Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap from PHP script.
From: Teófilo Couto <undertuga () gmail com>
Date: Tue, 15 Feb 2011 15:08:36 +0000

On Tue, 2011-02-15 at 15:45 +0100, Vlatko Kosturjak wrote:
On 02/15/2011 03:12 PM, Daniel Cba. wrote:

hello people
when I run nmap from a php script finds 26 hosts 
 
<?php
$output = shell_exec('nmap -sP 10.101.154.1-255');
echo "<pre>$output</pre>";
?> 
 
Nmap done: 255 IP addresses (26 hosts up) scanned in 8.62 seconds

and from command line finds 104 host
#root>nmap -sP 10.101.154.1-255
 
Nmap done: 255 IP addresses (104 hosts up) scanned in 5.43 seconds

Seems like permission/user rights problem. PHP scripts usually run under
low-privilege user while in command line you're running as root.

Quick fix would be putting setuid on nmap: chmod +s nmap
But, you should be aware of security implications of that. Especially if
you're taking user input from web and forwarding it to nmap (with root
rights!!!). In short, it is security disaster waiting to happen (just
take look at --interactive option description!).

Kost
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


If it is your own code for your own purposes, you can use php-cli @ it,
and launch the script from your own user instead of the handled by the
apache or whatsoever module or cgi!


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault