Version: 1.0
Type: Full Script
Category: Networking
License: GNU General Public License
Description: A useful and easy to use frontend for the popular network scanner NMAP. It saves you from having to type tedious command lines etc. requires NMAP (doh!)
<?php /* HTML/PHP interface for NMAP. by Testic. [email protected] www.testic.co.uk < I may start putting PHP scripts here one day. */ $version = "1.0"; // This version :) /* Set the default settings. */ $message = ""; // Message to be displayed when form is posted. $target_host = "127.0.0.1"; // Target for scan. $target_ports = "1-2048"; // Target port range. $source_port = ""; // Source port for scans. $bounce_on = false; // Do FTP bounce? No. $bounce_host = ""; // Target host for FTP bounce. $scantype = "sT"; // Scan type to connect(); $ping_options = "P0"; // Don't ping hosts. $os = true; // Do OS detection? May as well. $ident = false; // Reverse ident scan. $frag = false; // Fragment certain scan types? $fast = false; // Only scan ports in 'services', ie, well known ports. $max_sock = "256"; // Maximum sockets to use for scan. $custom_timing = "preset"; // Use preset or custom timings? $host_timeout = "60000"; // Ms to time out host. $max_probe = "9000"; // Max probe timeout (ms). $min_probe = "1000"; // Min probe timeout (ms). $max_hosts = "128"; // Probe parallelism. $probe_delay = "1"; // Min delay between probes (ms). $timing = "3"; // General timing, 'Normal'. $addition = "-v"; // Any additional arguments. /* Grab and parse POST variables. */ if (count($_POST) != 0) { if ($_POST['target_host']) { $target_host = $_POST['target_host']; } else { $message .= "No host specified, using default.<br>"; } $target_ports = $_POST['target_ports']; if ($_POST['fast']) { $fast = true; } else { $fast = false; } if ($target_ports != "" && $fast) { $message .= "Port range and 'fast' specified, using port range.<br>"; $fast = false; } if ($target_ports == "" && !$fast) { $message .= "No port range or 'fast' specified, using 'fast' scan.<br>"; $fast = true; } if ($_POST['source_port']) { $source_port = $_POST['source_port']; } if ($_POST['bounce_on']) { $bounce_on = true; } if ($_POST['bounce_host']) { $bounce_host = $_POST['bounce_host']; } if ($bounce_on && $bounce_host == "") { $message .= "No FTP bounce host specified, ignoring.<br>"; $bounce_on = false; } $scantype = $_POST['scantype']; $ping_options = $_POST['ping_options']; if ($_POST['os']) { $os = true; } else { $os = false; } if ($_POST['ident']) { $ident = true; } else { $ident = false; } if ($_POST['frag']) { $frag = true; } else { $frag = false; } $max_sock = $_POST['max_sock']; if ($max_sock == "0") { $message .= "Silly value given for 'Max socket', using a sensible value.<br>"; $max_sock = "30"; } $custom_timing = $_POST['custom_timing']; $host_timeout = $_POST['host_timeout']; if ($_POST['max_probe']) { $max_probe = $_POST['max_probe']; } if ($_POST['min_probe']) { $min_probe = $_POST['min_probe']; } $max_hosts = $_POST['max_hosts']; if ($_POST['probe_delay']) { $probe_delay = $_POST['probe_delay']; } if ($custom_timing == "custom") { // Parse user timing info. if (!$max_hosts || $max_hosts == "0") { $message .= "Silly value given for 'max parallel hosts', using a sensible value.<br>"; $max_hosts = "2"; } if ($host_timeout < 10) { $message .= "Silly value given for 'Host timeout', using a sensible value.<br>"; $host_timeout = "2000"; } } $timing = $_POST['timing']; $addition = $_POST['addition']; } /* Parse command line. */ if (count($_POST) != 0 && $_POST['Submit']) { echo str_repeat(" ", 512); $commandline = "$target_host "; if ($target_ports) { $commandline .= "-p $target_ports "; } if ($source_port) { $commandline .= "-g $source_port "; } if ($bounce_on) { $commandline .= "-b $bounce_host "; } $commandline .= "-".$scantype." "; $commandline .= "-".$ping_options." "; if ($os) { $commandline .= "-O "; } if ($ident) { $commandline .= "-I "; } if ($frag) { $commandline .= "-f "; } if ($fast) { $commandline .= "-F "; } if ($max_sock) { $commandline .= "-M $max_sock "; } if ($custom_timing == "preset") { // Use preset timing modes. $commandline .= "-T $timing "; } else { // Use custom timing. $commandline .= "--host_timeout $host_timeout "; $commandline .= "--max_rtt_timeout $max_probe "; $commandline .= "--min_rtt_timeout $min_probe "; $commandline .= "--max_parallelism $max_hosts "; $commandline .= "--scan_delay $probe_delay "; } if ($addition) { // Optional extra switches. $commandline .= "$addition "; } if ($message) { echo "<font color="red">"; echo stripslashes($message); echo "</font>n"; } echo "command line "nmap $commandline".""<br>"; flush(); echo "<textarea name="textfield" cols="80" rows="20" wrap="VIRTUAL">n"; system("nohup nmap $commandline &"); echo "</textarea>n"; flush(); } ?> <html> <head> <title>NMAP</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000" link="#000000" vlink="#000000" alink="#000000"> <form action="nmap.php" method="post"> <table cellspacing="0" cellpadding="3" bgcolor="#CCCCCC"> <tr> <td height="20"> </td> <td height="20"><font color="#999999">Nmap frontend v<?php echo $version; ?></font></td> <td height="20"> </td> </tr> <tr> <td width="20"> </td> <td> <table width="100%" border="1" cellspacing="0" cellpadding="3"> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><b>Target options</b>:</td> <td width="10"> </td> <td align="right" valign="middle">Host:</td> <td align="left" valign="middle"> <input type="text" name="target_host" size="18" maxlength="50" value="<?php echo $target_host; ?>"> </td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle">Port range: </td> <td align="left" valign="middle"> <input type="text" name="target_ports" value="<?php echo $target_ports; ?>" size="6" maxlength="12"> </td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle">Source port:</td> <td align="left" valign="middle"> <input type="text" name="source_port" size="4" maxlength="6" value="<?php echo $source_port; ?>"> </td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="checkbox" name="bounce_on" value="1" <?php if ($bounce_on) { echo "checked";} ?>> FTP Bounce: </td> <td align="left" valign="middle"> <input type="text" name="bounce_host" value="<?php echo $bounce_host; ?>"> </td> </tr> </table> </td> </tr> </table> </td> <td width="20"> </td> </tr> <tr> <td width="20"> </td> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="2" align="left" valign="top"> <table border="1" cellspacing="0" cellpadding="3"> <tr> <td> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td> <p><b>Scan type:</b></p> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sS" <?php if ($scantype == "sS") { echo "checked"; } ?>> </td> <td align="left" valign="middle">SYN </td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sT" <?php if ($scantype == "sT") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Connect()</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sF" <?php if ($scantype == "sF") { echo "checked"; } ?>> </td> <td align="left" valign="middle">FIN</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sX" <?php if ($scantype == "sX") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Xmas</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sN" <?php if ($scantype == "sN") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Null</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sP" <?php if ($scantype == "sP") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Ping</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sU" <?php if ($scantype == "sU") { echo "checked"; } ?>> </td> <td align="left" valign="middle">UDP</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sO" <?php if ($scantype == "sO") { echo "checked"; } ?>> </td> <td align="left" valign="middle">IP protocol</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sA" <?php if ($scantype == "sA") { echo "checked"; } ?>> </td> <td align="left" valign="middle">ACK</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sW" <?php if ($scantype == "sW") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Window</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sR" <?php if ($scantype == "sR") { echo "checked"; } ?>> </td> <td align="left" valign="middle">RPC</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="scantype" value="sL" <?php if ($scantype == "sL") { echo "checked"; } ?>> </td> <td align="left" valign="middle">List</td> </tr> </table> </td> </tr> </table> </td> <td valign="top"> <table border="1" cellspacing="0" cellpadding="3"> <tr> <td> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td> <p><b>Ping options:</b></p> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="ping_options" value="P0" <?php if ($ping_options == "P0") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Dont ping.</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="ping_options" value="PT"<?php if ($ping_options == "PT") { echo "checked"; } ?>> </td> <td align="left" valign="middle">TCP ping</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="ping_options" value="PS" <?php if ($ping_options == "PS") { echo "checked"; } ?>> </td> <td align="left" valign="middle">SYN</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="ping_options" value="PI" <?php if ($ping_options == "PI") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Echo Req</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="ping_options" value="PP" <?php if ($ping_options == "PP") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Timestamp req</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="ping_options" value="PM" <?php if ($ping_options == "PM") { echo "checked"; } ?>> </td> <td align="left" valign="middle">Netmask req</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="radio" name="ping_options" value="PB" <?php if ($ping_options == "PB") { echo "checked"; } ?>> </td> <td align="left" valign="middle">ACK + echo req.</td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="bottom" align="right"> <table border="1" cellspacing="0" cellpadding="3" width="100%"> <tr> <td> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td> <p><b>Misc options:</b></p> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="checkbox" name="os" value="1" <?php if ($os) { echo "checked"; } ?>> </td> <td align="left" valign="middle">OS Detect</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="checkbox" name="ident" value="1" <?php if ($ident) { echo "checked"; } ?>> </td> <td align="left" valign="middle">Reverse Ident.</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="checkbox" name="frag" value="1" <?php if ($frag) { echo "checked"; } ?>> </td> <td align="left" valign="middle">Fragment</td> </tr> <tr> <td> </td> <td width="10"> </td> <td align="right" valign="middle"> <input type="checkbox" name="fast" value="1" <?php if ($fast) { echo "checked"; } ?>> </td> <td align="left" valign="middle">Fast scan</td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> <td width="20"> </td> </tr> <tr> <td width="20"> </td> <td> <table width="100%" border="1" cellspacing="0" cellpadding="3"> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><b>Timing options:</b></td> <td width="10" align="left" valign="middle"> </td> <td align="right" valign="middle">Max Sockets</td> <td align="left" valign="middle"> <input type="text" name="max_sock" size="6" maxlength="6" value="<?php echo $max_sock; ?>"> </td> </tr> <tr> <td colspan="4"> <table width="100%" border="1" cellspacing="0" cellpadding="0" bordercolorlight="#CCCCCC" bordercolordark="#999999"> <tr valign="top"> <td align="right"> Custom <input type="radio" name="custom_timing" value="custom" <?php if ($custom_timing != "preset") { echo "checked"; } ?>> <br> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td>Host timeout (ms)</td> <td width="10" align="left" valign="middle"> <input type="text" name="host_timeout" size="8" maxlength="8" value="<?php echo $host_timeout; ?>"> </td> </tr> <tr> <td>Max probe time (ms)</td> <td width="10" align="left" valign="middle"> <input type="text" name="max_probe" size="6" maxlength="6" value="<?php echo $max_probe; ?>"> </td> </tr> <tr> <td>Min probe time (ms)</td> <td width="10" align="left" valign="middle"> <input type="text" name="min_probe" size="6" maxlength="6" value="<?php echo $min_probe; ?>"> </td> </tr> <tr> <td>Max parallel probes</td> <td width="10" align="left" valign="middle"> <input type="text" name="max_hosts" size="4" maxlength="4" value="<?php echo $max_hosts; ?>"> </td> </tr> <tr> <td>Min probe delay (ms)</td> <td width="10" align="left" valign="middle"> <input type="text" name="probe_delay" size="5" maxlength="5" value="<?php echo $probe_delay; ?>"> </td> </tr> </table> </td> <td align="left"> <input type="radio" name="custom_timing" value="preset" <?php if ($custom_timing != "custom") { echo "checked"; } ?>> Preset<br> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="right" valign="middle">General timing:</td> <td align="left" valign="middle"> <input type="radio" name="timing" value="0" <?php if ($timing == "0") { echo "checked"; } ?>> Paranoid </td> </tr> <tr> <td align="right" valign="middle"> </td> <td align="left" valign="middle"> <input type="radio" name="timing" value="1" <?php if ($timing == "1") { echo "checked"; } ?>> Sneaky </td> </tr> <tr> <td align="right" valign="middle"> </td> <td align="left" valign="middle"> <input type="radio" name="timing" value="2" <?php if ($timing == "2") { echo "checked"; } ?>> Polite </td> </tr> <tr> <td align="right" valign="middle"> </td> <td align="left" valign="middle"> <input type="radio" name="timing" value="3" <?php if ($timing == "3") { echo "checked"; } ?>> Normal </td> </tr> <tr> <td align="right" valign="middle"> </td> <td align="left" valign="middle"> <input type="radio" name="timing" value="4" <?php if ($timing == "4") { echo "checked"; } ?>> Aggresive </td> </tr> <tr> <td align="right" valign="middle"> </td> <td align="left" valign="middle"> <input type="radio" name="timing" value="5" <?php if ($timing == "5") { echo "checked"; } ?>> Insane </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> <td width="20"> </td> </tr> <tr> <td width="20"> </td> <td>Additional arguments: <input type="text" name="addition" value="<?php echo $addition; ?>"> </td> <td width="20"> </td> </tr> <tr> <td width="20"> </td> <td> <input type="submit" name="Submit" value="Scan"> <a href="nmap.php">Reset</a> </td> <td width="20"> </td> </tr> </table> </form> </body> </html>
