Penetration Testing
run nmap automatically from index.html (??) Nov 16 2011 02:09PM
Kathy Simm (kathys39 hotmail com) (7 replies)
RE: run nmap automatically from index.html (??) Nov 16 2011 08:50PM
Ward, Jon (Jon_Ward SYNTELINC COM) (2 replies)
Re: run nmap automatically from index.html (??) Nov 17 2011 08:41AM
arvind doraiswamy (arvind doraiswamy gmail com)
RE: run nmap automatically from index.html (??) Nov 16 2011 11:10PM
Ward, Jon (Jon_Ward SYNTELINC COM)
Re: run nmap automatically from index.html (??) Nov 16 2011 05:48PM
Mihai Nitulescu (mihai nitulescu gmail com)
RE: run nmap automatically from index.html (??) Nov 16 2011 04:23PM
Kettlewell, Nate \(Kansas City\) (Nate Kettlewell fishnetsecurity com)
Re: run nmap automatically from index.html (??) Nov 16 2011 04:16PM
securityfocus rawchaos com (1 replies)
If you can modify the source for the website, you can add something like this with PHP at the end of the page:

<?php
passthru("/path/to/nmap <args> " . $_SERVER['REMOTE_ADDR'] . " >> /path/to/log_file.log 2>&1 &");
?>

It is important to note that "2>&1 &" allows this command to be backgrounded so PHP will not wait for this command to finish before rendering the page and closing. Also if you are behind a proxy you might have to use something like $_SERVER["HTTP_X_FORWARDED_FOR"] instead.

If modifying the source of the page is out of the question, I would avoid scanning the logs as there's no guarantee of when apache will flush logs to disk (it does not happen in real time). It would probably work just fine, but if you are going to write a log scraping service anyway, I'd sooner write an apache2 module or use mod_perl to hook EXEC_ON_READ or similar.

-a

On Wed, Nov 16, 2011 at 02:09:37PM +0000, Kathy Simm wrote:
>
> We are doing a pen test for a small company and wish to automate some things. We have a website inside their Intranet that
> when employees scan or visit it we'd like to nmap the box they came from trying to see if anyone hooks up an authorized computer to their intranet. Any ideas of how to get=
> nmap to run automatically?
>
> Getting a perl script to run nmap is already done but I'm trying to figure out whether we should monitor the libpcap data or the apache log files
> etc. I'm sure someone else has done this already - can you share some ideas?
> ------------------------------------------------------------------------

> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: run nmap automatically from index.html (??) Nov 16 2011 05:26PM
Daniel Miller (bonsaiviking gmail com)
Re: run nmap automatically from index.html (??) Nov 16 2011 03:26PM
Justin Rogosky (jrogosky gmail com) (1 replies)
Re: run nmap automatically from index.html (??) Nov 16 2011 04:47PM
Sarah Loyd (sarahloyd mac com)
Re: run nmap automatically from index.html (??) Nov 16 2011 02:57PM
John Mason Jr (john mason jr cox net)
Re: run nmap automatically from index.html (??) Nov 16 2011 02:56PM
Guillaume Friloux (guillaume friloux asp64 com)


 

Privacy Statement
Copyright 2010, SecurityFocus