Add yet another Nmap example, ideal to be consumed by browser

I intend to replace the nmap-streaming.pow example with this one. I've realized that nmap-streaming.pow is not actually a streaming example, since Nmap won't write its output(s) until scan is finished, and hence, kapow will serve them in one shot. Check it out, @nilp0inter, @cr0hn.
2019-10-25 08:14:38 +02:00
parent a54c6f24a1
commit 56876335b7
2 changed files with 96 additions and 0 deletions
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="UTF-8">
+        <title>Nmap</title>
+        <style type="text/css">
+         .wrap {
+             width: 800px;
+             margin: 0 auto;
+         }
+        </style>
+    </head>
+    <body>
+        <form id="nmap-params" method="post" action="nmap.xml">
+            <fieldset>
+                <legend>Nmap parameters</legend>
+                <div>
+                    <label for="target_spec">Target Specification:</label>
+                    <input name="target_spec" type="text" placeholder="ip, domain, network, range" value="127.0.0.1" required autofocus>
+                    <p>
+                        Can pass hostnames, IP addresses, networks, etc. e.g.:
+                        scanme.nmap.org, microsoft.com/24, 192.168.0.1;
+                        10.0.0-255.1-254
+                    </p>
+                </div>
+                <div>
+                    <label for="port_ranges">Port Ranges:</label>
+                    <input name="port_ranges" type="text" placeholder="port, range, list" value="8080" required>
+                    <p>
+                        Only scan specified ports. e.g.: 22; 1-65535;
+                        U:53,111,137,T:21-25,80,139,8080,S:9
+                    </p>
+                </div>
+                <div>
+                    <input name="scan" type="submit" value="Scan">
+                    <input name="reset" type="reset" value="Reset">
+                </div>
+            </fieldset>
+        </form>
+    </body>
+</html>
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+#
+# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Nmap produces an XML report, suitable for rendering in a web browser
+#
+
+# Call examples:
+#
+# $ browser http://localhost:8080
+#
+# $ curl -v http://localhost:8080/nmap.xml -d 'target_spec=127.0.0.1&port_ranges=9000'
+#
+
+kapow route add -X GET / - <<-'EOF'
+	cat nmap.html | kapow set /response/body
+EOF
+
+kapow route add -X GET /nmap.xsl - <<-'EOF'
+	curl --silent https://svn.nmap.org/nmap/docs/nmap.xsl	\
+	| kapow set /response/body
+EOF
+
+kapow route add -X POST /nmap.xml - <<-'EOF'
+
+	TARGET_SPEC=$(kapow get /request/form/target_spec)
+	: ${TARGET_SPEC:=127.0.0.1}
+
+	PORT_RANGES=$(kapow get /request/form/port_ranges)
+	: ${PORT_RANGES:=8080}
+
+	nmap					\
+		-Pn				\
+		-n				\
+		-p "$PORT_RANGES"		\
+		-oX -				\
+		--stylesheet /nmap.xsl		\
+		"$TARGET_SPEC"			\
+	| kapow set /response/body
+EOF