Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Running Sanners from a CGI script 1

Status
Not open for further replies.

sammy100

Programmer
Jul 24, 2001
21
US
what i am doing is passing the scanner name, type of scan....like portscan etc and the IP address of the machine to be scanned to a CGI script from a web page....what i want to know is how to i execute the command to run the scanner.
the command to run the scanner from command line is "scannername type of scan IPaddress"
after running the scanner i have to output the result to a webpage.
does anyone know how to do this ...please help. thx

regards
samantha
 
Perhaps you could try the following:

(1) Create a lockfile when running the scan
(2) Save the scan results to a file
(3) Have the code do the following:

if( -e $lockfile ) {
print "Scan is being performed, please wait"
} elsif ( -e $results ) {
open (RESULTS, $results);
print qq{<pre>};
while (<RESULTS>) { print };
print qq{</pre>};
} else {
&createLockfile( $lockfile );
&runScanInBackgroud( $results );
print &quot;Scan is being performed, please wait&quot;
}

Then you would make sure you include the following lines in the head of the web page:

<meta http-equiv=&quot;refresh&quot; content=&quot;5&quot;>

This will keep asking for the CGI script, which will display the in process message until the lockfile is removed, and the results file is present

Happy coding :), Cheers, NEIL

 
could u please explain ur code further. i have added the meta tag in the html code from where i call the script i.e the action performed by the html code is calling the script. is this right? please verify asap. thx a lot!

samantha
 
how do i create a lockfile???

this is the command that i have used to run a scan in the background:

$result = system(&quot;`scan operation`&&quot;);

is this right??? please comfirm. also confirm abt the question before this. thx.

regards
samantha
 
Example code:
Code:
scan.sh:
     1  #!/bin/sh
     2
     3  echo $$ > .lockfile
     4  sleep 30
     5  echo HELLO > results
     6  rm -f .lockfile

scan.pl:
     1  #!/usr/local/metrica/bin/perl -w
     2
     3  my $lockfile = &quot;./.lockfile&quot;;
     4  my $results  = &quot;./results&quot;;
     5  my $refresh  = qq{Content-type: text/html
     6
     7  <meta http-equiv=&quot;refresh&quot; content=&quot;5&quot;>
     8  <html>
     9  <head>
    10  <title>Results</title>
    11  </head>
    12  <body>
    13  };
    14  my $static  = qq{Content-type: text/html
    15
    16  <html>
    17  <head>
    18  <title>Results</title>
    19  </head>
    20  <body>
    21  };
    22
    23  my $tail     = qq{
    24  </body>
    25  </html>
    26  };
    27
    28
    29  if ( -e $lockfile ) {
    30      # A lockfile has been found
    31      # Make sure the process still exists
    32      open( LOCK, $lockfile ) or die;
    33      chomp(my $pid = <LOCK>);
    34      close LOCK;
    35      if( kill 0 => $pid ) {
    36          # Process found
    37          print $refresh;
    38          print qq{<h1>Awaiting results</h1>};
    39          print $tail;
    40
    41      } else {
    42          # Process not found
    43          # Remove the lockfile
    44          unlink $lockfile;
    45          die &quot;Stale lockfile found\n&quot;;
    46      }
    47  }
    48  else {
    49      if( -e $results ) {
    50          # the 'scan' process has created a results file
    51          print $static;
    52          open( RESULTS, $results ) or die;
    53          while(<RESULTS>) {
    54              print;
    55          }
    56          close RESULTS;
    57          unlink $results;
    58          print $tail;
    59      }
    60      else {
    61          print $refresh;
    62          print qq{<h1>Generating results</h1>};
    63          print $tail;
    64          close STDOUT;
    65          system(&quot;scan.sh &&quot;);
    66      }
    67  }
[code]

The scan.sh simulates a process that takes a while to complete. Line 3 echos the current process id number to a lockfile before running the 'scan', and line 6 removes the lockfile after the scan has completed.

Now to explain a few lines in scan.pl:
Lines 5-13 define a header string. This string will cause the browser to request the page again after 5 seconds due to the <meta> tag.

Lines 14-21 define a header string. This string is used to create a static page that is no longer refreshed, once the results of the 'scan' have been generated.

Line 29 checks for existence of a lockfile. If found, then line 35 checks that the process id number in the lockfile is still a valid process (it may have died off without removing the lockfile). If the process is valid, we must be awaiting results, so ouput a message with a 'refresh' header.

Lines 41-46: If the process is not valid, we just die and remove the file (more graceful error checking would be better).

If we do not have a lockfile, then the scan process must have either finished, or not yet run.

Lines 49-59: If a results file is present, print a static page containing this infomation, then remove the results file.

Lines 60-66: Otherwise, we must run the scan process. Here we print a 'generating results message', and then close STDOUT to flush the page across to the broweser. Then we run the process.


Hope this is of some help 8-) Cheers, NEIL
 
none of the ahref statements in this coe r working. could anyone please tell me what the problem is. the file that the link must point to ..exists. thx in advance. its urgent.


#!/usr/bin/perl
%in= &getcgivars ;

print &quot;Content-type: text/html\n\n&quot; ;
print <<EOF ;
<html>
<head><title>SCAN CHOICES</title></head>
<body>
<h1>CHOICES MADE ARE</h1>
<ul>
EOF

foreach $key (keys %in) {
if($in{$key} ne &quot; &quot;)
{
if($key eq &quot;SCANTYPE3&quot; || $key eq &quot;SCANTYPE4&quot; || $key eq &quot;SCANTYPE5&quot;)
{
print &quot;SCANTYPE = $in{$key}&quot;;
}
else
{
print &quot;<li>$key = $in{$key}\n&quot; ;
}
}
}

if ($in{SCANTYPE} ne &quot; &quot;)
{
if($in{SCANTYPE3} ne &quot; &quot; || $in{SCANTYPE4} ne &quot; &quot; || $in{SCANTYPE5} ne &quot; &quot;)
{
print &quot;<p><B>ERROR: </B>Enter a single scan type&quot;;
}
else
{
if(!$in{IP})
{
print &quot;<p><B>No IP address has been entered : </B>&quot;;
print &quot;Scan will be performed on localhost&quot;;
$in{IP}= `localhost`;
}
if(-e &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP/$in{SCANTYPE}.txt&quot;)
{
print &quot;<p><B>This scan has already been performed on $in{IP}</B>&quot;;
print &quot;<p><B>To continue click<B>&quot;;
print a({-href=> &quot;sam1.cgi?IP=$in{IP}&SCANTYPE=$in{SCANTYPE}&quot;},&quot;CONTINUE&quot;);
print &quot;<p><B>To view the results click </B>&quot;;

print a({-href=> &quot;../$in{IP}/NMAP/$in{SCANTYPE}.txt&quot;},&quot; RESULTS&quot;);
}
else
{
print &quot;<p><B>Wait for the scan to complete</B>&quot;;
if(-e &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP&quot;)
{
chdir &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP&quot;;
}
elsif(-e &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}&quot;)
{
chdir &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}&quot;;
mkdir &quot;NMAP&quot;;
chdir &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP&quot;;
}
else
{
chdir &quot;/home/samantha/apache_1.3.17/htdocs&quot;;
mkdir &quot;$in{IP}&quot;;
chdir &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}&quot;;
mkdir &quot;NMAP&quot;;
chdir &quot;/home/samantha/apache_1.3.17/htdocs/$in{IP}/NMAP&quot;;
}
if($in{SCANTYPE} eq &quot;FastScan&quot;)
{
`nmap -F $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;PortScan&quot;)
{
`nmap -sT $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;SYNScan&quot;)
{
`nmap -sS $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;PingScan&quot;)
{
`nmap -sP $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;UDPScan&quot;)
{
`nmap -sU $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;RPCScan&quot;)
{
`nmap -sR $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;NetworkScan&quot;)
{
`nmap -PT $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;SubnetScan&quot;)
{
}
if($in{SCANTYPE} eq &quot;rhostScan&quot;)
{
`nmap -O $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;ridentScan&quot;)
{
`nmap -I $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
if($in{SCANTYPE} eq &quot;ACKScan&quot;)
{
`nmap -sA $in{IP} -oN ./$in{SCANTYPE}.txt`;
}
print &quot;<p></B>To view the results click</B>&quot;;
print a({-href=> &quot;../$in{IP}/NMAP/$in{SCANTYPE}.txt&quot;},&quot;RESULTS&quot;);
}
}
}

print <<EOF ;
</ul>
</body>
</html>
EOF

exit ;

sub getcgivars {
local($in, %in) ;
local($name, $value) ;


# First, read entire string of CGI vars into $in
if ( ($ENV{'REQUEST_METHOD'} eq 'GET') ||
($ENV{'REQUEST_METHOD'} eq 'HEAD') ) {
$in= $ENV{'QUERY_STRING'} ;

} elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
if ($ENV{'CONTENT_TYPE'}=~ m#^application/x- {
$ENV{'CONTENT_LENGTH'}
|| &HTMLdie(&quot;No Content-Length sent with the POST request.&quot;) ;
read(STDIN, $in, $ENV{'CONTENT_LENGTH'}) ;

} else {
&HTMLdie(&quot;Unsupported Content-Type: $ENV{'CONTENT_TYPE'}&quot;) ;
}

} else {
&HTMLdie(&quot;Script was called with unsupported REQUEST_METHOD.&quot;) ;
}

# Resolve and unencode name/value pairs into %in
foreach (split('&', $in)) {
s/\+/ /g ;
($name, $value)= split('=', $_, 2) ;
$name=~ s/%(..)/chr(hex($1))/ge ;
$value=~ s/%(..)/chr(hex($1))/ge ;
$in{$name}.= &quot;\0&quot; if defined($in{$name}) ; # concatenate multiple vars
$in{$name}.= $value ;
}

return %in ;

# Die, outputting HTML error page
# If no $title, use a default title
sub HTMLdie {
local($msg,$title)= @_ ;
$title || ($title= &quot;CGI Error&quot;) ;
print <<EOF ;
Content-type: text/html

<html>
<head>
<title>$title</title>
</head>
<body>
<h1>$title</h1>
<h3>$msg</h3>
</body>
</html>
EOF

exit ;
}


regards
samantha
 
could someone please answer the previous question...i have another question...how do i get the &quot;remote user&quot; who accesses a particular script. this variable does not seem to be a part of $ENV. also when i execute the script from the cgi-bin directory itself it contains variables like &quot;REMOTEHOST&quot; and &quot;USER&quot; which is exactly what i want...but i need them even when the script is being accessed from elsewhere. the web-server i am using is Apache and authentication has been activated...which means that the &quot;remote user&quot; variable should exist. could someone please tell me whats happening. thx a lot.

regards
samantha
 
Are you developing with your own server? If so, there should be some access/error logs you could check to see what is happenning. For example, since this script to generate the HTML probably resides in cgi-bin, all the hrefs should be relative to that directory. Try using absolute paths to the file, as a full URL( http and all ). If your server allows aliases, then you can have:

Alias /html/ &quot;/some/path/to/html/&quot;
Alias /images/ &quot;/some/path/to/images/&quot;
ScriptAlias /cgi-bin/ &quot;/some/path/to/cgi-files/&quot;

Then your hrefs need only start with &quot;/html/hello.html&quot; or &quot;/cgi-bin/process.pl&quot;

Hope this helps, Cheers NEIL s-)
 
I think toolkit probably has it right - you need to make your references absolute, although I don't know it you need the &quot; part.

As for getting the username, here's some code that might work:
Code:
sub GetLogon {

my($authtype,$authstring) = split(' ', $ENV{'HTTP_AUTHORIZATION'});

return &quot;unknown&quot; unless $authtype =~ /basic/i;

# We COULD use the following two lines, but it would include
# code that we don't really need much.

#use MIME::Base64 ();
#$decoded = MIME::Base64::decode($encoded);

# The following code comes from perlfaq9

$authstring =~ tr[A-Za-z0-9+/][]cd; # remove non-base64 chars
$authstring =~ tr[A-Za-z0-9+/][ -_]; # convert to uuencoded format
$len = pack(&quot;c&quot;, 32 + 0.75*length($authstring)); # compute length byte
my $authstring = unpack(&quot;u&quot;, $len . $authstring); # uudecode and print

# Now we have userid:password. 
my ($user,$pswd) = split(':', $authstring);

return ($user,$pswd);

} # GetLogon
Note that if this works it will give you the userid and password in plaintext. Which means the authentication method isn't very secure. The only reason I don't worry about posting this is because I got the code out of the perl faqs, so it's not a secret. Tracy Dryden
tracy@bydisn.com

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
 
Tracy....i tried the code that u gave me but it always returns unknown.
This is my htacces file...could u please tell me what is wrong. thx a lot.

authtype Basic
authname &quot;RESTRICTED--ENTER USERNAME AND PASSWORD&quot;
AuthUserFile /home/samantha/apache_1.3.17/htdocs/.htpasswd
require valid-user



Regards
samantha

 
Undefined subroutine &main::a called at /home/samantha/apache_1.3.17/cgi-bin/sam2.cgi line 119.


This is the error that is being generated even after i have changed the path to an absolute path. the link does not even get displayed on the screen. before i changed it to the absolut path also i was getting the same output...i.e the link was not even displayed on the screen. does anyone know whats wrong.

do u have an answet to my previous question tracy...if so please reply. thx a lot for your help.

Regards
samantha
 
Aha,

You have not imported the CGI.pm package, in which a() is defined. Try adding the following line near the top of your code:

use CGI qw( :all );

This should fix it. Try perldoc CGI to find out more information abot this package.

Cheers, Neil
 
thx Neil...that worked perfect...

Tracy....i tried the code that u gave me but it always returns unknown.
This is my htacces file...could u please tell me what is wrong. thx a lot.

authtype Basic
authname &quot;RESTRICTED--ENTER USERNAME AND PASSWORD&quot;
AuthUserFile /home/samantha/apache_1.3.17/htdocs/.htpasswd
require valid-user



Regards
samantha
 
hi...now i have to do whatever i have done so far for WIN NT...could someone please tell me how i can run a windows command from within a perl-cgi script. for example..if i have to run C:\Program Files\scanners\strobe.exe
how do i do this?? please help.

Regards
samantha
 
Samantha, somehow I didn't see your last question, which is why I hadn't answered it. Your .htaccess file looks ok to me, though I'm not an expert at that sort of thing.

As for running a command from a script, you can use the system command, or you can use backtics. The system command returns just a numeric return code (0 is successful), while the backtics return an array of the lines of output from the command. Here's an example of each:
Code:
$retcode = system(&quot;C:\Program Files\scanners\strobe.exe&quot;);
@data = `C:\Program Files\scanners\strobe.exe`;
Tracy Dryden
tracy@bydisn.com

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
 
thx a lot..i'll trythat.what i'm trying to do now is compare 2 files. this is the code that i am using.

$file3 = &quot;file3.txt&quot;;
open(F1, &quot;+>$file3&quot;);
@lines3 = (<F1>);
foreach $i (0..$#lines3)
{
print F1 &quot; &quot;;
}
$file1 = &quot;file1.txt&quot;;
open(F, &quot;$file1&quot;) or die &quot;Can't open $file1: $!\n&quot;;
@lines1 = (<F>);
close(F);
$file2 = &quot;file2.txt&quot;;
open(F, &quot;$file2&quot;) or die &quot;Can't open $file2: $!\n&quot;;
@lines2 = (<F>);
close(F);
foreach $i (0..$#lines1) {
$match = grep /$lines1[$i]/, @lines2;
if($match < 1 ) {
chomp($lines1[$i]);
print F1 &quot;$lines1[$i] does not exist in file 2\n&quot;;
print F1 &quot;\n&quot;;
}
}
foreach $i (0..$#lines2) {
$match = grep /$lines2[$i]/, @lines1;
if ($match < 1 ) {
chomp($lines2[$i]);
print F1 &quot;$lines2[$i] does not exist in file 1\n&quot;;
print F1 &quot;\n&quot;;
}
}

both the files have the same content. this is what they contain


<HTML>
<HEAD>
<title> Host Tables - By Database </title>
<LINK REV=&quot;made&quot; HREF=&quot;mailto:satan@fish.com&quot;>
<LINK REV=&quot;made&quot; HREF=&quot;mailto:sara@arc.com&quot;>
</HEAD>
<H2>Security Auditor's Research Assistant (SARA) Professional (PRO)
Report Writer</H2>
<a href=&quot;/sara.html&quot;> Back to the start page </a> |
<a href=&quot;/reporting/analysis.pl&quot;> Back to Reporting and Analysis </a><HR>
<HTML>

<HEAD>

<META HTTP-EQUIV=&quot;Content-Type&quot; CONTENT=&quot;text/html; charset=windows-1252&quot;>

<TITLE>SARA Scan Results</TITLE>

</HEAD>

<BODY LINK=&quot;#0000ff&quot;>

<FONT SIZE=2>16 August 2001
<BR>

<i>place document number here</i>

<PRE> </PRE>

<H4 ALIGN=&quot;CENTER&quot;>SARA Scan Results of sara-data</H4>

<PRE> </PRE>

<B>INTRODUCTION</B>

<PRE> </PRE>

<P>Advanced Research Corporation &reg; was tasked to perform a Security Auditor's Research Assistant (SARA) security scan on hosts on the sara-data sub-nets. The SARA scan was performed to identify potential security vulnerabilities in the sara-data sub-domain. The SARA scan was completed on 2001/08/16 and its scan mode was set to heavy. The

version of SARA was Version 3.4.8a
.
<PRE> </PRE>

<B>DISCUSSION</B>

<PRE> </PRE>

SARA is a third generation security analysis tool that analyzes network-based services on the target computers. SARA classifies a detected service in one of five categories:

<PRE> </PRE>

<UL>

<LI>Green:&#9;&#9;Services found that were not exploitable

<LI>None:&#9;&#9;No services or vulnerabilities

<LI>Red:&#9;&#9;Services with potentially severe exploits (account compromise)

<LI>Yellow:&#9;&#9;Services with potentially serious exploits found (data compromise)
<LI>Brown:&#9;&#9;Possible security problems.

</UL>

<PRE> </PRE>

A total of 127 devices were detected of which 53 are

possibly vulnerable. Figure 1 summarizes this scan by color where the <I>Green</I> bar indicates hosts with no detected vulnerabilities. <I>None</I> indicates hosts with no services. The <I>Red</I> bar indicates hosts that have one or more red vulnerabilities. The <I>Yellow</I> bar indicates hosts that have one or more yellow vulnerabilities (but no red). And the <I>Brown</I> bar indicates hosts that have one or more brown problems (but no red or yellow)

<PRE> </PRE>

<TABLE BORDER=0><TR><TD width=&quot;50&quot;>Green</TD><TD width=&quot;220&quot; BGCOLOR=&quot;Green&quot;>&nbsp;</TD><TD>56</TD></TR></TABLE>
<TABLE BORDER=0><TR><TD width=&quot;50&quot;>None</TD><TD width=&quot;71&quot; BGCOLOR=&quot;#808080&quot;>&nbsp;</TD><TD>18</TD></TR></TABLE>
<TABLE BORDER=0><TR><TD width=&quot;50&quot;>Red</TD><TD width=&quot;110&quot; BGCOLOR=&quot;RED&quot;>&nbsp;</TD><TD>28</TD></TR></TABLE>

but i am not getting the right output. it says there r differences between the 2 files. this is the output given.

<H2>Security Auditor's Research Assistant (SARA) Professional (PRO) does not exist in file 2

<P>Advanced Research Corporation &reg; was tasked to perform a Security Auditor's Research Assistant (SARA) security scan on hosts on the sara-data sub-nets. The SARA scan was performed to identify potential security vulnerabilities in the sara-data sub-domain. The SARA scan was completed on 2001/08/16 and its scan mode was set to heavy. The does not exist in file 2

<LI>Red:&#9;&#9;Services with potentially severe exploits (account compromise) does not exist in file 2

<LI>Yellow:&#9;&#9;Services with potentially serious exploits found (data compromise) does not exist in file 2

possibly vulnerable. Figure 1 summarizes this scan by color where the <I>Green</I> bar indicates hosts with no detected vulnerabilities. <I>None</I> indicates hosts with no services. The <I>Red</I> bar indicates hosts that have one or more red vulnerabilities. The <I>Yellow</I> bar indicates hosts that have one or more yellow vulnerabilities (but no red). And the <I>Brown</I> bar indicates hosts that have one or more brown problems (but no red or yellow) does not exist in file 2

<H2>Security Auditor's Research Assistant (SARA) Professional (PRO) does not exist in file 1

<P>Advanced Research Corporation &reg; was tasked to perform a Security Auditor's Research Assistant (SARA) security scan on hosts on the sara-data sub-nets. The SARA scan was performed to identify potential security vulnerabilities in the sara-data sub-domain. The SARA scan was completed on 2001/08/16 and its scan mode was set to heavy. The does not exist in file 1

<LI>Red:&#9;&#9;Services with potentially severe exploits (account compromise) does not exist in file 1

<LI>Yellow:&#9;&#9;Services with potentially serious exploits found (data compromise) does not exist in file 1

possibly vulnerable. Figure 1 summarizes this scan by color where the <I>Green</I> bar indicates hosts with no detected vulnerabilities. <I>None</I> indicates hosts with no services. The <I>Red</I> bar indicates hosts that have one or more red vulnerabilities. The <I>Yellow</I> bar indicates hosts that have one or more yellow vulnerabilities (but no red). And the <I>Brown</I> bar indicates hosts that have one or more brown problems (but no red or yellow) does not exist in file 1

could someone please tell me what is going wrong here. thx a lot.

Regards
samantha


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top