Re: nmap..... via web

[ajax <ajax () mobis com>]

All this talk about creating a cgi based nmap interface made me think
about not only how easy it was to write one, but why the people who are
spending more time talking about how it should be done are not spending
the five minutes it takes to write a perl cgi interface to nmap...

anyway, www.mobis.com/ajax/code/nmap/webmap.cgi is my seven minute
rendering of what i think it should look like, complete with sanity
checking of the user input variable, an allow_hosts list, a ban_hosts
list, and an email notification each time the program was ran.

later d00dz

 ajax () mobis com                    | The skill of accurate perception  
 Unix Network Admin                | is called cynicism by those who 
 Mobile Internet Services, Inc.    | don't possess it. 

On Thu, 18 Feb 1999, MadHat wrote:

> Make the CGI a perl script that is running SUID perl so it runs as
> root.  Make the perl check to see where they are coming from and that
> the host they want to scan is inside your network before allowing to
> continue with the scan.
>
> That would be a bit risky if the script isn't written properly, but it
> should be fairly easy to do.
>
> Erik Parker wrote:
> > I'd like to setup nmap, for OS guessing, via a web form. Mainly so people
> > within my company, can goto the web, type a host, it will try to guess its
> > OS, and return it to them. As for for a cgi, or webform, or whatever needs
> > to be done, I can have someone else figure that out.
> >
> > My to concerns are, What security problems should I expect.. if any..
> > The site would be restricted via htaccess, for the fact it is a possible
> > DOS that ppl could do.
> >
> > Second, apache runs as nobody.. Need root to do a tcp fingerprint.. Any
> > ideas on that?
> >
> > Cheers,
> > Erik