v0.6-dev

README.md

@@ -5,4 +5,9 @@ add alias to .zshrc or .basrc
     `alias nmap="/var/www/html/nmaprincesspi/nmap-script.sh"`
   
 manuual  
-    `nmap -oX /var/www/html/nmaprincesspi/scans/FILENMAME.xml --stylesheet /nmaprincesspi/xsl/princesspi-nmap.xsl`
+    `nmap -oX /var/www/html/nmaprincesspi/scans/FILENMAME.xml --stylesheet /nmaprincesspi/xsl/princesspi-nmap.xsl`
+
+Designed to run on apache2 and php
+
+need to make a .htpasswd file and put it somewhere  
+    https://www.web2generators.com/apache-tools/htpasswd-generator

changelog.txt

@@ -18,4 +18,10 @@ v0.4-dev
 v0.5-dev
     added csrf protection
     bug fixes
-    layout improvements
+    layout improvements
+
+v0.6-dev
+    added basic html auth (apache2)
+    cleaned up code
+    added nmap reference link
+    open xml and nmap reference links in new tab

css/nmaprincesspi.css

@@ -26,6 +26,12 @@ body {
     background-repeat: no-repeat;
 }
 
+#stickymenu {
+    position: fixed;
+    right: 0;
+    bottom: 0;
+}
+
 h1.title {
     color: #800080;
 	font-size: 3em;

index.php

@@ -16,18 +16,21 @@ foreach($scans as $scan) {
     <link rel="stylesheet" href="css/nmaprincesspi.css">
     <script src="js/nmaprincesspi.js"></script>
     <link rel="icon" type="css/img/" href="css/img/favicon.ico">
-    <title>Princess Pi's Magical Nmapprincesspi Thingy!</title>
+    <title>Princess Pi's Magical Nmaprincesspi!</title>
 </head>
 <body>
-    <h1>Princess Pi's Magical Nmapprincesspi Thingy!</h1>
-        <label for="nmapcmd">nmap command</label>
+    <h1>Princess Pi's Magical Nmaprincesspi!</h1>
+    <a name="top">&nbsp;</a>
         <br>
-        <input type="text" id="nmapcmd" name="nmapcmd">
-        <input type="hidden" name="nonce" id="nonce" value="<?php echo $nonce; ?>">
-        <input type="button" onclick="runNmapScan()" value="Go, Baby, Go!">
+        <form id="cmdform">
+            <label for="nmapcmd">nmap command</label>
+            <input type="text" id="nmapcmd" name="nmapcmd">
+            <input type="hidden" name="nonce" id="nonce" value="<?php echo $nonce; ?>">
+            <input type="submit" value="Go, Baby, Go!">
+        </form>
         <br>
         <br>
-        <span class="fakelink" id="showlist" onclick="toggleShow('scanlist', 'showlist', 'Hide Previous Scans', 'Show Previous Scans')">Show Previous Scans</span>
+        <span class="fakelink" id="showlist">Show Previous Scans</span> | <a href="https://nmap.org/book/man.html" target="_blank">Nmap Reference</a>
         <br><br>
         <p class="hidden" id="link"></p>
         <div id="scanlist" class="hidden">
@@ -38,5 +41,9 @@ foreach($scans as $scan) {
         <p>Progress<br>
         <pre id="progressbox"></pre>
         </div>
+        <div id="stickymenu">
+            <a href="#top">Top</a> | <a href="#bottom">Bottom</a>
+        </div>
+        <a name="bottom">&nbsp;</a>
 </body>
 </html>

js/nmaprincesspi.js

@@ -11,25 +11,24 @@ function getID(ID) {
 
 function toggleShow(ID, htmlUpdateID=false, htmlUpdateShowing=false, htmlUpdateHidden=false) {
     let elemClasses = getID(ID).classList;
+    var updating = false;
 
     if(htmlUpdateID !== false && htmlUpdateShowing !== false && htmlUpdateHidden !== false) {
-        const updating = true;
-        updateElem = getID(htmlUpdateID).innerHTML;
-    } else {
-        const updating = false;
-    }
+        updating = true;
+        var updateElem = getID(htmlUpdateID);
+    } 
 
     if(elemClasses.contains('hidden')) {
         elemClasses.remove('hidden');
 
-        if(updating) {
-            updateElem = htmlUpdateShowing;
+        if(updating === true) {
+            updateElem.innerHTML = htmlUpdateShowing;
         }
     } else {
         elemClasses.add('hidden');
 
-        if(updating) {
-            updateElem = htmlUpdateHidden;
+        if(updating === true) {
+            updateElem.innerHTML = htmlUpdateHidden;
         }
     }
 }
@@ -104,7 +103,7 @@ function xhrRunNmapScan(xhrRet) {
         clearInterval(pollInterval);
     }
 
-    getID('link').innerHTML = '<a href="'+xhrJson.webName+'">Scan Report ('+xhrJson.webName+')</a>';
+    getID('link').innerHTML = '<a href="'+xhrJson.webName+'" target="_blank">Scan Report ('+xhrJson.webName+')</a>';
     getID('link').style.display = "inline";
 
     getID('progressbox').innerHTML = '';
@@ -133,3 +132,17 @@ function runNmapScan() {
     doXhr('run_scan.php', xhrRunNmapScan, 'POST', postData);
 }
 
+/* listeners */
+window.onload = function() {
+    let cmdform = getID('cmdform');
+    let showlist = getID('showlist');
+
+    cmdform.addEventListener('submit', function(event) {
+        event.preventDefault(); // prevents loading new page
+        runNmapScan();
+    });
+
+    showlist.addEventListener('click', function(event) {
+        toggleShow('scanlist', 'showlist', 'Hide Previous Scans', 'Show Previous Scans');
+    });
+}

todo.txt

@@ -7,19 +7,25 @@ x bug on second scan in progress pre
 error handling
     nmap fail
     php script fail
-    input validation fail
-containerize
+    x input validation fail
+    x csrf validation fail
+    xhr fail
+"finished" notification by parsing xml for end bits
+keep alive check with ps aux type thingggg
 x scans listing
 x clear scans buttons
 x work on scans filename?
 fix perms
-auth system
+x auth system
 input/output validation
     x escapeshellcmd
 layout
     collums
     do not show scan list text when empty
     figure out some kinda command ran for anchor text on previous scans
+        by parsing xml fmmmm
+    autoscroll
+        floating "top" button
 work on princesspi-nmap.xsl
     clean up
     minimize stuff
@@ -27,4 +33,10 @@ work on princesspi-nmap.xsl
     make prettier
         green class
         padding on table items
-        centering text on table headers
+        centering text on table headers
+containerize
+    nmap docker?
+        perms?
+            script with sticky bit?
+    custom docker?
+    docker inside docker?

version.txt

@@ -1 +1 @@
-v0.5-dev
+v0.6-dev