v0.5-dev

changelog.txt

@@ -13,4 +13,9 @@ v0.3-dev
 v0.4-dev
     bug fixes
     layout improvements
-    efficiency improvements
+    efficiency improvements
+
+v0.5-dev
+    added csrf protection
+    bug fixes
+    layout improvements

index.php

@@ -1,4 +1,8 @@
 <?php
+session_start();
+$nonce = hash('sha256', microtime() . rand(1000000, 9999999));
+$_SESSION['nonce'] = $nonce;
+
 $dir = './scans';
 $scans = array_diff(scandir($dir), array('..', '.')); # silly method to remove the . and ..
 foreach($scans as $scan) {
@@ -12,13 +16,14 @@ foreach($scans as $scan) {
     <link rel="stylesheet" href="css/nmaprincesspi.css">
     <script src="js/nmaprincesspi.js"></script>
     <link rel="icon" type="css/img/" href="css/img/favicon.ico">
-    <title>Princess Pi's Magical Nmap Web Thingy! (nmaprincesspi)</title>
+    <title>Princess Pi's Magical Nmapprincesspi Thingy!</title>
 </head>
 <body>
-    <h1>Princess Pi's Magical Nmap Web Thingy! (nmapprincesspi)</h1>
+    <h1>Princess Pi's Magical Nmapprincesspi Thingy!</h1>
         <label for="nmapcmd">nmap command</label>
         <br>
         <input type="text" id="nmapcmd" name="nmapcmd">
+        <input type="hidden" name="nonce" id="nonce" value="<?php echo $nonce; ?>">
         <input type="button" onclick="runNmapScan()" value="Go, Baby, Go!">
         <br>
         <br>
@@ -26,11 +31,12 @@ foreach($scans as $scan) {
         <br><br>
         <p class="hidden" id="link"></p>
         <div id="scanlist" class="hidden">
-        <p><a href="run_clear_scans.php">Delete All Old Scans</a></p>
+        <p><a href="run_clear_scans.php?nonce=<?php echo $nonce; ?>">Delete All Old Scans</a></p>
-        <p>Progress<br><?php echo $scanList; ?></p>
+        <p><?php echo $scanList; ?></p>
+        </div>
+        <div class="hidden" id="progress">
+        <p>Progress<br>
+        <pre id="progressbox"></pre>
         </div>
-        <br>
-        <br>
-        <pre class="hidden" id="progress"></pre>
 </body>
 </html>

js/nmaprincesspi.js

@@ -107,7 +107,7 @@ function xhrRunNmapScan(xhrRet) {
     getID('link').innerHTML = '<a href="'+xhrJson.webName+'">Scan Report ('+xhrJson.webName+')</a>';
     getID('link').style.display = "inline";
 
-    getID('progress').innerHTML = '';
+    getID('progressbox').innerHTML = '';
     getID('progress').style.display = 'none';
 
     pollFile(xhrJson.runningLog);
@@ -115,8 +115,8 @@ function xhrRunNmapScan(xhrRet) {
 
 function xhrPollFile(xhrRet) {
     let xhrResponseText = xhrRet.target.responseText;
-    getID('progress').innerHTML = xhrResponseText;
     getID('progress').style.display = "block";
+    getID('progressbox').innerHTML = xhrResponseText;
 }
 
 function pollFile(runningLog) {
@@ -127,7 +127,8 @@ function pollFile(runningLog) {
 
 function runNmapScan() {
     let nmapcmd = getID('nmapcmd').value;
-    let postData = 'nmapcmd='+encodeURIComponent(nmapcmd);
+    let nonce = getID('nonce').value;
+    let postData = 'nmapcmd='+encodeURIComponent(nmapcmd)+'&nonce='+nonce;
 
     doXhr('run_scan.php', xhrRunNmapScan, 'POST', postData);
 }

run_clear_scans.php

@@ -1,4 +1,8 @@
 <?php
+session_start();
+
+if($_GET['nonce'] !== $_SESSION['nonce']) { die('csrf validation failed'); }
+
 $scansDir = './scans';
 $logsDir = './logs';
 

run_scan.php

@@ -1,5 +1,7 @@
 <?php
-    if(empty($_POST['nmapcmd'])) { die("nmapcmd POST var not found"); }
+    session_start();
+    if(empty($_POST['nmapcmd']) || empty($_SESSION['nonce'])) { die("POST var(s) not found"); }
+    if($_POST['nonce'] !== $_SESSION['nonce']) { die('csrf validation failed'); }
     
     $cleannmapcmd = escapeshellcmd($_POST['nmapcmd']);
 

scripts/run_scan.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 runningLog="$(date +%Y%m%d%H%M%S)-$RANDOM.log"
-eval "$* 2>>logs/error.log 1>logs/$runningLog&"
+eval "$* 2>>logs/error.log 1>>logs/$runningLog&"
 echo "/nmaprincesspi/logs/$runningLog"

version.txt

@@ -1 +1 @@
-v0.3-dev
+v0.5-dev