From 984d5df7c79a889b289534c6b49063d2aead03d8 Mon Sep 17 00:00:00 2001
From: hPrnicessPi3 <human.bagel@gmail.com>
Date: Thu, 15 May 2025 19:14:32 -0600
Subject: [PATCH] v0.5-dev

---
 changelog.txt       |  7 ++++++-
 index.php           | 20 +++++++++++++-------
 js/nmaprincesspi.js |  7 ++++---
 run_clear_scans.php |  4 ++++
 run_scan.php        |  4 +++-
 scripts/run_scan.sh |  2 +-
 version.txt         |  2 +-
 7 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/changelog.txt b/changelog.txt
index 2cdada6..1058f26 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -13,4 +13,9 @@ v0.3-dev
 v0.4-dev
     bug fixes
     layout improvements
-    efficiency improvements
\ No newline at end of file
+    efficiency improvements
+
+v0.5-dev
+    added csrf protection
+    bug fixes
+    layout improvements
\ No newline at end of file
diff --git a/index.php b/index.php
index 789b329..fdf2309 100644
--- a/index.php
+++ b/index.php
@@ -1,4 +1,8 @@
 <?php
+session_start();
+$nonce = hash('sha256', microtime() . rand(1000000, 9999999));
+$_SESSION['nonce'] = $nonce;
+
 $dir = './scans';
 $scans = array_diff(scandir($dir), array('..', '.')); # silly method to remove the . and ..
 foreach($scans as $scan) {
@@ -12,13 +16,14 @@ foreach($scans as $scan) {
     <link rel="stylesheet" href="css/nmaprincesspi.css">
     <script src="js/nmaprincesspi.js"></script>
     <link rel="icon" type="css/img/" href="css/img/favicon.ico">
-    <title>Princess Pi's Magical Nmap Web Thingy! (nmaprincesspi)</title>
+    <title>Princess Pi's Magical Nmapprincesspi Thingy!</title>
 </head>
 <body>
-    <h1>Princess Pi's Magical Nmap Web Thingy! (nmapprincesspi)</h1>
+    <h1>Princess Pi's Magical Nmapprincesspi Thingy!</h1>
         <label for="nmapcmd">nmap command</label>
         <br>
         <input type="text" id="nmapcmd" name="nmapcmd">
+        <input type="hidden" name="nonce" id="nonce" value="<?php echo $nonce; ?>">
         <input type="button" onclick="runNmapScan()" value="Go, Baby, Go!">
         <br>
         <br>
@@ -26,11 +31,12 @@ foreach($scans as $scan) {
         <br><br>
         <p class="hidden" id="link"></p>
         <div id="scanlist" class="hidden">
-        <p><a href="run_clear_scans.php">Delete All Old Scans</a></p>
-        <p>Progress<br><?php echo $scanList; ?></p>
+        <p><a href="run_clear_scans.php?nonce=<?php echo $nonce; ?>">Delete All Old Scans</a></p>
+        <p><?php echo $scanList; ?></p>
+        </div>
+        <div class="hidden" id="progress">
+        <p>Progress<br>
+        <pre id="progressbox"></pre>
         </div>
-        <br>
-        <br>
-        <pre class="hidden" id="progress"></pre>
 </body>
 </html>
\ No newline at end of file
diff --git a/js/nmaprincesspi.js b/js/nmaprincesspi.js
index eca4dd3..6acf8b0 100644
--- a/js/nmaprincesspi.js
+++ b/js/nmaprincesspi.js
@@ -107,7 +107,7 @@ function xhrRunNmapScan(xhrRet) {
     getID('link').innerHTML = '<a href="'+xhrJson.webName+'">Scan Report ('+xhrJson.webName+')</a>';
     getID('link').style.display = "inline";
 
-    getID('progress').innerHTML = '';
+    getID('progressbox').innerHTML = '';
     getID('progress').style.display = 'none';
 
     pollFile(xhrJson.runningLog);
@@ -115,8 +115,8 @@ function xhrRunNmapScan(xhrRet) {
 
 function xhrPollFile(xhrRet) {
     let xhrResponseText = xhrRet.target.responseText;
-    getID('progress').innerHTML = xhrResponseText;
     getID('progress').style.display = "block";
+    getID('progressbox').innerHTML = xhrResponseText;
 }
 
 function pollFile(runningLog) {
@@ -127,7 +127,8 @@ function pollFile(runningLog) {
 
 function runNmapScan() {
     let nmapcmd = getID('nmapcmd').value;
-    let postData = 'nmapcmd='+encodeURIComponent(nmapcmd);
+    let nonce = getID('nonce').value;
+    let postData = 'nmapcmd='+encodeURIComponent(nmapcmd)+'&nonce='+nonce;
 
     doXhr('run_scan.php', xhrRunNmapScan, 'POST', postData);
 }
diff --git a/run_clear_scans.php b/run_clear_scans.php
index fce28af..c261ea1 100644
--- a/run_clear_scans.php
+++ b/run_clear_scans.php
@@ -1,4 +1,8 @@
 <?php
+session_start();
+
+if($_GET['nonce'] !== $_SESSION['nonce']) { die('csrf validation failed'); }
+
 $scansDir = './scans';
 $logsDir = './logs';
 
diff --git a/run_scan.php b/run_scan.php
index bd4daa5..7458f4a 100644
--- a/run_scan.php
+++ b/run_scan.php
@@ -1,5 +1,7 @@
 <?php
-    if(empty($_POST['nmapcmd'])) { die("nmapcmd POST var not found"); }
+    session_start();
+    if(empty($_POST['nmapcmd']) || empty($_SESSION['nonce'])) { die("POST var(s) not found"); }
+    if($_POST['nonce'] !== $_SESSION['nonce']) { die('csrf validation failed'); }
     
     $cleannmapcmd = escapeshellcmd($_POST['nmapcmd']);
 
diff --git a/scripts/run_scan.sh b/scripts/run_scan.sh
index 60d9c26..3136b94 100755
--- a/scripts/run_scan.sh
+++ b/scripts/run_scan.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 runningLog="$(date +%Y%m%d%H%M%S)-$RANDOM.log"
-eval "$* 2>>logs/error.log 1>logs/$runningLog&"
+eval "$* 2>>logs/error.log 1>>logs/$runningLog&"
 echo "/nmaprincesspi/logs/$runningLog"
\ No newline at end of file
diff --git a/version.txt b/version.txt
index aa63509..21af665 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-v0.3-dev
\ No newline at end of file
+v0.5-dev
\ No newline at end of file