{"id":1299,"date":"2016-06-12T16:14:20","date_gmt":"2016-06-12T15:14:20","guid":{"rendered":"http:\/\/www.phillips321.co.uk\/?p=1299"},"modified":"2016-06-12T23:00:41","modified_gmt":"2016-06-12T22:00:41","slug":"php-nmap-scan-page","status":"publish","type":"post","link":"https:\/\/www.phillips321.co.uk\/2016\/06\/12\/php-nmap-scan-page\/","title":{"rendered":"PHP NMAP Scan Page"},"content":{"rendered":"<p>So I got thinking this weekend that I wanted a simple service to allow me to port scan myself from a remote location. I decided I could SSH on to a box but then i&#8217;d need to transmit creds etc&#8230; as such I quickly coded up some PHP to allow me to scan what ever IP address my request is coming from. I&#8217;ve used a server side variable for this to prevent any client abuse \ud83d\ude09<\/p>\n<p>The code was pretty simple to write in PHP, however, it was a nightmare trying to ensure the PHP buffer would allow the page to dynamically update.<\/p>\n<p>Here&#8217;s the code:<\/p>\n<div class=\"codecolorer-container php vibrant\" style=\"overflow:auto;white-space:nowrap;width:100%;height:300px;\"><table cellspacing=\"0\" cellpadding=\"0\"><tbody><tr><td class=\"line-numbers\"><div>1<br \/>2<br \/>3<br \/>4<br \/>5<br \/>6<br \/>7<br \/>8<br \/>9<br \/>10<br \/>11<br \/>12<br \/>13<br \/>14<br \/>15<br \/>16<br \/>17<br \/>18<br \/>19<br \/>20<br \/>21<br \/>22<br \/>23<br \/>24<br \/>25<br \/>26<br \/>27<br \/>28<br \/>29<br \/>30<br \/>31<br \/>32<br \/>33<br \/>34<br \/>35<br \/>36<br \/>37<br \/>38<br \/>39<br \/>40<br \/>41<br \/>42<br \/>43<br \/>44<br \/>45<br \/>46<br \/>47<br \/>48<br \/>49<br \/>50<br \/>51<br \/>52<br \/>53<br \/><\/div><\/td><td><div class=\"php codecolorer\"><span class=\"kw2\">&lt;?php<\/span><br \/>\n<a href=\"http:\/\/www.php.net\/ini_set\"><span class=\"kw3\">ini_set<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st_h\">'zlib.output_compression'<\/span><span class=\"sy0\">,<\/span> <span class=\"kw4\">false<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"co1\">\/\/ Turn off PHP output compression<\/span><br \/>\n<span class=\"kw1\">while<\/span> <span class=\"br0\">&#40;<\/span><span class=\"sy0\">@<\/span><a href=\"http:\/\/www.php.net\/ob_end_flush\"><span class=\"kw3\">ob_end_flush<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"co1\">\/\/Flush (send) the output buffer and turn off output buffering<\/span><br \/>\n<a href=\"http:\/\/www.php.net\/ini_set\"><span class=\"kw3\">ini_set<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st_h\">'implicit_flush'<\/span><span class=\"sy0\">,<\/span> <span class=\"kw4\">true<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"co1\">\/\/ Implicitly flush the buffer(s)<\/span><br \/>\n<a href=\"http:\/\/www.php.net\/ob_implicit_flush\"><span class=\"kw3\">ob_implicit_flush<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"kw4\">true<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"co1\">\/\/ Implicitly flush the buffer(s)<\/span><br \/>\n<a href=\"http:\/\/www.php.net\/set_time_limit\"><span class=\"kw3\">set_time_limit<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"nu0\">0<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"co1\">\/\/Set this so PHP doesn't timeout during a long stream <\/span><br \/>\n<a href=\"http:\/\/www.php.net\/header\"><span class=\"kw3\">header<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st0\">&quot;Cache-Control: no-cache&quot;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span> <span class=\"co1\">\/\/set http headers to prevent caching<\/span><br \/>\n<a href=\"http:\/\/www.php.net\/header\"><span class=\"kw3\">header<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st0\">&quot;Pragma: no-cache&quot;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"co1\">\/\/set http headers to prevent caching<\/span><br \/>\n<span class=\"kw2\">function<\/span> scan_target<span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"co1\">\/\/ Get the client ip address and ports<\/span><br \/>\n&nbsp; &nbsp; <span class=\"re0\">$ipaddress<\/span> <span class=\"sy0\">=<\/span> <span class=\"re0\">$_SERVER<\/span><span class=\"br0\">&#91;<\/span><span class=\"st_h\">'REMOTE_ADDR'<\/span><span class=\"br0\">&#93;<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"kw1\">if<\/span> <span class=\"br0\">&#40;<\/span><a href=\"http:\/\/www.php.net\/filter_var\"><span class=\"kw3\">filter_var<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"re0\">$ipaddress<\/span><span class=\"sy0\">,<\/span> FILTER_VALIDATE_IP<span class=\"br0\">&#41;<\/span> <span class=\"sy0\">===<\/span> <span class=\"kw4\">false<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><span class=\"kw1\">echo<\/span> <span class=\"st0\">&quot;&lt;pre&gt;Target is not a valid IP&lt;\/pre&gt;&quot;<\/span><span class=\"sy0\">;<\/span><a href=\"http:\/\/www.php.net\/exit\"><span class=\"kw3\">exit<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"nu0\">0<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"br0\">&#125;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"re0\">$target<\/span> <span class=\"sy0\">=<\/span> <a href=\"http:\/\/www.php.net\/escapeshellarg\"><span class=\"kw3\">escapeshellarg<\/span><\/a><span class=\"br0\">&#40;<\/span><a href=\"http:\/\/www.php.net\/preg_replace\"><span class=\"kw3\">preg_replace<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st_h\">'\/[^0-9.\\']\/'<\/span><span class=\"sy0\">,<\/span> <span class=\"st_h\">''<\/span><span class=\"sy0\">,<\/span> <span class=\"re0\">$ipaddress<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"re0\">$ports<\/span> <span class=\"sy0\">=<\/span> <a href=\"http:\/\/www.php.net\/escapeshellarg\"><span class=\"kw3\">escapeshellarg<\/span><\/a><span class=\"br0\">&#40;<\/span><a href=\"http:\/\/www.php.net\/preg_replace\"><span class=\"kw3\">preg_replace<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st_h\">'\/[^0-9,\\-\\']\/'<\/span><span class=\"sy0\">,<\/span> <span class=\"st_h\">''<\/span><span class=\"sy0\">,<\/span> <a href=\"http:\/\/www.php.net\/htmlspecialchars\"><span class=\"kw3\">htmlspecialchars<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"re0\">$_GET<\/span><span class=\"br0\">&#91;<\/span><span class=\"st0\">&quot;ports&quot;<\/span><span class=\"br0\">&#93;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <br \/>\n&nbsp; &nbsp; <span class=\"co1\">\/\/checks if ports is set to 0 and then forces to top 100 ports<\/span><br \/>\n&nbsp; &nbsp; <span class=\"kw1\">if<\/span> <span class=\"br0\">&#40;<\/span> <span class=\"re0\">$ports<\/span> <span class=\"sy0\">==<\/span> <span class=\"st0\">&quot;'0'&quot;<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><span class=\"re0\">$cmd<\/span> <span class=\"sy0\">=<\/span> <a href=\"http:\/\/www.php.net\/escapeshellcmd\"><span class=\"kw3\">escapeshellcmd<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st0\">&quot;nmap -T4 --stats-every 5 -r -n -Pn --top-ports 100 <span class=\"es4\">$target<\/span>&quot;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"br0\">&#125;<\/span> <span class=\"kw1\">else<\/span> <span class=\"br0\">&#123;<\/span><span class=\"re0\">$cmd<\/span> <span class=\"sy0\">=<\/span> <a href=\"http:\/\/www.php.net\/escapeshellcmd\"><span class=\"kw3\">escapeshellcmd<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"st0\">&quot;nmap -T4 --stats-every 5 -r -n -Pn -p<span class=\"es4\">$ports<\/span> <span class=\"es4\">$target<\/span>&quot;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><span class=\"br0\">&#125;<\/span><br \/>\n&nbsp; &nbsp; <br \/>\n&nbsp; &nbsp; <span class=\"kw1\">echo<\/span> <span class=\"st_h\">'&lt;pre&gt;'<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"re0\">$a<\/span> <span class=\"sy0\">=<\/span> <a href=\"http:\/\/www.php.net\/popen\"><span class=\"kw3\">popen<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"re0\">$cmd<\/span><span class=\"sy0\">,<\/span> <span class=\"st_h\">'r'<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span> <br \/>\n&nbsp; &nbsp; <span class=\"kw1\">while<\/span><span class=\"br0\">&#40;<\/span><span class=\"re0\">$b<\/span> <span class=\"sy0\">=<\/span> <a href=\"http:\/\/www.php.net\/fgets\"><span class=\"kw3\">fgets<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"re0\">$a<\/span><span class=\"sy0\">,<\/span> <span class=\"nu0\">4096<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span> <br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">echo<\/span> <span class=\"re0\">$b<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <a href=\"http:\/\/www.php.net\/flush\"><span class=\"kw3\">flush<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span> <br \/>\n&nbsp; &nbsp; <span class=\"br0\">&#125;<\/span> <br \/>\n&nbsp; &nbsp; <a href=\"http:\/\/www.php.net\/pclose\"><span class=\"kw3\">pclose<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"re0\">$a<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span> <br \/>\n&nbsp; &nbsp; <span class=\"kw1\">echo<\/span> <span class=\"st_h\">'&lt;\/pre&gt;'<\/span><span class=\"sy0\">;<\/span><br \/>\n<span class=\"br0\">&#125;<\/span><br \/>\n<span class=\"sy1\">?&gt;<\/span><br \/>\n&lt;html&gt;&lt;head&gt;&lt;title&gt;Port Scan Me&lt;\/title&gt;&lt;\/head&gt;&lt;body&gt;<br \/>\n&lt;form action=&quot;&quot; method=&quot;get&quot;&gt;Custom Ports: (e.g. 53,80,137-139,443,445) &lt;input type=&quot;text&quot; name=&quot;ports&quot;&gt;&lt;input type=&quot;submit&quot;&gt;&lt;\/form&gt;<br \/>\n&lt;form action=&quot;&quot; method=&quot;get&quot;&gt;Default Ports: &lt;select name=&quot;ports&quot;&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;0&quot;&gt;Top 100&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;21&quot;&gt;FTP 21&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;22&quot;&gt;SSH 22&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;23&quot;&gt;Telnet 23&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;53&quot;&gt;DNS 53&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;80&quot;&gt;HTTP 80&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;139&quot;&gt;NetBIOS 139&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;443&quot;&gt;HTTPS 443&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;445&quot;&gt;SMB 445&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;1433&quot;&gt;MSSQL 1433&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;3306&quot;&gt;MySQL 3306&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;3389&quot;&gt;RDP 3389&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;5632&quot;&gt;PCAnywhere 5632&lt;\/option&gt;<br \/>\n&nbsp; &nbsp; &lt;option value=&quot;5900&quot;&gt;VNC 5900&lt;\/option&gt;<br \/>\n&lt;\/select&gt;&lt;input type=&quot;submit&quot;&gt;&lt;\/form&gt; &nbsp; <br \/>\n<span class=\"kw2\">&lt;?php<\/span><br \/>\n<span class=\"kw1\">if<\/span><span class=\"br0\">&#40;<\/span><a href=\"http:\/\/www.php.net\/isset\"><span class=\"kw3\">isset<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"re0\">$_GET<\/span><span class=\"br0\">&#91;<\/span><span class=\"st0\">&quot;ports&quot;<\/span><span class=\"br0\">&#93;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; scan_target<span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><br \/>\n<span class=\"br0\">&#125;<\/span><br \/>\n<span class=\"sy1\">?&gt;<\/span><br \/>\n&lt;\/body&gt;&lt;\/html&gt;<\/div><\/td><\/tr><\/tbody><\/table><\/div>\n<p>And a link to the code should you wish to have a go. <a href=\"https:\/\/www.phillips321.co.uk\/downloads\/portscan.php.txt\" title=\"Port Scan Me\" target=\"_blank\">https:\/\/www.phillips321.co.uk\/downloads\/portscan.php.txt<\/a><\/p>\n<p><a href=\"https:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2016\/06\/Screen-Shot-2016-06-12-at-16.10.56.png\"><img loading=\"lazy\" src=\"https:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2016\/06\/Screen-Shot-2016-06-12-at-16.10.56-300x176.png\" alt=\"Screen Shot 2016-06-12 at 16.10.56\" width=\"300\" height=\"176\" class=\"aligncenter size-medium wp-image-1300\" srcset=\"https:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2016\/06\/Screen-Shot-2016-06-12-at-16.10.56-300x176.png 300w, https:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2016\/06\/Screen-Shot-2016-06-12-at-16.10.56-1024x602.png 1024w, https:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2016\/06\/Screen-Shot-2016-06-12-at-16.10.56.png 1072w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So I got thinking this weekend that I wanted a simple service to allow me to port scan myself from a remote location. I decided I could SSH on to a box but then i&#8217;d need to transmit creds etc&#8230; as such I quickly coded up some PHP to allow me to scan what ever [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1300,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[44,258,417,267,424,453],"_links":{"self":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/1299"}],"collection":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/comments?post=1299"}],"version-history":[{"count":5,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/1299\/revisions"}],"predecessor-version":[{"id":1305,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/1299\/revisions\/1305"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/media\/1300"}],"wp:attachment":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/media?parent=1299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/categories?post=1299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/tags?post=1299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}