Penetration Testing mailing list archives

Re: run nmap automatically from index.html (??)

From: securityfocus () rawchaos com
Date: Wed, 16 Nov 2011 11:16:49 -0500

If you can modify the source for the website, you can add something like this with PHP at the end of the page:

<?php
passthru("/path/to/nmap <args> " . $_SERVER['REMOTE_ADDR'] . " >> /path/to/log_file.log 2>&1 &");
?>

It is important to note that "2>&1 &" allows this command to be backgrounded so PHP will not wait for this command to 
finish before rendering the page and closing.  Also if you are behind a proxy you might have to use something like 
$_SERVER["HTTP_X_FORWARDED_FOR"] instead.

If modifying the source of the page is out of the question, I would avoid scanning the logs as there's no guarantee of 
when apache will flush logs to disk (it does not happen in real time).  It would probably work just fine, but if you 
are going to write a log scraping service anyway, I'd sooner write an apache2 module or use mod_perl to hook 
EXEC_ON_READ or similar.

-a


On Wed, Nov 16, 2011 at 02:09:37PM +0000, Kathy Simm wrote:


We are doing a pen test for a small company and wish to automate some things.  We have a website inside their 
Intranet that
when employees scan or visit it  we'd like to nmap the box they came from  trying to see if anyone hooks up an 
authorized computer to their intranet. Any ideas of how to get=
 nmap to run automatically?

Getting a perl script to run nmap is already done but I'm trying to figure out whether we should monitor the libpcap 
data or the  apache log files
etc.  I'm sure someone else has done this already - can you share some ideas?                                         
  
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

run nmap automatically from index.html (??) Kathy Simm (Nov 16)
- Re: run nmap automatically from index.html (??) John Mason Jr (Nov 16)
- Re: run nmap automatically from index.html (??) Guillaume Friloux (Nov 16)
- Re: run nmap automatically from index.html (??) Justin Rogosky (Nov 16)
  - Re: run nmap automatically from index.html (??) Sarah Loyd (Nov 16)
- RE: run nmap automatically from index.html (??) Kettlewell, Nate (Kansas City) (Nov 16)
- Re: run nmap automatically from index.html (??) securityfocus (Nov 16)
  - Re: run nmap automatically from index.html (??) Daniel Miller (Nov 16)
- Re: run nmap automatically from index.html (??) Mihai Nitulescu (Nov 16)
- RE: run nmap automatically from index.html (??) Ward, Jon (Nov 16)
  - RE: run nmap automatically from index.html (??) Ward, Jon (Nov 17)
  - Re: run nmap automatically from index.html (??) arvind doraiswamy (Nov 17)