> You mean this sanity checking?
>
> # sanity check
> if ($query->param('ip_address') =~ /[~`\#\$\!\%\^\&\*()\|\[\]\{\}\:\;\?]/ )
> { print "<H1><tt>Sorry, Try again. </H1>";
> exit;
> }
>
> and then later you call:
>
> $output = `$nmap $ipaddress 2>&1`;
>
> This doesn't look very sufficent to me. For example, the banned chars
> don't include space or '-'. So what is to stop someone from giving an IP
i added the '-' check... its hard to embed a %0D%0A because '%' is already
checked. also added checking for '/'. i'll make the script have clickable
buttons for supporting nmap's options. Most of the code was ripped from a
cgi i wrote a couple years ago that did the same thing. i personally
think a web interface to nmap only enhances the stupidity of the users
using the data it returns. I feel sorry for the users who would rely
soley on such an interface and not understand the workings behind it.
Something else I did, was expand my extensions i've been doing to nmap to
include such things as rpc scanning for rpc services on a given
fingerprint match. Another thing is that if no fingerprints are available
for a given IP, it will try to banner_check port 23 against of list of
predefined OS banners trying to manually figure out the ostype. of course
its trivial to change login banners, a large percentage of hosts are
stock, though. i'm working on regular expression-like syntax in the
wait-for data. what would be cool is if nmap did rpc scanning, threw
it into currenths with structures like struct rpcent, r_name specifically,
versions and ports would be nice also. its about five lines of code to do
this. ;)
later
ajax
Received on Feb 19 1999
Intro
