Running Sanners from a CGI script 1

sammy100 · Jul 24, 2001

what i am doing is passing the scanner name, type of scan....like portscan etc and the IP address of the machine to be scanned to a CGI script from a web page....what i want to know is how to i execute the command to run the scanner.
the command to run the scanner from command line is "scannername type of scan IPaddress"
after running the scanner i have to output the result to a webpage.
does anyone know how to do this ...please help. thx

regards
samantha

toolkit · Aug 6, 2001

Perhaps you could try the following:

(1) Create a lockfile when running the scan
(2) Save the scan results to a file
(3) Have the code do the following:

if( -e $lockfile ) {
print "Scan is being performed, please wait"
} elsif ( -e $results ) {
open (RESULTS, $results);
print qq{<pre>};
while (<RESULTS>) { print };
print qq{</pre>};
} else {
&createLockfile( $lockfile );
&runScanInBackgroud( $results );
print "Scan is being performed, please wait"
}

Then you would make sure you include the following lines in the head of the web page:

<meta http-equiv="refresh" content="5">

This will keep asking for the CGI script, which will display the in process message until the lockfile is removed, and the results file is present

Happy coding

, Cheers, NEIL

sammy100 · Aug 7, 2001

could u please explain ur code further. i have added the meta tag in the html code from where i call the script i.e the action performed by the html code is calling the script. is this right? please verify asap. thx a lot!

samantha

sammy100 · Aug 7, 2001

how do i create a lockfile???

this is the command that i have used to run a scan in the background:

$result = system("`scan operation`&&quot

;

is this right??? please comfirm. also confirm abt the question before this. thx.

regards
samantha

toolkit · Aug 7, 2001

Example code:

Code:

scan.sh:
     1  #!/bin/sh
     2
     3  echo $$ > .lockfile
     4  sleep 30
     5  echo HELLO > results
     6  rm -f .lockfile

scan.pl:
     1  #!/usr/local/metrica/bin/perl -w
     2
     3  my $lockfile = &quot;./.lockfile&quot;;
     4  my $results  = &quot;./results&quot;;
     5  my $refresh  = qq{Content-type: text/html
     6
     7  <meta http-equiv=&quot;refresh&quot; content=&quot;5&quot;>
     8  <html>
     9  <head>
    10  <title>Results</title>
    11  </head>
    12  <body>
    13  };
    14  my $static  = qq{Content-type: text/html
    15
    16  <html>
    17  <head>
    18  <title>Results</title>
    19  </head>
    20  <body>
    21  };
    22
    23  my $tail     = qq{
    24  </body>
    25  </html>
    26  };
    27
    28
    29  if ( -e $lockfile ) {
    30      # A lockfile has been found
    31      # Make sure the process still exists
    32      open( LOCK, $lockfile ) or die;
    33      chomp(my $pid = <LOCK>);
    34      close LOCK;
    35      if( kill 0 => $pid ) {
    36          # Process found
    37          print $refresh;
    38          print qq{<h1>Awaiting results</h1>};
    39          print $tail;
    40
    41      } else {
    42          # Process not found
    43          # Remove the lockfile
    44          unlink $lockfile;
    45          die &quot;Stale lockfile found\n&quot;;
    46      }
    47  }
    48  else {
    49      if( -e $results ) {
    50          # the 'scan' process has created a results file
    51          print $static;
    52          open( RESULTS, $results ) or die;
    53          while(<RESULTS>) {
    54              print;
    55          }
    56          close RESULTS;
    57          unlink $results;
    58          print $tail;
    59      }
    60      else {
    61          print $refresh;
    62          print qq{<h1>Generating results</h1>};
    63          print $tail;
    64          close STDOUT;
    65          system(&quot;scan.sh &&quot;);
    66      }
    67  }
[code]

The scan.sh simulates a process that takes a while to complete. Line 3 echos the current process id number to a lockfile before running the 'scan', and line 6 removes the lockfile after the scan has completed.

Now to explain a few lines in scan.pl:
Lines 5-13 define a header string. This string will cause the browser to request the page again after 5 seconds due to the <meta> tag.

Lines 14-21 define a header string. This string is used to create a static page that is no longer refreshed, once the results of the 'scan' have been generated.

Line 29 checks for existence of a lockfile. If found, then line 35 checks that the process id number in the lockfile is still a valid process (it may have died off without removing the lockfile). If the process is valid, we must be awaiting results, so ouput a message with a 'refresh' header.

Lines 41-46: If the process is not valid, we just die and remove the file (more graceful error checking would be better).

If we do not have a lockfile, then the scan process must have either finished, or not yet run.

Lines 49-59: If a results file is present, print a static page containing this infomation, then remove the results file.

Lines 60-66: Otherwise, we must run the scan process. Here we print a 'generating results message', and then close STDOUT to flush the page across to the broweser. Then we run the process.


Hope this is of some help 8-) Cheers, NEIL

sammy100 · Aug 17, 2001

none of the ahref statements in this coe r working. could anyone please tell me what the problem is. the file that the link must point to ..exists. thx in advance. its urgent.

#!/usr/bin/perl
%in= &getcgivars ;

print "Content-type: text/html\n\n" ;
print <<EOF ;
<html>
<head><title>SCAN CHOICES</title></head>
<body>
<h1>CHOICES MADE ARE</h1>
<ul>
EOF

foreach $key (keys %in) {
if($in{$key} ne " &quot

{
if($key eq "SCANTYPE3" || $key eq "SCANTYPE4" || $key eq "SCANTYPE5&quot

{
print "SCANTYPE = $in{$key}";
}
else
{
print "<li>$key = $in{$key}\n" ;
}
}
}

if ($in{SCANTYPE} ne " &quot

{
if($in{SCANTYPE3} ne " " || $in{SCANTYPE4} ne " " || $in{SCANTYPE5} ne " &quot

{
print "<p><B>ERROR: </B>Enter a single scan type";
}
else
{
if(!$in{IP})
{
print "<p><B>No IP address has been entered : </B>";
print "Scan will be performed on localhost";
$in{IP}= `localhost`;
}
if(-e "/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP/$in{SCANTYPE}.txt&quot

{
print "<p><B>This scan has already been performed on $in{IP}</B>";
print "<p><B>To continue click<B>";
print a({-href=> "sam1.cgi?IP=$in{IP}&SCANTYPE=$in{SCANTYPE}"},"CONTINUE&quot

;
print "<p><B>To view the results click </B>";

print a({-href=> "../$in{IP}/NMAP/$in{SCANTYPE}.txt"}," RESULTS&quot

;
}
else
{
print "<p><B>Wait for the scan to complete</B>";
if(-e "/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP&quot

{
chdir "/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP";
}
elsif(-e "/home/samantha/apache_1.3.17/htdocs/$in{IP}&quot

{
chdir "/home/samantha/apache_1.3.17/htdocs/$in{IP}";
mkdir "NMAP";
chdir "/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP";
}
else
{
chdir "/home/samantha/apache_1.3.17/htdocs";
mkdir "$in{IP}";
chdir "/home/samantha/apache_1.3.17/htdocs/$in{IP}";
mkdir "NMAP";
chdir "/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP";
}
if($in{SCANTYPE} eq "FastScan&quot

{
`nmap -F $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "PortScan&quot

{
`nmap -sT $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "SYNScan&quot

{
`nmap -sS $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "PingScan&quot

{
`nmap -sP $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "UDPScan&quot

{
`nmap -sU $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "RPCScan&quot

{
`nmap -sR $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "NetworkScan&quot

{
`nmap -PT $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "SubnetScan&quot

{
}
if($in{SCANTYPE} eq "rhostScan&quot

{
`nmap -O $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "ridentScan&quot

{
`nmap -I $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq "ACKScan&quot

{
`nmap -sA $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
print "<p></B>To view the results click</B>";
print a({-href=> "../$in{IP}/NMAP/$in{SCANTYPE}.txt"},"RESULTS&quot

;
}
}
}

print <<EOF ;
</ul>
</body>
</html>
EOF

exit ;

sub getcgivars {
local($in, %in) ;
local($name, $value) ;

# First, read entire string of CGI vars into $in
if ( ($ENV{'REQUEST_METHOD'} eq 'GET') ||
($ENV{'REQUEST_METHOD'} eq 'HEAD') ) {
$in= $ENV{'QUERY_STRING'} ;

} elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
if ($ENV{'CONTENT_TYPE'}=~ m#^application/x-

http://www-form-urlencoded$#i)

{
$ENV{'CONTENT_LENGTH'}
|| &HTMLdie("No Content-Length sent with the POST request.&quot

;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'}) ;

} else {
&HTMLdie("Unsupported Content-Type: $ENV{'CONTENT_TYPE'}&quot

;
}

} else {
&HTMLdie("Script was called with unsupported REQUEST_METHOD.&quot

;
}

# Resolve and unencode name/value pairs into %in
foreach (split('&', $in)) {
s/\+/ /g ;
($name, $value)= split('=', $_, 2) ;
$name=~ s/%(..)/chr(hex($1))/ge ;
$value=~ s/%(..)/chr(hex($1))/ge ;
$in{$name}.= "\0" if defined($in{$name}) ; # concatenate multiple vars
$in{$name}.= $value ;
}

return %in ;

# Die, outputting HTML error page
# If no $title, use a default title
sub HTMLdie {
local($msg,$title)= @_ ;
$title || ($title= "CGI Error&quot

;
print <<EOF ;
Content-type: text/html

<html>
<head>
<title>$title</title>
</head>
<body>
<h1>$title</h1>
<h3>$msg</h3>
</body>
</html>
EOF

exit ;
}

regards
samantha

sammy100 · Aug 17, 2001

could someone please answer the previous question...i have another question...how do i get the "remote user" who accesses a particular script. this variable does not seem to be a part of $ENV. also when i execute the script from the cgi-bin directory itself it contains variables like "REMOTEHOST" and "USER" which is exactly what i want...but i need them even when the script is being accessed from elsewhere. the web-server i am using is Apache and authentication has been activated...which means that the "remote user" variable should exist. could someone please tell me whats happening. thx a lot.

regards
samantha

toolkit · Aug 17, 2001

Are you developing with your own server? If so, there should be some access/error logs you could check to see what is happenning. For example, since this script to generate the HTML probably resides in cgi-bin, all the hrefs should be relative to that directory. Try using absolute paths to the file, as a full URL( http and all ). If your server allows aliases, then you can have:

Alias /html/ "/some/path/to/html/"
Alias /images/ "/some/path/to/images/"
ScriptAlias /cgi-bin/ "/some/path/to/cgi-files/"

Then your hrefs need only start with "/html/hello.html" or "/cgi-bin/process.pl"

Hope this helps, Cheers NEIL s-)

tsdragon · Aug 17, 2001

I think toolkit probably has it right - you need to make your references absolute, although I don't know it you need the "

http://domain.com"

part.

As for getting the username, here's some code that might work:

Code:

sub GetLogon {

my($authtype,$authstring) = split(' ', $ENV{'HTTP_AUTHORIZATION'});

return &quot;unknown&quot; unless $authtype =~ /basic/i;

# We COULD use the following two lines, but it would include
# code that we don't really need much.

#use MIME::Base64 ();
#$decoded = MIME::Base64::decode($encoded);

# The following code comes from perlfaq9

$authstring =~ tr[A-Za-z0-9+/][]cd; # remove non-base64 chars
$authstring =~ tr[A-Za-z0-9+/][ -_]; # convert to uuencoded format
$len = pack(&quot;c&quot;, 32 + 0.75*length($authstring)); # compute length byte
my $authstring = unpack(&quot;u&quot;, $len . $authstring); # uudecode and print

# Now we have userid:password. 
my ($user,$pswd) = split(':', $authstring);

return ($user,$pswd);

} # GetLogon

Note that if this works it will give you the userid and password in plaintext. Which means the authentication method isn't very secure. The only reason I don't worry about posting this is because I got the code out of the perl faqs, so it's not a secret. Tracy Dryden
tracy@bydisn.com

http://www.bydisn.com

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.

sammy100 · Aug 17, 2001

Tracy....i tried the code that u gave me but it always returns unknown.
This is my htacces file...could u please tell me what is wrong. thx a lot.

authtype Basic
authname "RESTRICTED--ENTER USERNAME AND PASSWORD"
AuthUserFile /home/samantha/apache_1.3.17/htdocs/.htpasswd
require valid-user

Regards
samantha

sammy100 · Aug 18, 2001

Undefined subroutine &main::a called at /home/samantha/apache_1.3.17/cgi-bin/sam2.cgi line 119.

This is the error that is being generated even after i have changed the path to an absolute path. the link does not even get displayed on the screen. before i changed it to the absolut path also i was getting the same output...i.e the link was not even displayed on the screen. does anyone know whats wrong.

do u have an answet to my previous question tracy...if so please reply. thx a lot for your help.

Regards
samantha

toolkit · Aug 18, 2001

Aha,

You have not imported the CGI.pm package, in which a() is defined. Try adding the following line near the top of your code:

use CGI qw( :all );

This should fix it. Try perldoc CGI to find out more information abot this package.

Cheers, Neil

sammy100 · Aug 19, 2001

thx Neil...that worked perfect...

Tracy....i tried the code that u gave me but it always returns unknown.
This is my htacces file...could u please tell me what is wrong. thx a lot.

authtype Basic
authname "RESTRICTED--ENTER USERNAME AND PASSWORD"
AuthUserFile /home/samantha/apache_1.3.17/htdocs/.htpasswd
require valid-user

Regards
samantha

sammy100 · Sep 4, 2001

hi...now i have to do whatever i have done so far for WIN NT...could someone please tell me how i can run a windows command from within a perl-cgi script. for example..if i have to run C:\Program Files\scanners\strobe.exe
how do i do this?? please help.

Regards
samantha

tsdragon · Sep 4, 2001

Samantha, somehow I didn't see your last question, which is why I hadn't answered it. Your .htaccess file looks ok to me, though I'm not an expert at that sort of thing.

As for running a command from a script, you can use the system command, or you can use backtics. The system command returns just a numeric return code (0 is successful), while the backtics return an array of the lines of output from the command. Here's an example of each:

Code:

$retcode = system(&quot;C:\Program Files\scanners\strobe.exe&quot;);
@data = `C:\Program Files\scanners\strobe.exe`;

Tracy Dryden
tracy@bydisn.com

http://www.bydisn.com

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.

sammy100 · Sep 6, 2001

thx a lot..i'll trythat.what i'm trying to do now is compare 2 files. this is the code that i am using.

$file3 = "file3.txt";
open(F1, "+>$file3&quot

;
@lines3 = (<F1>);
foreach $i (0..$#lines3)
{
print F1 " ";
}
$file1 = "file1.txt";
open(F, "$file1&quot

or die "Can't open $file1: $!\n";
@lines1 = (<F>);
close(F);
$file2 = "file2.txt";
open(F, "$file2&quot

or die "Can't open $file2: $!\n";
@lines2 = (<F>);
close(F);
foreach $i (0..$#lines1) {
$match = grep /$lines1[$i]/, @lines2;
if($match < 1 ) {
chomp($lines1[$i]);
print F1 "$lines1[$i] does not exist in file 2\n";
print F1 "\n";
}
}
foreach $i (0..$#lines2) {
$match = grep /$lines2[$i]/, @lines1;
if ($match < 1 ) {
chomp($lines2[$i]);
print F1 "$lines2[$i] does not exist in file 1\n";
print F1 "\n";
}
}

both the files have the same content. this is what they contain

<HTML>
<HEAD>
<title> Host Tables - By Database </title>
<LINK REV="made" HREF="mailto:satan@fish.com">
<LINK REV="made" HREF="mailto:sara@arc.com">
</HEAD>
<H2>Security Auditor's Research Assistant (SARA) Professional (PRO)
Report Writer</H2>
<a href="/sara.html"> Back to the start page </a> |
<a href="/reporting/analysis.pl"> Back to Reporting and Analysis </a><HR>
<HTML>

<HEAD>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">

<TITLE>SARA Scan Results</TITLE>

</HEAD>

<BODY LINK="#0000ff">

<FONT SIZE=2>16 August 2001
<BR>

<i>place document number here</i>

<PRE> </PRE>

<H4 ALIGN="CENTER">SARA Scan Results of sara-data</H4>

<PRE> </PRE>

<B>INTRODUCTION</B>

<PRE> </PRE>

<P>Advanced Research Corporation ® was tasked to perform a Security Auditor's Research Assistant (SARA) security scan on hosts on the sara-data sub-nets. The SARA scan was performed to identify potential security vulnerabilities in the sara-data sub-domain. The SARA scan was completed on 2001/08/16 and its scan mode was set to heavy. The

version of SARA was Version 3.4.8a
.
<PRE> </PRE>

<B>DISCUSSION</B>

<PRE> </PRE>

SARA is a third generation security analysis tool that analyzes network-based services on the target computers. SARA classifies a detected service in one of five categories:

<PRE> </PRE>

<UL>

<LI>Green:		Services found that were not exploitable

<LI>None:		No services or vulnerabilities

<LI>Red:		Services with potentially severe exploits (account compromise)

<LI>Yellow:		Services with potentially serious exploits found (data compromise)
<LI>Brown:		Possible security problems.

</UL>

<PRE> </PRE>

A total of 127 devices were detected of which 53 are

possibly vulnerable. Figure 1 summarizes this scan by color where the <I>Green</I> bar indicates hosts with no detected vulnerabilities. <I>None</I> indicates hosts with no services. The <I>Red</I> bar indicates hosts that have one or more red vulnerabilities. The <I>Yellow</I> bar indicates hosts that have one or more yellow vulnerabilities (but no red). And the <I>Brown</I> bar indicates hosts that have one or more brown problems (but no red or yellow)

<PRE> </PRE>

<TABLE BORDER=0><TR><TD width="50">Green</TD><TD width="220" BGCOLOR="Green"> </TD><TD>56</TD></TR></TABLE>
<TABLE BORDER=0><TR><TD width="50">None</TD><TD width="71" BGCOLOR="#808080"> </TD><TD>18</TD></TR></TABLE>
<TABLE BORDER=0><TR><TD width="50">Red</TD><TD width="110" BGCOLOR="RED"> </TD><TD>28</TD></TR></TABLE>

but i am not getting the right output. it says there r differences between the 2 files. this is the output given.

<H2>Security Auditor's Research Assistant (SARA) Professional (PRO) does not exist in file 2

<P>Advanced Research Corporation ® was tasked to perform a Security Auditor's Research Assistant (SARA) security scan on hosts on the sara-data sub-nets. The SARA scan was performed to identify potential security vulnerabilities in the sara-data sub-domain. The SARA scan was completed on 2001/08/16 and its scan mode was set to heavy. The does not exist in file 2

<LI>Red:		Services with potentially severe exploits (account compromise) does not exist in file 2

<LI>Yellow:		Services with potentially serious exploits found (data compromise) does not exist in file 2

possibly vulnerable. Figure 1 summarizes this scan by color where the <I>Green</I> bar indicates hosts with no detected vulnerabilities. <I>None</I> indicates hosts with no services. The <I>Red</I> bar indicates hosts that have one or more red vulnerabilities. The <I>Yellow</I> bar indicates hosts that have one or more yellow vulnerabilities (but no red). And the <I>Brown</I> bar indicates hosts that have one or more brown problems (but no red or yellow) does not exist in file 2

<H2>Security Auditor's Research Assistant (SARA) Professional (PRO) does not exist in file 1

<P>Advanced Research Corporation ® was tasked to perform a Security Auditor's Research Assistant (SARA) security scan on hosts on the sara-data sub-nets. The SARA scan was performed to identify potential security vulnerabilities in the sara-data sub-domain. The SARA scan was completed on 2001/08/16 and its scan mode was set to heavy. The does not exist in file 1

<LI>Red:		Services with potentially severe exploits (account compromise) does not exist in file 1

<LI>Yellow:		Services with potentially serious exploits found (data compromise) does not exist in file 1

possibly vulnerable. Figure 1 summarizes this scan by color where the <I>Green</I> bar indicates hosts with no detected vulnerabilities. <I>None</I> indicates hosts with no services. The <I>Red</I> bar indicates hosts that have one or more red vulnerabilities. The <I>Yellow</I> bar indicates hosts that have one or more yellow vulnerabilities (but no red). And the <I>Brown</I> bar indicates hosts that have one or more brown problems (but no red or yellow) does not exist in file 1

could someone please tell me what is going wrong here. thx a lot.

Regards
samantha

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Running Sanners from a CGI script 1

sammy100

Programmer

toolkit

Programmer

sammy100

Programmer

sammy100

Programmer

toolkit

Programmer

sammy100

Programmer

sammy100

Programmer

toolkit

Programmer

tsdragon

Programmer

sammy100

Programmer

sammy100

Programmer

toolkit

Programmer

sammy100

Programmer

sammy100

Programmer

tsdragon

Programmer

sammy100

Programmer

Similar threads

Part and Inventory Search

Sponsor