Nmap Announce mailing list archives
Re: nmap..... via web
From: HD Moore <hdmoore () usa net>
Date: Fri, 19 Feb 1999 15:09:28 -0600
Fyodor wrote:
On Thu, 18 Feb 1999, ajax wrote:anyway, www.mobis.com/ajax/code/nmap/webmap.cgi is my seven minute rendering of what i think it should look like, complete with sanity checking of the user input variable,You mean this sanity checking? # sanity check if ($query->param('ip_address') =~ /[~`\#\$\!\%\^\&\*()\|\[\]\{\}\:\;\?]/ ) { print "<H1><tt>Sorry, Try again. </H1>"; exit; }
A much safer method would be to call gethostbyname() on the submitted hostname/ip, check the results to make sure it resolved, and then feed it to nmap via a pipe or one of the multiple argument varieties of exec(). Using a mktemp call to create a temporary output file for the results (machine or normal format) would remove the risk of overwriting a system file. The output file could be passed through an nlog conversion script, then sent through the nlog CGI to show the results of the scan along with a method to query services for more information. If I get the time, I will write a few scripts to manage this, but it wouldnt be for at least another week. -HD
Current thread:
- Re: nmap..... via web, (continued)
- Re: nmap..... via web Andrew Brown (Feb 18)
- Re: nmap..... via web ajax (Feb 18)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web David G. Andersen (Feb 19)
- Re: nmap..... via web Lamont Granquist (Feb 19)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web Lars Marowsky-Bree (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web Simple Nomad (Feb 19)
- Re: nmap..... via web HD Moore (Feb 19)
- Re: nmap..... via web ajax (Feb 18)