So I got thinking this weekend that I wanted a simple service to allow me to port scan myself from a remote location. I decided I could SSH on to a box but then i’d need to transmit creds etc… as such I quickly coded up some PHP to allow me to scan what ever IP address my request is coming from. I’ve used a server side variable for this to prevent any client abuse 😉
The code was pretty simple to write in PHP, however, it was a nightmare trying to ensure the PHP buffer would allow the page to dynamically update.
Here’s the code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | <?php ini_set('zlib.output_compression', false);// Turn off PHP output compression while (@ob_end_flush());//Flush (send) the output buffer and turn off output buffering ini_set('implicit_flush', true);// Implicitly flush the buffer(s) ob_implicit_flush(true);// Implicitly flush the buffer(s) set_time_limit(0);//Set this so PHP doesn't timeout during a long stream header("Cache-Control: no-cache"); //set http headers to prevent caching header("Pragma: no-cache");//set http headers to prevent caching function scan_target(){ // Get the client ip address and ports $ipaddress = $_SERVER['REMOTE_ADDR']; if (filter_var($ipaddress, FILTER_VALIDATE_IP) === false) {echo "<pre>Target is not a valid IP</pre>";exit(0);} $target = escapeshellarg(preg_replace('/[^0-9.\']/', '', $ipaddress)); $ports = escapeshellarg(preg_replace('/[^0-9,\-\']/', '', htmlspecialchars($_GET["ports"]))); //checks if ports is set to 0 and then forces to top 100 ports if ( $ports == "'0'") {$cmd = escapeshellcmd("nmap -T4 --stats-every 5 -r -n -Pn --top-ports 100 $target"); } else {$cmd = escapeshellcmd("nmap -T4 --stats-every 5 -r -n -Pn -p$ports $target");} echo '<pre>'; $a = popen($cmd, 'r'); while($b = fgets($a, 4096)) { echo $b; flush(); } pclose($a); echo '</pre>'; } ?> <html><head><title>Port Scan Me</title></head><body> <form action="" method="get">Custom Ports: (e.g. 53,80,137-139,443,445) <input type="text" name="ports"><input type="submit"></form> <form action="" method="get">Default Ports: <select name="ports"> <option value="0">Top 100</option> <option value="21">FTP 21</option> <option value="22">SSH 22</option> <option value="23">Telnet 23</option> <option value="53">DNS 53</option> <option value="80">HTTP 80</option> <option value="139">NetBIOS 139</option> <option value="443">HTTPS 443</option> <option value="445">SMB 445</option> <option value="1433">MSSQL 1433</option> <option value="3306">MySQL 3306</option> <option value="3389">RDP 3389</option> <option value="5632">PCAnywhere 5632</option> <option value="5900">VNC 5900</option> </select><input type="submit"></form> <?php if(isset($_GET["ports"])){ scan_target(); } ?> </body></html> |
And a link to the code should you wish to have a go. https://www.phillips321.co.uk/downloads/portscan.php.txt
Leave a Reply
You must be logged in to post a comment.