:
-- | data:
-- | FreeSize: 38495883264
-- | TotalSize: 500961574912
-- |_ IPC$: NT_STATUS_ACCESS_DENIED
---
categories = {"discovery", "intrusive"}
author = "Adrien Malingrey"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
portrule = shortport.service({"microsoft-ds", "netbios-ssn"})
action = function(host)
local status, shares, extra
local response = stdnse.output_table()
-- Try and do this the good way, make a MSRPC call to get the shares
stdnse.debug1("SMB: Attempting to log into the system to enumerate shares")
status, shares = msrpc.enum_shares(host)
if(status == false) then
return stdnse.format_output(false, string.format("Couldn't enumerate shares: %s", shares))
end
-- Get more information on each share
for i = 1, #shares, 1 do
local share = shares[i]
if (share ~= nil) then
local status, result = get_share_info(host, share)
if (status) then
response[share] = result
end
end
end
return response
end
TRANS2_QUERY_FS_INFORMATION = 0x0003
SMB_QUERY_FS_SIZE_INFO = 0x0103
---Attempts to retrieve additional information about a share. Will fail unless we have
-- administrative access.
--
--@param host The host object.
--@return Status (true or false).
--@return A table of information about the share (if status is true) or an an error string (if
-- status is false).
function get_share_info(host, share)
local status, smbstate, err
local hostaddress = (host.name ~= '' and host.name) or host.ip
local path = "\\\\" .. hostaddress .. "\\" .. share
status, smbstate = smb.start(host)
status, err = smb.negotiate_protocol(smbstate, {})
status, err = smb.start_session(smbstate, {})
status, err = smb.tree_connect(smbstate, path, {})
stdnse.debug1("SMB: Getting information for share: %s", path)
local status, err = send_transaction2(smbstate, TRANS2_QUERY_FS_INFORMATION, bin.pack("<S", SMB_QUERY_FS_SIZE_INFO))
if ( not(status) ) then
status, err = smb.stop(smbstate)
return false, "Failed to send data to server: send_transaction2"
end
local status, response = receive_transaction2(smbstate)
if ( not(status) ) then
status, err = smb.stop(smbstate)
return false, response
end
local pos, totalAllocationUnits, totalFreeAllocationUnits, sectorsPerAllocationUnit, bytesPerSector = bin.unpack("<LLII", response.data)
status, err = smb.stop(smbstate)
return true, {
TotalSize = totalAllocationUnits * sectorsPerAllocationUnit * bytesPerSector,
FreeSize = totalFreeAllocationUnits * sectorsPerAllocationUnit * bytesPerSector
}
end
-- Taken from smb lib
function send_transaction2(smbstate, sub_command, function_parameters, function_data, overrides)
overrides = overrides or {}
local header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, pid, mid
local header, parameters, data
local parameter_offset = 0
local parameter_size = 0
local data_offset = 0
local data_size = 0
local total_word_count, total_data_count, reserved1, parameter_count, parameter_displacement, data_count, data_displacement, setup_count, reserved2
local response = {}
-- Header is 0x20 bytes long (not counting NetBIOS header).
header = smb.smb_encode_header(smbstate, smb.command_codes['SMB_COM_TRANSACTION2'], overrides) -- 0x32 = SMB_COM_TRANSACTION2
if(function_parameters) then
parameter_offset = 0x44
parameter_size = #function_parameters
data_offset = #function_parameters + 33 + 32
end
-- Parameters are 0x20 bytes long.
parameters = bin.pack("<SSSSCCSISSSSSCCS",
parameter_size, -- Total parameter count.
data_size, -- Total data count.
0x000a, -- Max parameter count.
0x3984, -- Max data count.
0x00, -- Max setup count.
0x00, -- Reserved.
0x0000, -- Flags (0x0000 = 2-way transaction, don't disconnect TIDs).
0x00001388, -- Timeout (0x00000000 = return immediately).
0x0000, -- Reserved.
parameter_size, -- Parameter bytes.
parameter_offset, -- Parameter offset.
data_size, -- Data bytes.
data_offset, -- Data offset.
0x01, -- Setup Count
0x00, -- Reserved
sub_command -- Sub command
)
local data = "\0\0\0" .. (function_parameters or '')
.. (function_data or '')
-- Send the transaction request
stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION2")
local result, err = smb.smb_send(smbstate, header, parameters, data, overrides)
if(result == false) then
stdnse.debug1("SMB: Try SMBv2 connexion")
local result, err = smb2.smb2_send(smbstate, header, parameters, data, overrides)
if(result == false) then
return false, err
end
end
return true
end
function receive_transaction2(smbstate)
-- Read the result
local status, header, parameters, data = smb.smb_read(smbstate)
if(status ~= true) then
stdnse.debug1("SMB: Try SMBv2 connexion")
local status, header, parameters, data = smb2.smb2_read(smbstate)
if(status ~= true) then
return false, header
end
end
-- Check if it worked
local pos, header1, header2, header3, header4, command, status, flags, flags2, pid_high, signature, unused, tid, pid, uid, mid = bin.unpack("<CCCCCICSSlSSSSS", header)
if(header1 == nil or mid == nil) then
return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [29]"
end
if(status ~= 0) then
if(smb.status_names[status] == nil) then
return false, string.format("Unknown SMB error: 0x%08x\n", status)
else
return false, smb.status_names[status]
end
end
-- Parse the parameters
local pos, total_word_count, total_data_count, reserved1, parameter_count, parameter_offset, parameter_displacement, data_count, data_offset, data_displacement, setup_count, reserved2 = bin.unpack("<SSSSSSSSSCC", parameters)
if(total_word_count == nil or reserved2 == nil) then
return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [30]"
end
-- Convert the parameter/data offsets into something more useful (the offset into the data section)
-- - 0x20 for the header, - 0x01 for the length.
parameter_offset = parameter_offset - 0x20 - 0x01 - #parameters - 0x02;
-- - 0x20 for the header, - 0x01 for parameter length, the parameter length, and - 0x02 for the data length.
data_offset = data_offset - 0x20 - 0x01 - #parameters - 0x02;
-- I'm not sure I entirely understand why the '+1' is here, but I think it has to do with the string starting at '1' and not '0'.
local function_parameters = string.sub(data, parameter_offset + 1, parameter_offset + parameter_count)
local function_data = string.sub(data, data_offset + 1, data_offset + data_count)
local response = {}
response['parameters'] = function_parameters
response['data'] = function_data
return true, response
end

6
rdp.php Normal file
View File

@ -0,0 +1,6 @@
<?php
header('Content-Disposition: attachment; filename='.str_replace(':', '_', $_GET['v']).'.rdp');
header('Content-Type: application/rdp');
echo "full address:s:${_GET['v']}\n";
exit();

65
scan.php Executable file
View File

@ -0,0 +1,65 @@
<?php
include_once 'config.php';
$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[^@<>:"\/|?]+$/'],
]);
if (!$name) {
http_response_code(400);
exit('Paramètre name manquant.');
}
$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => "/^[\da-zA-Z.:\/_ -]+$/"],
]);
if (!$targets) {
http_response_code(400);
exit('Paramètre targets manquant.');
}
$basedir = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['REQUEST_URI']);
$dir = $SCANS_DIR;
if (!file_exists($dir)) {
mkdir($dir);
}
$firstPath = ("$dir/${name}.xml");
if (file_exists($firstPath)) {
$path = ("$dir/${name}@".date('YmdHis').'.xml');
} else {
$path = $firstPath;
$firstPath = '';
}
$stylesheetUrl = "$basedir/stylesheet.xsl";
$command = 'NMAPDIR=./nmap nmap';
$command .= " $NMAP_OPTIONS";
$command .= ' -oX '.escapeshellarg($path);
$command .= ' --stylesheet '.escapeshellarg($stylesheetUrl);
$command .= " $targets";
exec($command, $output, $retval);
if (!file_exists(__DIR__."/$path")) {
http_response_code(500);
exit(implode("<br/>\n", $output));
}
// Add params
$xml = new DOMDocument();
$xml->load($path);
$processingInstruction = $xml->createProcessingInstruction('xslt-param', "name='name' value='$name'");
$xml->insertBefore($processingInstruction, $xml->documentElement);
$processingInstruction = $xml->createProcessingInstruction('xslt-param', "name='targets' value='$targets'");
$xml->insertBefore($processingInstruction, $xml->documentElement);
$processingInstruction = $xml->createProcessingInstruction('xslt-param', "name='basedir' value='$basedir'");
$xml->insertBefore($processingInstruction, $xml->documentElement);
$processingInstruction = $xml->createProcessingInstruction('xslt-param', "name='compareWith' value='$basedir/$firstPath'");
$xml->insertBefore($processingInstruction, $xml->documentElement);
$xml->save($path);
header('Location: '.$path);

2
server.php Normal file
View File

@ -0,0 +1,2 @@
<?php
var_dump($_SERVER);

31
style.css Normal file
View File

@ -0,0 +1,31 @@
.header svg {
margin: -.5em -.4em -.5em -.4em;
fill: currentColor;
}
.main.container {
margin-top: 7em;
}
.tagify {
width: 100%;
border-radius: .28571429rem;
--tags-focus-border-color: #85b7d9;
--placeholder-color: rgba(191,191,191,.87);
--placeholder-color-focus: rgba(115,115,115,.87);
}
.ui.label {
margin: .14285714em;
}
.ui.label > .detail {
margin-left: .3em;
}
.share-size {
--free-ratio: calc(var(--free) / var(--total));
--used-percent: calc(100% - 100%*var(--free-ratio));
--color: hsl(calc(120*var(--free-ratio)) 100% 50%);
background-image: linear-gradient(to right, var(--color) var(--used-percent), transparent var(--used-percent), transparent) !important;
}

259
stylesheet copy.php Executable file
View File

@ -0,0 +1,259 @@
<?php
$name = filter_input(INPUT_GET, 'name', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[^<>:"\/|@?]+$/'],
]);
$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, [
'flags' => FILTER_NULL_ON_FAILURE,
'options' => ['regexp' => '/^[\da-zA-Z.\/_ -]+$/'],
]);
$basedir = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].dirname($_SERVER['REQUEST_URI']);
$firstScan = "$basedir/scans/$name.xml";
?>
<?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" version="2.0">
<xsl:output method="html" encoding="UTF-8"/>
<xsl:output indent="yes"/>
<xsl:strip-space elements='*'/>
<xsl:variable name="name"><?=$name ?></xsl:variable>
<xsl:variable name="basedir"><?=$basedir ?></xsl:variable>
<xsl:variable name="firstScan" select="document('<?=$firstScan ?>')"/>
<xsl:variable name="currentScan" select="nmaprun"/>
<xsl:apply-templates select="$firstScan/nmaprun"/>
<xsl:template match="nmaprun">
<html lang="fr">
<head>
<meta charset="utf-8"/>
<title><xsl:value-of select="$name"/> - lanScan</title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.3/dist/semantic.min.css"/>
<link href="https://cdn.jsdelivr.net/npm/@yaireo/tagify/dist/tagify.css" rel="stylesheet" type="text/css"/>
<link href="https://cdn.datatables.net/v/dt/jszip-3.10.1/dt-2.1.8/b-3.1.2/b-html5-3.1.2/b-print-3.1.2/fh-4.0.1/r-3.0.3/datatables.css" rel="stylesheet"/>
<link href="{$basedir}/style.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.7.1.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/fomantic-ui/2.9.2/semantic.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/@yaireo/tagify"></script>
<script src="https://cdn.jsdelivr.net/npm/@yaireo/tagify/dist/tagify.polyfills.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/pdfmake.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/vfs_fonts.js"></script>
<script src="https://cdn.datatables.net/v/dt/jszip-3.10.1/dt-2.1.8/b-3.1.2/b-html5-3.1.2/b-print-3.1.2/fh-4.0.1/r-3.0.3/datatables.js"></script>
</head>
<body>
<nav class="ui inverted teal fixed menu">
<a class="header item" href="{$basedir}">
lan<?php include 'logo.svg'; ?>can
</a>
<div class="right menu">
<div class="item">
<button class="ui icon teal button" onclick="$('#newScanForm').modal('show')">
<i class="satellite dish icon"></i>Nouveau scan
</button>
</div>
</div>
</nav>
<form id="newScanForm" class="ui modal form" method="get" action="{$basedir}/scan.php">
<i class="close icon"></i>
<div class="header">Nouveau scan</div>
<div class="content">
<div class="field">
<label for="nameInput">Nom</label>
<input id="nameInput" type="text" name="name" placeholder="Réseau local" pattern='[^&lt;&gt;:&quot;\\\/\|?]+' required="" title='Nom de fichier valide (ne contenant pas les caractères &lt;&gt;:&quot;\/|?)' value="<?= htmlspecialchars($name); ?>"/>
</div>
<div class="field">
<label for="targetsInput">Cibles</label>
<input id="targetsInput" type="text" name="targets" placeholder="scanme.nmap.org 192.168.0.0/24" required="" title="Les cibles peuvent être spécifiées par des noms d'hôtes, des adresses IP, des adresses de réseaux, etc.
Exemple: scanme.nmap.org microsoft.com/24 192.168.0.1 10.0-255.0-255.1-254" pattern="[a-zA-Z0-9._\/ \-]+" value="<?= htmlspecialchars($targets); ?>"/>
</div>
</div>
<div class="actions">
<button type="submit" class="ui teal right button">Démarrer</button>
</div>
</form>
<main class="ui main container">
<xsl:choose>
<xsl:when test="$currentScan/runstats/finished/@errormsg">
<div class="ui negative icon message">
<i class="exclamation triangle icon"></i>
<div class="content">
<div class="header" style="text-transform: capitalize"><xsl:value-of select="$currentScan/runstats/finished/@exit"/></div>
<p><xsl:value-of select="$currentScan/runstats/finished/@errormsg"/></p>
</div>
</div>
</xsl:when>
<xsl:when test="$currentScan/runstats/finished/@summary">
<div class="ui icon message">
<i class="sitemap icon"></i>
<div class="content">
<div class="header" style="text-transform: capitalize"><xsl:value-of select="$currentScan/runstats/finished/@exit"/></div>
<p><xsl:value-of select="$currentScan/runstats/finished/@summary"/></p>
</div>
</div>
</xsl:when>
</xsl:choose>
<h1 class="ui header"><?=$name; ?></h1>
<table id="table-overview" style="width:100%" role="grid" class="ui celled sortable padded tiny table">
<thead>
<tr>
<th>Etat</th>
<th>Adresse IP</th>
<th>Nom</th>
<th class="ten wide">Services</th>
</tr>
</thead>
<tbody>
<xsl:apply-templates select="host"/>
</tbody>
</table>
</main>
<script>
tagify = new Tagify(targetsInput, {
pattern: /[a-zA-Z\d.-_/]+/,
delimiters: " ",
originalInputValueFormat: tags => tags.map(tag => tag.value).join(' ')
})
newScanForm.onsubmit = function(event) {
if (this.checkValidity()) return true
event.preventDefault()
this.reportValidity()
newScanSubmitButton.innerHTML = "<div class='ui active inline inverted loader'></div>"
}
DataTable.ext.type.detect.unshift(function (d) {
return /[\d]+\.[\d]+\.[\d]+\.[\d]+/.test(d)
? 'ipv4-address'
: null;
});
DataTable.ext.type.order['ipv4-address-pre'] = function (ipAddress) {
[a, b, c, d] = ipAddress.split(".").map(s => Number(s))
return 16777216*a + 65536*b + 256*c + d;
};
$('#table-overview').DataTable({
buttons: ['copy', 'excel', 'pdf'],
fixedHeader: true,
lengthMenu: [
[256, 512, 1024, 2048, -1],
[256, 512, 1024, 2048, "All"]
],
responsive: true
})
$('.ui.dropdown').dropdown()
</script>
</body>
</html>
</xsl:template>
<xsl:template match="host">
<xsl:variable name="firstScanHost" select="."/>
<xsl:variable name="currentScanHost" select="$currentScan/host[address/@addr=$firstScanHost/address/@addr]"/>
<tr>
<xsl:attribute name="class">
<xsl:choose>
<xsl:when test="$currentScanHost/status/@state='up'">positive</xsl:when>
<xsl:otherwise>negative</xsl:otherwise>
</xsl:choose>
</xsl:attribute>
<td>
<xsl:value-of select="$currentScanHost/status/@state"/>
</td>
<td>
<xsl:value-of select="$currentScanHost/address/@addr"/>
</td>
<td>
<b><xsl:value-of select="$currentScanHost/hostnames/hostname/@name"/></b>
</td>
<td>
<xsl:apply-templates select="$firstScanHost/ports/port">
<xsl:with-param name="hostAddress">
<xsl:choose>
<xsl:when test="$currentScanHost/hostnames/hostname/@name">
<xsl:value-of select="$currentScanHost/hostnames/hostname/@name"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="address/@addr"/>
</xsl:otherwise>
</xsl:choose>
</xsl:with-param>
</xsl:apply-templates>
</td>
</tr>
</xsl:template>
<xsl:template match="port">
<xsl:param name="hostAddress"/>
<a class="ui label" target="_blank">
<xsl:attribute name="class">
<xsl:text>ui label </xsl:text>
<xsl:choose>
<xsl:when test="script[@id='http-info']/elem[@key='status']>=500">red</xsl:when>
<xsl:when test="script[@id='http-info']/elem[@key='status']>=400">orange</xsl:when>
<xsl:when test="script[@id='http-info']/elem[@key='status']>=200">green</xsl:when>
<xsl:when test="state/@state='open'">green</xsl:when>
<xsl:when test="state/@state='filtered'">orange disabled</xsl:when>
<xsl:otherwise>red disabled</xsl:otherwise>
</xsl:choose>
<xsl:choose>
<xsl:when test="(service/@name='microsoft-ds' or service/@name='netbios-ssn') and ../../hostscript/script[@id='smb-shares-size']/table"> mini dropdown button share-size</xsl:when>
<xsl:otherwise> small</xsl:otherwise>
</xsl:choose>
</xsl:attribute>
<xsl:if test="service/@name='ftp' or service/@name='ssh' or service/@name='http' or service/@name='https'">
<xsl:attribute name="href">
<xsl:value-of select="service/@name"/>://<xsl:value-of select="$hostAddress"/>:<xsl:value-of select="@portid"/>
</xsl:attribute>
</xsl:if>
<xsl:if test="service/@name='ms-wbt-server'">
<xsl:attribute name="href">
<xsl:value-of select="$basedir"/>/rdp.php?v=<xsl:value-of select="$hostAddress"/>:<xsl:value-of select="@portid"/>
</xsl:attribute>
</xsl:if>
<xsl:if test="(service/@name='microsoft-ds' or service/@name='netbios-ssn') and ../../hostscript/script[@id='smb-shares-size']/table">
<xsl:attribute name="style">
<xsl:for-each select="../../hostscript/script[@id='smb-shares-size']/table">
<xsl:sort select="elem[@key='FreeSize'] div elem[@key='TotalSize']" order="ascending"/>
<xsl:if test="position()=1">
<xsl:text>--free: </xsl:text>
<xsl:value-of select="elem[@key='FreeSize']"/>
<xsl:text>; --total: </xsl:text>
<xsl:value-of select="elem[@key='TotalSize']"/>
</xsl:if>
</xsl:for-each>
</xsl:attribute>
</xsl:if>
<xsl:value-of select="service/@name"/>
<div class="detail">
<xsl:choose>
<xsl:when test="@protocol='udp'">U:</xsl:when>
<xsl:otherwise>:</xsl:otherwise>
</xsl:choose>
<xsl:value-of select="@portid"/>
</div>
<xsl:if test="(service/@name='microsoft-ds' or service/@name='netbios-ssn') and ../../hostscript/script[@id='smb-shares-size']/table">
<i class="dropdown icon"></i>
<div class="menu">
<xsl:apply-templates select="../../hostscript/script[@id='smb-shares-size']/table">
<xsl:with-param name="hostAddress" select="$hostAddress"/>
</xsl:apply-templates>
</div>
</xsl:if>
</a>
</xsl:template>
<xsl:template match="table">
<xsl:param name="hostAddress"/>
<a class="item share-size" href="file://///{$hostAddress}/{@key}" target="_blank" rel="noopener noreferrer" style="--free: {elem[@key='FreeSize']}; --total: {elem[@key='TotalSize']}">
<xsl:value-of select="@key"/>
</a>
</xsl:template>
</xsl:stylesheet>

235
stylesheet.xsl Executable file
View File

@ -0,0 +1,235 @@
<?xml version="1.0" encoding="utf-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" version="2.0">
<xsl:output method="html" encoding="UTF-8"/>
<xsl:output indent="yes"/>
<xsl:strip-space elements='*'/>
<xsl:param name="name"/>
<xsl:param name="basedir"/>
<xsl:param name="targets"/>
<xsl:param name="compareWith"/>
<xsl:variable name="current" select="./nmaprun"/>
<xsl:variable name="previous" select="document(string($compareWith))/nmaprun"/>
<xsl:template match="nmaprun">
<html lang="fr">
<head>
<meta charset="utf-8"/>
<title>lanScan - <xsl:value-of select="$name"/></title>
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/fomantic-ui@2.9.3/dist/semantic.min.css"/>
<link href="https://cdn.jsdelivr.net/npm/@yaireo/tagify/dist/tagify.css" rel="stylesheet" type="text/css"/>
<link href="https://cdn.datatables.net/v/dt/jszip-3.10.1/dt-2.1.8/b-3.1.2/b-html5-3.1.2/b-print-3.1.2/fh-4.0.1/r-3.0.3/datatables.css" rel="stylesheet"/>
<link href="{$basedir}/style.css" rel="stylesheet" type="text/css"/>
<script src="https://code.jquery.com/jquery-3.7.1.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/fomantic-ui/2.9.2/semantic.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/@yaireo/tagify"></script>
<script src="https://cdn.jsdelivr.net/npm/@yaireo/tagify/dist/tagify.polyfills.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/pdfmake.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/vfs_fonts.js"></script>
<script src="https://cdn.datatables.net/v/dt/jszip-3.10.1/dt-2.1.8/b-3.1.2/b-html5-3.1.2/b-print-3.1.2/fh-4.0.1/r-3.0.3/datatables.js"></script>
</head>
<body>
<nav class="ui inverted teal fixed menu">
<a class="header item" href="{$basedir}">
<xsl:text>lan</xsl:text>
<svg class="logo" version="1.1" id="Layer_1" x="0px" y="0px"
viewBox="0 0 24 24" xml:space="preserve" width="40" height="40" xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg"><defs id="defs206" /><g id="g998" transform="matrix(0,0.04687491,-0.04687491,0,24,2.2682373e-5)"><g id="g147"><g id="g145"><path
d="m 322.065,92.046 c -46.24,0 -83.851,37.619 -83.851,83.857 v 168.712 c 0,25.224 -21.148,45.745 -46.372,45.745 -25.224,0 -46.372,-20.521 -46.372,-45.745 V 199.464 h -38.114 v 145.151 c 0,46.24 38.246,83.859 84.486,83.859 46.24,0 84.486,-37.619 84.486,-83.859 V 175.903 c 0,-25.223 20.514,-45.743 45.737,-45.743 25.223,0 45.737,20.521 45.737,45.743 v 134.092 h 38.114 V 175.903 c 0,-46.239 -37.611,-83.857 -83.851,-83.857 z"
id="path143" /></g></g><g id="g153"><g id="g151"><path
d="M 144.198,0 H 108.625 C 98.101,0 89.568,8.746 89.568,19.271 c 0,1.157 0.121,2.328 0.318,3.598 h 73.052 c 0.197,-1.27 0.318,-2.441 0.318,-3.598 C 163.256,8.746 154.723,0 144.198,0 Z"
id="path149" /></g></g><g id="g159"><g id="g157"><path
d="m 420.183,486.591 h -71.731 c -0.626,2.541 -0.978,4.077 -0.978,6.176 0,10.525 8.532,19.234 19.057,19.234 h 35.573 c 10.525,0 19.057,-8.709 19.057,-19.234 0,-2.098 -0.352,-3.635 -0.978,-6.176 z"
id="path155" /></g></g><g id="g165"><g id="g163"><rect x="87.027" y="41.925999" width="80.040001" height="138.481" id="rect161" /></g></g><g id="g171"><g id="g169"><rect x="344.93301" y="329.052" width="80.040001" height="138.481" id="rect167" /></g></g><g id="g173"></g><g id="g175"></g><g id="g177"></g><g id="g179"></g><g id="g181"></g><g id="g183"></g><g id="g185"></g><g id="g187"></g><g id="g189"></g><g id="g191"></g><g id="g193"></g><g id="g195"></g><g id="g197"></g><g id="g199"></g><g id="g201"></g></g></svg>
<xsl:text>can</xsl:text>
</a>
<div class="right menu">
<a class="item" href="{$basedir}/new-scan.php?name={$name}&amp;targets={$targets}"><i class="satellite dish icon"></i>Nouveau scan</a>
</div>
</nav>
<main class="ui main container">
<xsl:if test="runstats/finished/@errormsg">
<div class="ui negative icon message">
<i class="exclamation triangle icon"></i>
<div class="content">
<div class="header" style="text-transform: capitalize"><xsl:value-of select="runstats/finished/@exit"/></div>
<p><xsl:value-of select="runstats/finished/@errormsg"/></p>
</div>
</div>
</xsl:if>
<h1 class="ui header">
<xsl:value-of select="$name"/>
<div class="sub header"><xsl:value-of select="$targets"/></div>
</h1>
<xsl:if test="$previous">
<div class="ui info message">
<xsl:text>Comparaison avec le scan de </xsl:text>
<xsl:value-of select="$previous/runstats/finished/@timestr"/>
</div>
</xsl:if>
<table id="scanResultsTable" style="width:100%" role="grid" class="ui sortable table">
<thead>
<tr>
<th>Etat</th>
<th>Adresse IP</th>
<th>Nom</th>
<th class="ten wide">Services</th>
</tr>
</thead>
<tbody>
<xsl:apply-templates select="host | $previous/host[not(address/@addr = $current/host/address/@addr)]"/>
</tbody>
<caption><xsl:value-of select="runstats/finished/@summary"/></caption>
</table>
</main>
<script>
DataTable.ext.type.detect.unshift(function (d) {
return /[\d]+\.[\d]+\.[\d]+\.[\d]+/.test(d)
? 'ipv4-address'
: null;
});
DataTable.ext.type.order['ipv4-address-pre'] = function (ipAddress) {
[a, b, c, d] = ipAddress.split(".").map(s => Number(s))
return 16777216*a + 65536*b + 256*c + d;
};
var table = $('#scanResultsTable').DataTable({
buttons: ['copy', 'excel', 'pdf'],
fixedHeader: true,
lengthMenu: [
[256, 512, 1024, 2048, -1],
[256, 512, 1024, 2048, "All"]
],
responsive: true,
})
table.order([1, 'asc']).draw()
$('.ui.dropdown').dropdown()
</script>
</body>
</html>
</xsl:template>
<xsl:template match="host">
<xsl:variable name="addr" select="address/@addr"/>
<xsl:variable name="previousHost" select="$previous/host[address/@addr=$addr]"/>
<xsl:variable name="currentHost" select="$current/host[address/@addr=$addr]"/>
<tr>
<xsl:attribute name="class">
<xsl:choose>
<xsl:when test="$currentHost/status/@state='up'">positive</xsl:when>
<xsl:otherwise>negative</xsl:otherwise>
</xsl:choose>
</xsl:attribute>
<td>
<xsl:choose>
<xsl:when test="$currentHost">
<xsl:value-of select="$currentHost/status/@state"/>
</xsl:when>
<xsl:otherwise>down</xsl:otherwise>
</xsl:choose>
</td>
<td>
<xsl:value-of select="address/@addr"/>
</td>
<td>
<b><xsl:value-of select="hostnames/hostname/@name"/></b>
</td>
<td>
<xsl:apply-templates select="$currentHost/ports/port | $previousHost/ports/port[not(@portid=$currentHost/ports/port/@portid)]">
<xsl:with-param name="hostAddress">
<xsl:choose>
<xsl:when test="hostnames/hostname/@name">
<xsl:value-of select="hostnames/hostname/@name"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="address/@addr"/>
</xsl:otherwise>
</xsl:choose>
</xsl:with-param>
<xsl:with-param name="previousHost" select="$previousHost"/>
<xsl:with-param name="currentHost" select="$currentHost"/>
<xsl:sort select="@portid" order="ascending"/>
</xsl:apply-templates>
</td>
</tr>
</xsl:template>
<xsl:template match="port">
<xsl:param name="hostAddress"/>
<xsl:param name="previousHost"/>
<xsl:param name="currentHost"/>
<xsl:variable name="portid" select="@portid"/>
<xsl:variable name="previousPort" select="$previousHost/ports/port[@portid=$portid]"/>
<xsl:variable name="currentPort" select="$currentHost/ports/port[@portid=$portid]"/>
<a class="ui label" target="_blank">
<xsl:attribute name="class">
<xsl:text>ui label </xsl:text>
<xsl:choose>
<xsl:when test="$currentPort/script[@id='http-info']/elem[@key='status']>=500">red</xsl:when>
<xsl:when test="$currentPort/script[@id='http-info']/elem[@key='status']>=400">orange</xsl:when>
<xsl:when test="$currentPort/script[@id='http-info']/elem[@key='status']>=200">green</xsl:when>
<xsl:when test="$currentPort/state/@state='open'">green</xsl:when>
<xsl:when test="$currentPort/state/@state='filtered'">orange disabled</xsl:when>
<xsl:otherwise>red disabled</xsl:otherwise>
</xsl:choose>
<xsl:choose>
<xsl:when test="(service/@name='microsoft-ds' or service/@name='netbios-ssn') and ../../hostscript/script[@id='smb-shares-size']/table"> mini dropdown button share-size</xsl:when>
<xsl:otherwise> small</xsl:otherwise>
</xsl:choose>
</xsl:attribute>
<xsl:if test="service/@name='ftp' or service/@name='ssh' or service/@name='http' or service/@name='https'">
<xsl:attribute name="href">
<xsl:value-of select="service/@name"/>://<xsl:value-of select="$hostAddress"/>:<xsl:value-of select="@portid"/>
</xsl:attribute>
</xsl:if>
<xsl:if test="service/@name='ms-wbt-server'">
<xsl:attribute name="href">
<xsl:value-of select="$basedir"/>/rdp.php?v=<xsl:value-of select="$hostAddress"/>:<xsl:value-of select="@portid"/>
</xsl:attribute>
</xsl:if>
<xsl:if test="(service/@name='microsoft-ds' or service/@name='netbios-ssn') and ../../hostscript/script[@id='smb-shares-size']/table">
<xsl:attribute name="style">
<xsl:for-each select="$currentHost/hostscript/script[@id='smb-shares-size']/table">
<xsl:sort select="elem[@key='FreeSize'] div elem[@key='TotalSize']" order="ascending"/>
<xsl:if test="position()=1">
<xsl:text>--free: </xsl:text>
<xsl:value-of select="elem[@key='FreeSize']"/>
<xsl:text>; --total: </xsl:text>
<xsl:value-of select="elem[@key='TotalSize']"/>
</xsl:if>
</xsl:for-each>
</xsl:attribute>
</xsl:if>
<xsl:value-of select="service/@name"/>
<div class="detail">
<xsl:choose>
<xsl:when test="@protocol='udp'">U:</xsl:when>
<xsl:otherwise>:</xsl:otherwise>
</xsl:choose>
<xsl:value-of select="@portid"/>
</div>
<xsl:if test="(service/@name='microsoft-ds' or service/@name='netbios-ssn') and ../../hostscript/script[@id='smb-shares-size']/table">
<i class="dropdown icon"></i>
<div class="menu">
<xsl:apply-templates select="$currentHost/hostscript/script[@id='smb-shares-size']/table">
<xsl:with-param name="hostAddress" select="$hostAddress"/>
</xsl:apply-templates>
</div>
</xsl:if>
</a>
</xsl:template>
<xsl:template match="table">
<xsl:param name="hostAddress"/>
<a class="item share-size" href="file://///{$hostAddress}/{@key}" target="_blank" rel="noopener noreferrer" style="--free: {elem[@key='FreeSize']}; --total: {elem[@key='TotalSize']}">
<xsl:value-of select="@key"/>
</a>
</xsl:template>
</xsl:stylesheet>