Portfall: Ubuntu, ZMap, and PHP fun!

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
This is an early preview of what the Portfall project has coming soon.

@Lipaydi and I ( @Asphyxia ) are working jointly to speedily develop open source security tools in the PHP language.

Due to simplicity I will be deploying and developing this via Ubuntu for beta, when we are ready - we will have a CentOS release for stable.

Bash:
apt update
apt upgrade -y
apt install apache2 php unzip zmap -y
cd /var/www/html
wget https://github.com/Sovietgate/R4P3/raw/master/phpseclib1.0.16.zip
unzip phpseclib1.0.16.zip
nano portfall.php


Toss this within portfall.php and save:
PHP:
<pre>
<form action="portfall.php" method="GET">
<p>Port<br><input type="text" name="port"></p>
<p>Results<br><input type="text" name="resultMax"></p>
<input type="submit" value="Scan">
</form>
<hr>
<?php
if(isset($_GET['port']) && isset($_GET['resultMax']))
{
$port = intval($_GET['port']);
$resultMax = intval($_GET['resultMax']);

include('Net/SSH2.php');

$ssh = new Net_SSH2('localhost');
if (!$ssh->login('root', 'N4n@32x7X+')) {
    exit('Login Failed');
}

function packet_handler($str)
{
    echo $str;
    flush();
    ob_flush();
}

$ssh->exec('zmap -p '.$port.' -N '.$resultMax, 'packet_handler');
}

?>
</pre>

Now you should be able to load portfall.php and you will notice when you click 'Scan', results will begin showing in real-time.

If a large enough scan is executed, you may need to adjust the phpseclib timeout via:
Code:
$ssh->setTimeout(0); //should disable timeout
$ssh->setTimeout(100); //should timeout in 100 seconds

Caution: You are responsible for launching port scans. Please be responsible!

Screenshot
2193

---

For an example of what you can do with Nmap:
Code:
apt install nmap -y
nano nmap.php


Paste this inside nmap.php for scanning yourself:
PHP:
<pre>
<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('localhost');
if (!$ssh->login('root', 'N4n@32x7X+QFa1XS')) {
    exit('Login Failed');
}

function packet_handler($str)
{
    echo $str;
    flush();
    ob_flush();
}

$ssh->exec('nmap localhost -v', 'packet_handler');
?>
</pre>

Keep in mind you may change "nmap localhost" to "nmap 192.168.1.*" for example, to scan your local network. For the purpose of parsing, you may want to write the scans out to a file like:
-oX test.xml :: writes in XML format
-oN test.txt :: writes out a text file
-oG test.txt :: greppable as results are written out by line

Also, Nmap has built-in scripts within /usr/share/nmap/scripts/.

Code:
<pre>
<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('localhost');
if (!$ssh->login('root', 'N4n@32x7X+QFa1XS')) {
    exit('Login Failed');
}

echo $ssh->exec('ls /usr/share/nmap/scripts/');
echo "<hr>";
echo $ssh->exec('nmap --script-help teamspeak2-version.nse');
?>
</pre>

An example of fetching help for the plugins is shown above.

... more coming soon.
 
Last edited:
Top