Compare commits
7 Commits
53679e2098
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| b445d08ce1 | |||
| e2c1c6604e | |||
| a593148c38 | |||
| d45b05941f | |||
| e423273752 | |||
| 0c72ceb620 | |||
| dc8fa57c0f |
34
config.php
34
config.php
@ -1,29 +1,31 @@
|
||||
<?php
|
||||
|
||||
$port = (($_SERVER['REQUEST_SCHEME'] == "http" && $_SERVER['SERVER_PORT'] == 80) || ($_SERVER['REQUEST_SCHEME'] == "https" && $_SERVER['SERVER_PORT'] == 443)) ? "" : ":{$_SERVER['SERVER_PORT']}";
|
||||
$BASEDIR = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}$port" . dirname($_SERVER['SCRIPT_NAME']);
|
||||
$SCANSDIR = 'scans';
|
||||
$NMAPDIR = dirname(`which nmap`) . "/../share/nmap";
|
||||
$DATADIR = "datadir";
|
||||
$SCRIPTARGS = "script-args.ini";
|
||||
$port = (($_SERVER['REQUEST_SCHEME'] == "http" && $_SERVER['SERVER_PORT'] == 80) || ($_SERVER['REQUEST_SCHEME'] == "https" && $_SERVER['SERVER_PORT'] == 443)) ? "" : ":{$_SERVER['SERVER_PORT']}";
|
||||
$BASEDIR = "{$_SERVER['REQUEST_SCHEME']}://{$_SERVER['SERVER_NAME']}$port" . dirname($_SERVER['SCRIPT_NAME']);
|
||||
$SCANSDIR = 'scans';
|
||||
$TEMPLATESDIR = "templates";
|
||||
$NMAP = 'sudo nmap'; # nmap command, E.g. 'nmap', 'sudo nmap' for root privileges or '/usr/bin/nmap' if not in PATH
|
||||
$NMAPDIR = dirname(`which nmap`) . "/../share/nmap";
|
||||
$DATADIR = ".";
|
||||
$SCRIPTARGS = "script-args.ini";
|
||||
|
||||
$presets = [
|
||||
"default" => [
|
||||
'-PS' => 'microsoft-ds',
|
||||
'-F' => true,
|
||||
'-T' => 5,
|
||||
'--stylesheet' => "$BASEDIR/templates/lanScan.xsl",
|
||||
'--stylesheet' => "lanScan",
|
||||
'refreshPeriod' => 60,
|
||||
'sudo' => false,
|
||||
#'sudo' => false,
|
||||
],
|
||||
"host" => [
|
||||
'-Pn' => true,
|
||||
'-F' => true,
|
||||
'-sV' => true,
|
||||
'-T' => 5,
|
||||
'--script' => "http-info,smb-shares-size",
|
||||
'--stylesheet' => "$BASEDIR/templates/hostScan.xsl",
|
||||
'refreshPeriod' => 60,
|
||||
'sudo' => true,
|
||||
'-Pn' => true,
|
||||
'-F' => true,
|
||||
'-sV' => true,
|
||||
'-T' => 5,
|
||||
'--script' => "http-info,smb-shares-size",
|
||||
'--stylesheet' => "hostScan",
|
||||
'refreshPeriod' => 60,
|
||||
#'sudo' => true,
|
||||
],
|
||||
];
|
||||
|
||||
@ -10,7 +10,7 @@ $tempoRegex = '/^\d+[smh]?$/';
|
||||
$fileNameRegex = '/^[^<>:\/|?]+$/';
|
||||
|
||||
$targets = filter_input(INPUT_GET, 'targets', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => $targetsListRegex], "flags" => FILTER_NULL_ON_FAILURE]);
|
||||
$preset = filter_input(INPUT_GET, "preset");
|
||||
$preset = filter_input(INPUT_GET, "preset", FILTER_SANITIZE_STRING);
|
||||
|
||||
if ($preset && isset($presets[$preset])) {
|
||||
$options = $presets[$preset];
|
||||
@ -107,7 +107,7 @@ if ($preset && isset($presets[$preset])) {
|
||||
'-V' => FILTER_VALIDATE_BOOLEAN,
|
||||
'--unprivileged' => FILTER_VALIDATE_BOOLEAN,
|
||||
'-h' => FILTER_VALIDATE_BOOLEAN,
|
||||
'--stylesheet' => FILTER_VALIDATE_URL,
|
||||
'--stylesheet' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $fileNameRegex]],
|
||||
// lanScan
|
||||
'name' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => $fileNameRegex]],
|
||||
'originalURL' => FILTER_VALIDATE_URL,
|
||||
@ -116,6 +116,9 @@ if ($preset && isset($presets[$preset])) {
|
||||
], false) ?: $presets["default"];
|
||||
}
|
||||
|
||||
$options["--datadir"] = $DATADIR;
|
||||
$options["--script-args-file"] = $SCRIPTARGS;
|
||||
|
||||
/*echo "<!--";
|
||||
var_dump($options);
|
||||
echo "-->\n";*/
|
||||
73
index.php
73
index.php
@ -170,10 +170,7 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="title">
|
||||
<i class="icon dropdown"></i>
|
||||
Techniques de scan de ports
|
||||
</div>
|
||||
<div class="title"><i class="icon dropdown"></i>Techniques de scan de ports</div>
|
||||
<div class="content">
|
||||
<div class="field">
|
||||
<div class="fields">
|
||||
@ -269,10 +266,7 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="title">
|
||||
<i class="icon dropdown"></i>
|
||||
Spécifications des ports et ordre du scan
|
||||
</div>
|
||||
<div class="title"><i class="icon dropdown"></i>Spécifications des ports et ordre du scan</div>
|
||||
<div class="content">
|
||||
<div class="inline field">
|
||||
<div class="ui toggle checkbox" title="-sP">
|
||||
@ -569,6 +563,12 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
|
||||
value="<?= $options["--max-scan-delay"] ?? "" ?>">
|
||||
</div>
|
||||
</div>
|
||||
<div class="inline field">
|
||||
<div class="ui toggle checkbox">
|
||||
<input id="defeatRSTRateLimitCheckbox" type="checkbox" name="--defeat-rst-ratelimit" <?= $options['--defeat-rst-ratelimit'] ?? false ? 'checked' : ''; ?> />
|
||||
<label for="defeatRSTRateLimitCheckbox" title="--defeat-rst-ratelimit">Ignorer les limitations de paquets RST</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="title"><i class="icon dropdown"></i>Divers</div>
|
||||
@ -577,14 +577,14 @@ Exemples: <?= $_SERVER['REMOTE_ADDR']; ?>/24 <?= $_SERVER['SERVER_NAME']; ?> 10.
|
||||
<label for="stylesheetSelect" title="--stylesheet">Feuille de style</label>
|
||||
<select id="stylesheetSelect" class="ui dropdown" name="--stylesheet" value="<?= $options["--stylesheet"] ?? ""?>">
|
||||
<?php
|
||||
foreach (scandir('templates') as $filename) {
|
||||
foreach (scandir($TEMPLATESDIR) as $filename) {
|
||||
if (substr($filename, -4) === '.xsl') {
|
||||
$name = substr($filename, 0, -4);
|
||||
$URL = "$BASEDIR/templates/".rawurlencode($filename);
|
||||
if (isset($options["--stylesheet"]) && $URL == $options["--stylesheet"]) {
|
||||
echo " <option value='$URL' selected>$name</option>\n";
|
||||
#$URL = rawurlencode($filename);
|
||||
if (isset($options["--stylesheet"]) && $name == $options["--stylesheet"]) {
|
||||
echo " <option value='$name' selected>$name</option>\n";
|
||||
} else {
|
||||
echo " <option value='$URL'>$name</option>\n";
|
||||
echo " <option value='$name'>$name</option>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -593,19 +593,19 @@ foreach (scandir('templates') as $filename) {
|
||||
</div>
|
||||
|
||||
<div class="field">
|
||||
<label for="originalURLSelect">Comparer avec un précédent scan</label>
|
||||
<select id="originalURLSelect" class="ui clearable dropdown" name="originalURL" value="<?= $options["originalURL"] ?? "" ?>">
|
||||
<label for="originalSelect">Comparer avec un précédent scan</label>
|
||||
<select id="originalSelect" class="ui clearable dropdown" name="original" value="<?= $options["original"] ?? "" ?>">
|
||||
<option value="">Précédent scan</option>
|
||||
<?php
|
||||
if (!file_exists($SCANSDIR)) mkdir($SCANSDIR);
|
||||
foreach (scandir($SCANSDIR) as $filename) {
|
||||
if (substr($filename, -4) === '.xml') {
|
||||
$name = substr($filename, 0, -4);
|
||||
$URL = "$BASEDIR/$SCANSDIR/".rawurlencode($filename);
|
||||
if (isset($options["originalURL"]) && $URL == $options["originalURL"]) {
|
||||
echo " <option value='$URL' selected>$name</option>\n";
|
||||
#$URL = "$BASEDIR/$SCANSDIR/".rawurlencode($filename);
|
||||
if (isset($options["original"]) && $name == $options["original"]) {
|
||||
echo " <option value='$name' selected>$name</option>\n";
|
||||
} else {
|
||||
echo " <option value='$URL'>$name</option>\n";
|
||||
echo " <option value='$name'>$name</option>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -621,13 +621,14 @@ foreach (scandir($SCANSDIR) as $filename) {
|
||||
<div class="ui label">secondes</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!--
|
||||
<div class="inline field">
|
||||
<div class="ui toggle checkbox">
|
||||
<input id="sudoCheckbox" type="checkbox" name="sudo" <?= $options["sudo"] ?? false ? 'checked' : ''; ?>/>
|
||||
<label for="sudoCheckbox" title="sudo">Exécuter en tant qu'administrateur</label>
|
||||
</div>
|
||||
</div>
|
||||
-->
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -641,23 +642,18 @@ foreach (scandir($SCANSDIR) as $filename) {
|
||||
<button type="submit" class="ui teal submit button">Démarrer</button>
|
||||
</form>
|
||||
|
||||
<h2 class="ui header">Scans enregistrés</h1>
|
||||
<div class="ui large relaxed card">
|
||||
<div class="content">
|
||||
<div class="ui divided link list">
|
||||
<?php
|
||||
if (!file_exists($SCANSDIR)) {
|
||||
mkdir($SCANSDIR);
|
||||
}
|
||||
foreach (scandir($SCANSDIR) as $filename) {
|
||||
if (substr($filename, -4) == '.xml') {
|
||||
$name = str_replace('!', '/', substr_replace($filename, '', -4));
|
||||
echo "<a class='item' href='$SCANSDIR/".rawurlencode($filename)."'>$name</a>\n";
|
||||
<h2 class="ui header">Scans enregistrés</h2>
|
||||
<div class="ui link list">
|
||||
<?php
|
||||
if (file_exists($SCANSDIR)) {
|
||||
foreach (scandir($SCANSDIR) as $filename) {
|
||||
if (substr($filename, -4) == '.xml') {
|
||||
$name = str_replace('!', '/', substr_replace($filename, '', -4));
|
||||
echo "<a class='item' href='$SCANSDIR/".rawurlencode($filename)."'>$name</a>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</main>
|
||||
|
||||
@ -767,6 +763,15 @@ foreach ([$DATADIR, $NMAPDIR] as $dir) {
|
||||
newScanForm.onsubmit = function(event) {
|
||||
if (this.checkValidity()) {
|
||||
newScanForm.classList.add("loading")
|
||||
$.toast({
|
||||
title : 'Scan en cours...',
|
||||
message : 'Merci de patienter',
|
||||
class : 'info',
|
||||
showIcon : 'satellite dish',
|
||||
displayTime: 0,
|
||||
closeIcon : true,
|
||||
position : 'bottom right',
|
||||
})
|
||||
return true
|
||||
} else {
|
||||
event.preventDefault()
|
||||
|
||||
62
scan.php
62
scan.php
@ -3,12 +3,18 @@
|
||||
include_once 'config.php';
|
||||
include_once 'filter_inputs.php';
|
||||
|
||||
$options["--datadir"] = $DATADIR;
|
||||
$options["--script-args-file"] = $SCRIPTARGS;
|
||||
$options["--stylesheet"] = "$BASEDIR/$TEMPLATESDIR/${options["--stylesheet"]}.xsl#";
|
||||
if (isset($options["name"])) {
|
||||
$options["--stylesheet"] .= "name=" . rawurlencode($options["name"]) . "&";
|
||||
}
|
||||
if (isset($options["original"])) {
|
||||
$options["--stylesheet"] .= "original=" . rawurlencode($options["original"]) . "&";
|
||||
}
|
||||
if (isset($options["refreshPeriod"])) {
|
||||
$options["--stylesheet"] .= "refreshPeriod={$options["refreshPeriod"]}&";
|
||||
}
|
||||
|
||||
if (!file_exists($SCANSDIR)) mkdir($SCANSDIR);
|
||||
|
||||
$command = ($options["sudo"]?? false ? "sudo " : "") . "nmap";
|
||||
$args = "";
|
||||
foreach ($options as $option => $value) {
|
||||
if (substr($option, 0, 1) == '-') {
|
||||
if (is_null($value)) {
|
||||
@ -18,47 +24,25 @@ foreach ($options as $option => $value) {
|
||||
die();
|
||||
} else if ($value) {
|
||||
if ($value === true) {
|
||||
$command .= " $option";
|
||||
$args .= " $option";
|
||||
} else {
|
||||
if (substr($option, 0, 2) == '--') $command .= " $option " . escapeshellarg($value);
|
||||
else $command .= " $option" . escapeshellarg($value);
|
||||
if (substr($option, 0, 2) == '--') $args .= " $option " . escapeshellarg($value);
|
||||
else $args .= " $option" . escapeshellarg($value);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$tempPath = tempnam(sys_get_temp_dir(), 'scan_').".xml";
|
||||
|
||||
$command .= " -oX '$tempPath' $targets 2>&1";
|
||||
$command = "$NMAP $args -oX - $targets";
|
||||
|
||||
exec($command, $stderr, $retcode);
|
||||
|
||||
if ($retcode) {
|
||||
http_response_code(500);
|
||||
$errorMessage = implode("<br/>\n", $stderr);
|
||||
include_once ".";
|
||||
die();
|
||||
}
|
||||
|
||||
$xml = new DOMDocument();
|
||||
$xml->load($tempPath);
|
||||
`rm "$tempPath"`;
|
||||
|
||||
$thisURL = $options["name"]?? false ? "$BASEDIR/$SCANSDIR/".rawurlencode($options["name"]).".xml" : "";
|
||||
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='thisURL' value='".htmlentities($thisURL, ENT_QUOTES)."'"), $xml->documentElement);
|
||||
foreach ($options as $option => $value) {
|
||||
if (substr($option, 0, 1) != '-') {
|
||||
$xml->insertBefore($xml->createProcessingInstruction('xslt-param', "name='$option' value='".htmlentities($value, ENT_QUOTES)."'"), $xml->documentElement);
|
||||
}
|
||||
}
|
||||
|
||||
if ($options["name"] ?? false) {
|
||||
if (isset($options["name"])) {
|
||||
if (!file_exists($SCANSDIR)) mkdir($SCANSDIR);
|
||||
$path = "$SCANSDIR/{$options["name"]}.xml";
|
||||
$xml->save($path);
|
||||
|
||||
header("Location: $path");
|
||||
exit();
|
||||
} else {
|
||||
header('Content-type: text/xml');
|
||||
exit($xml->saveXML());
|
||||
$command .= " | tee '$path'";
|
||||
}
|
||||
|
||||
header('Content-type: text/xml');
|
||||
system($command, $retcode);
|
||||
|
||||
exit();
|
||||
|
||||
0
script-args.ini
Normal file
0
script-args.ini
Normal file
@ -12,6 +12,10 @@ main {
|
||||
min-height: calc(100vh - var(--footer-height) - 1rem)
|
||||
}
|
||||
|
||||
h1:first-child, h2:first-child, h3:first-child, h4:first-child, h5:first-child, .ui.header:first-child {
|
||||
margin-top: 1rem;
|
||||
}
|
||||
|
||||
svg {
|
||||
margin: -0.3em -0.5em -0.5em -0.4em;
|
||||
fill: currentColor;
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
<xsl:param name="sudo" select="false"/>
|
||||
|
||||
<xsl:variable name="current" select="./nmaprun"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'),'"')"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'), '?')"/>
|
||||
<xsl:variable name="basedir" select="concat($stylesheetURL, '/../..')"/>
|
||||
<xsl:variable name="init" select="document($originalURL)/nmaprun"/>
|
||||
<xsl:variable name="nextComparison">
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
<xsl:param name="sudo" select="false"/>
|
||||
|
||||
<xsl:variable name="current" select="./nmaprun"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'),'"')"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'), '?')"/>
|
||||
<xsl:variable name="basedir" select="concat($stylesheetURL, '/../..')"/>
|
||||
<xsl:variable name="init" select="document($originalURL)/nmaprun"/>
|
||||
<xsl:variable name="nextComparison">
|
||||
@ -51,7 +51,7 @@
|
||||
<xsl:with-param name="sudo" select="$sudo"/>
|
||||
</xsl:apply-templates>
|
||||
|
||||
<main class="ui container">
|
||||
<main class="ui wide container">
|
||||
<h1 class="ui header"><xsl:value-of select="$targets"/></h1>
|
||||
|
||||
<div class="form">
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
<xsl:param name="sudo" select="false"/>
|
||||
|
||||
<xsl:variable name="current" select="./nmaprun"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'),'"')"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'), '?')"/>
|
||||
<xsl:variable name="basedir" select="concat($stylesheetURL, '/../..')"/>
|
||||
<xsl:variable name="init" select="document($originalURL)/nmaprun"/>
|
||||
<xsl:variable name="nextComparison">
|
||||
|
||||
@ -16,10 +16,10 @@
|
||||
<xsl:param name="thisURL" select=""/>
|
||||
<xsl:param name="originalURL" select=""/>
|
||||
<xsl:param name="refreshPeriod" select="0"/>
|
||||
<xsl:param name="sudo" select="false"/>
|
||||
<xsl:param name="sudo" select="false()"/>
|
||||
|
||||
<xsl:variable name="current" select="./nmaprun"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'),'"')"/>
|
||||
<xsl:variable name="stylesheetURL" select="substring-before(substring-after(processing-instruction('xml-stylesheet'),'href="'), '?')"/>
|
||||
<xsl:variable name="basedir" select="concat($stylesheetURL, '/../..')"/>
|
||||
<xsl:variable name="init" select="document($originalURL)/nmaprun"/>
|
||||
<xsl:variable name="nextComparison">
|
||||
@ -31,7 +31,7 @@
|
||||
</xsl:variable>
|
||||
|
||||
<xsl:template match="nmaprun">
|
||||
<xsl:variable name="targets" select="substring-after(@args, '.xml ')"/>
|
||||
<xsl:variable name="targets" select="substring-after(@args, '-oX - ')"/>
|
||||
|
||||
<html lang="fr">
|
||||
<xsl:apply-templates select="." mode="head">
|
||||
@ -61,7 +61,7 @@
|
||||
<th>Adresse IP</th>
|
||||
<th>Nom</th>
|
||||
<th>Fabricant</th>
|
||||
<th class="eight wide">Services</th>
|
||||
<th class="six wide">Services</th>
|
||||
<th>Scanner les services</th>
|
||||
</tr>
|
||||
</thead>
|
||||
@ -177,7 +177,7 @@ function hostScanning(link) {
|
||||
<xsl:attribute name="href">
|
||||
<xsl:value-of select="$basedir"/>
|
||||
<xsl:text>/scan.php?preset=host&targets=</xsl:text>
|
||||
<xsl:value-of select="$hostAddress"/>
|
||||
<xsl:value-of select="address/@addr"/>
|
||||
</xsl:attribute>
|
||||
<i class="satellite dish icon"></i>
|
||||
<xsl:text> Services</xsl:text>
|
||||
@ -186,7 +186,7 @@ function hostScanning(link) {
|
||||
<xsl:attribute name="href">
|
||||
<xsl:value-of select="$basedir"/>
|
||||
<xsl:text>/?preset=host&targets=</xsl:text>
|
||||
<xsl:value-of select="$hostAddress"/>
|
||||
<xsl:value-of select="address/@addr"/>
|
||||
</xsl:attribute>
|
||||
<i class="settings icon"></i>
|
||||
</a>
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
<xsl:if test="finished/@summary">
|
||||
$.toast({
|
||||
title : '<xsl:value-of select="finished/@exit"/>',
|
||||
message : '<xsl:value-of select="finished/@summary"/>',
|
||||
message : `<xsl:value-of select="finished/@summary"/>`,
|
||||
showIcon : 'satellite dish',
|
||||
displayTime: 0,
|
||||
closeIcon : true,
|
||||
@ -20,7 +20,7 @@ $.toast({
|
||||
<xsl:if test="finished/@errormsg">
|
||||
$.toast({
|
||||
title : '<xsl:value-of select="finished/@exit"/>',
|
||||
message : '<xsl:value-of select="finished/@errormsg"/>',
|
||||
message : `<xsl:value-of select="finished/@errormsg"/>`,
|
||||
showIcon : 'exclamation triangle',
|
||||
class : 'error',
|
||||
displayTime: 0,
|
||||
|
||||
Reference in New Issue
Block a user