Nmap Announce mailing list archives
Re: nmap..... via web
From: ajax <ajax () mobis com>
Date: Fri, 19 Feb 1999 14:05:27 -0600 (EST)
You mean this sanity checking? # sanity check if ($query->param('ip_address') =~ /[~`\#\$\!\%\^\&\*()\|\[\]\{\}\:\;\?]/ ) { print "<H1><tt>Sorry, Try again. </H1>"; exit; } and then later you call: $output = `$nmap $ipaddress 2>&1`; This doesn't look very sufficent to me. For example, the banned chars don't include space or '-'. So what is to stop someone from giving an IP
i added the '-' check... its hard to embed a %0D%0A because '%' is already checked. also added checking for '/'. i'll make the script have clickable buttons for supporting nmap's options. Most of the code was ripped from a cgi i wrote a couple years ago that did the same thing. i personally think a web interface to nmap only enhances the stupidity of the users using the data it returns. I feel sorry for the users who would rely soley on such an interface and not understand the workings behind it. Something else I did, was expand my extensions i've been doing to nmap to include such things as rpc scanning for rpc services on a given fingerprint match. Another thing is that if no fingerprints are available for a given IP, it will try to banner_check port 23 against of list of predefined OS banners trying to manually figure out the ostype. of course its trivial to change login banners, a large percentage of hosts are stock, though. i'm working on regular expression-like syntax in the wait-for data. what would be cool is if nmap did rpc scanning, threw it into currenths with structures like struct rpcent, r_name specifically, versions and ports would be nice also. its about five lines of code to do this. ;) later ajax
Current thread:
- install fails. Jeffrey Roberson (Volt Computer) (Feb 18)
- nmap..... via web Erik Parker (Feb 18)
- Re: nmap..... via web MadHat (Feb 18)
- Re: nmap..... via web Andrew Brown (Feb 18)
- Re: nmap..... via web ajax (Feb 18)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web David G. Andersen (Feb 19)
- Re: nmap..... via web Lamont Granquist (Feb 19)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web Lars Marowsky-Bree (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web MadHat (Feb 18)
- Re: nmap..... via web Simple Nomad (Feb 19)
- nmap..... via web Erik Parker (Feb 18)
- Re: nmap..... via web HD Moore (Feb 19)
- Re: nmap..... via web ajax (Feb 18)