nmap-web-1.3/ 0040755 0025547 0005670 00000000000 07075637744 0013224 5 ustar 00alek cadds 0000260 0000223 nmap-web-1.3/HISTORY 0100644 0025547 0005670 00000002242 07076653330 0014273 0 ustar 00alek cadds 0000260 0000223 04/17/00 Release as version1.3 04/15/00 Fix bug in daytime port parsing on timezone diffs around midnight 04/15/00 Use machine readable code instead of human readable 04/15/00 Add option to show ports NOT open 04/15/00 Change require to use to get compile time checks 04/14/00 Add stuff to handle POP and IMAP 04/11/00 Release as 1.3b 04/11/00 Add some timers so we don't timeout 04/11/00 Add ability to highlight exception conditions in red 04/11/00 Expand documentation a bit 04/11/00 Simplify top menu and make select box 04/11/00 Move around the include files still a little more (getting solid! ;-) 04/07/00 Release as 1.2 04/07/00 Add sample getnetgroup command 04/07/00 Minor bug fixes as suggested by folks 04/07/00 Make a bit more modular 04/06/00 Add ability to port query code for FTP, SSH, Sendmail per suggestions 04/06/00 Latest nmap BETA changed format a little - add a s/\/.*$// line! ;-) 04/05/00 Release as 1.1 04/05/00 Re-write selection code to make more portable 04/05/00 Add ability to do queries against port 13 & 80 and report results 03/23/00 Release as 1.0 [Unless otherwise stated, changes made by Alek Komarnitsky, alek@komar.org] nmap-web-1.3/LICENSE 0100644 0025547 0005670 00000000674 07066345517 0014227 0 ustar 00alek cadds 0000260 0000223 *************************************************************************** * nmap-web: Quick-n-Dirty Web Interface to nmap * * Copyright 2000 by Alek Komarnitsky, alek@komar.org * http://www.komar.org/komar/alek/ * *************************************************************************** Use and distribution of this software is covered by the GNU COPYING license. Please refer to this for terms and conditions. nmap-web-1.3/README 0100644 0025547 0005670 00000004052 07075103443 0014062 0 ustar 00alek cadds 0000260 0000223 nmap-web: A quick-n-dirty Web interface to nmap nmap (http://www.insecure.org/nmap/) is a very powerful and easy to use tool to check which ports are open/responding on your computer. Note that a LOT more things can be done with it (ex: remote OS fingerprinting) ... check out the web site for more info. It is LIGHTENING fast ... depending on the number of ports you scan, rates of 100+hosts/seconds are easily obtainable. While this can (IS!) be used by the "bad guys" ... it is actually a very useful tool for the "good guys" for a couple of reasons: - You should be aware of what ports are open on your machines and insure that only those you want/need/know (!) are open. Using nmap allows you to easily determine this so you can then take appropriate action. - If a "bad guy" does install a back door that listens on a port, then you should be able to detect that something is amiss by using nmap. - Say you are interested in: How many of my machines are web servers? nmap is pretty darn good for stuff like this. - You can also say "show me what VERSION" is running on well-known ports. This is handy to make sure you upgrade all of your software The later reasons are mostly why I wrote nmap-web ... which is basically a web interface to nmap and allows you to (via a web interface) quickly and easily select a list of ports and a list of hosts and it tells you which machines have which open ports. nmap generates this output itself; but nmap-web makes it just a little bit easier. nmap-web requires Perl (and nmap! ;-) and should be runnable under any Web Server running on any *NIX platform. Note that nmap-web only scans tcp ports, so it can be run as a "normal" user - i.e. no root access is required, which would be needed to scan udp ports. That could easily be changed, but I wanted to keep it simple. Pls see the INSTALL document for the misc. tweeks you'll need to make to get it working at your site. Pls send me any suggestions and/or comments. Alek Komarnitsky, alek@komar.org (http://www.komar.org/komar/alek) nmap-web-1.3/TODO 0100644 0025547 0005670 00000001307 07076653665 0013713 0 ustar 00alek cadds 0000260 0000223 Things I would really like to do and/or have done: - Add additional code for other ports FTP/etc. should look at multiple lines, Check given URL ... - nmap-web should show those machines not pingable ... waiting for nmap to return this data for us. - Perl code should "use Strict" ... but I'm lazy (lousy excuse!) - A LOT more could be done ... but I wanted to keep this simple; i.e. KISS principal applies ... so rather than try to give you access to every single nmap options/etc., this is a quick-n-dirty way to do some scans of the tcp ports and optionally get what is running there. Pls send me suggestions/bug fixes/etc. Alek Komarnitsky, alek@komar.org (http://www.komar.org/komar/alek) nmap-web-1.3/INSTALL 0100644 0025547 0005670 00000003522 07076655750 0014252 0 ustar 00alek cadds 0000260 0000223 nmap-web: A quick-n-dirty Web interface to nmap Installing nmap-web is pretty straighforward. - Get/compile/install nmap from http://www.insecure.org/nmap/. - Create a directory under your Web Site and put all the files there. Optionally create log and counter directories (see nmap_web_local.pm) - Copy cgi-bin/check-for-web.pl into the appropriate cgi-bin directory. Modify the location of Perl and the "INCLUDE" directory - There are several "include" files that are used ... the idea being that you should NOT have to change any of these except the *local* ones; and those should be relatively constant between releases. - Use the sample misc/getnetgroup if you want (see nmap_web_local.pm). - Point your browser to the directory listed above and rock-n-roll It should be fairly self-explanatory. BTW, if you peruse the code; you'll see there is the ability to put a "-ports" manually into the host field ... this is handy if you decide there is a new port you want to scan and you don't want to have to change the code. Pls send me any suggestions and/or comments. Alek Komarnitsky, alek@komar.org (http://www.komar.org/komar/alek) P.S. If you want a URL that just "does it", here's an example that has nmap web generate time data on example-clients: http://YOUR-SERVER/cgi-bin/nmap-web.pl?do_nmap=true&keyword=example-clients&port_selection=0000013-time&get_port_data=true Change "13-time" to "80-httpd" to get what web server you are running. PPS. NOTE: nmap-web was recently changed to parse the machine readable format (rather than the human readable format). I should have done this in the first place. There some misc. code blocks for stuff that I have not seen/tested yet for Machine stuff - pls send me anything amiss!!! This was tested with nmap2.30Beta20. /check-for-web.pl into the appropriate cgi-bin directory. Modify the location of Perl and the "INCLUDE" directory - There are several "include" files that are usednmap-web-1.3/help.html 0100644 0025547 0005670 00000010007 07075103717 0015021 0 ustar 00alek cadds 0000260 0000223
An easy way is to type the address into your browser;
but the simplest way is to just "telnet
Note that you can do that with most services by connecting to that port,
and nmap-web allows you do to that.
That's basically all this web page does ... using a "telnet on steroids"
program called nmap which opens connections up pretty darn fast (like about
a thousand a minute! ;-) and sees if there is an answer.
NOTE: Just because something is listening on port 80 does not guarantee that
it is a web server, but since that is the dafault port, it probably is. Also,
you can run Web Servers on ANY port ... but it makes little sense to unless it
is a well-known port. For example, 443 is reserved for secure HTTP - https.
Note that some other tricks (Firewalls, TCP Wrappers, etc.) can
be used to prevent a scanning machine from connecting to a web server that
is actually running.
If you are only checking port 80, this program will do it at a rate
will do 'em at a rate of about 1000 hosts/minute. "MORE" will be about
500 hosts/minutes, and LOTS about 200 hosts/minute. These numbers are
VERY approximate and can increase dramatically if a lot of hosts are
unresolveable and/or are down.
NOTE ALSO: this program does not check the web server to see if the pages are
"protected" or meet any compliance standards ... it just checks to see if a
web server exists at some address so you can then investigate further ... you
can ask it to tell you what Web Server version is reported.
Here's a list of definitions for the "well known" ports .. again, remember
that ANYTHING can be running on ANY port ...
";
if ( defined($ports{$in{'port_selection'}})) {
$nmap_ports = $ports{$in{'port_selection'}};
} else {
print "do not know what to do with $in{'port_selection'} - exiting\n";
print "";
exit(2);
}
if ( defined($in{'get_port_data'})) {
if ( ! ($nmap_ports =~ /^\d+$/) ) {
print "You requested program/version info on $nmap_ports\n\n\n";
print "You can not get program/version info if more than one port selected ";
print "
tcpmux 1/tcp # TCP Port Service Multiplexer [rfc-1078]
echo 7/tcp #
discard 9/tcp # sink null
systat 11/tcp # Active Users
daytime 13/tcp # Date
qotd 17/tcp # Quote of the Day
chargen 19/tcp # ttytst source Character Generator
ssh 22/tcp # Secure Shell Login
time 37/tcp # timeserver
nameserver 42/tcp # Host Name Server
tftp 69/tcp # Trivial File Transfer
finger 79/tcp # Finger Daemon
http 80/tcp # World Wide Web HTTP
pop-2 109/tcp # PostOffice V.2
pop-3 110/tcp # PostOffice V.3
auth 113/tcp # ident, tap, Authentication Service
uucp-path 117/tcp # UUCP Path Service
nntp 119/tcp # Network News Transfer Protocol
netbios-ns 137/tcp # NETBIOS Name Service
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-ssn 139/tcp # NETBIOS Session Service
imap2 143/tcp # Interim Mail Access Protocol v2
snmp 161/tcp #
snmptrap 162/tcp # snmp-trap
http-mgmt 280/tcp #
asip-webadmin 311/tcp # appleshare ip webadmin
https 443/tcp # secure http (SSL)
printer 515/tcp # spooler (lpd)
klogin 543/tcp # Kerberos (v4/v5)
kshell 544/tcp # krcmd Kerberos (v4/v5)
http-rpc-epmap 593/tcp # HTTP RPC Ep Map
sco-websrvrmg3 598/tcp # SCO Web Server Manager 3
ipcserver 600/tcp # Sun IPC server
webster 765/tcp #
xaudio 1103/tcp # Xaserver # X Audio Server
webster 2627/tcp # Network dictionary
www-dev 2784/tcp # world wide web - development
squid-http 3128/tcp #
dec-notes 3333/tcp # DEC Notes
mmcc 5050/tcp # multimedia conference control tool
pcanywhere 5632/tcp #
http-proxy 8080/tcp # Common HTTP proxy/second web server port
nmap-web-1.3/index.html 0100644 0025547 0005670 00000000615 07075103735 0015204 0 ustar 00alek cadds 0000260 0000223
";
print "Questions/comments/suggestions to $author - $version";
print "($tempvar)" if (defined($tempvar));
print "
\n";
} elsif ( defined($in{'Help'}) ) {
system("cat $help_file");
} elsif ( defined($in{'PORT_INFO'}) ) {
print "";
foreach $_ (sort keys %ports) {
print "$names{$_}: expected=";
if ( defined($expec{$_})) {
print $expec{$_};
} else {
print "N/A";
}
print " $ports{$_}\n";
}
} elsif ( defined($in{'do_nmap'}) ) {
print "