问题
I would like to call Nmap from PHP.
IF I do that :
exec('nmap', $output);
var_dump( $output );
It works, I get the classic "Usage of Nmap" text.
But as soon as I tried to run an UDP check like
exec('nmap -p 586 -sU xx.xx.xx.xx', $output);
var_dump( $output );
It don't work anymore, with no output.
What am I missing?
Regards
回答1:
Important notice: NMAP is not fully functional with the webservers user (apache, www-data, ...).
Only root can do everything with NMAP.
I'd use popen().
$stream = popen('/usr/bin/nmap -p 586 -sU xx.xx.xx.xx', 'r');
while (!feof($stream)) {
//Make sure you use semicolon at the end of command
$buffer = fread($stream, 1024);
echo $buffer, PHP_EOL;
}
pclose($stream);
Or worth trying:
// Start output buffering
ob_start();
// Flush COMPLETE output of nmap
fpassthru('/usr/bin/nmap -p 586 -sU xx.xx.xx.xx');
// Capture output buffer contents
$output = ob_get_contents();
// Shutdown output buffers
ob_end_clean();
回答2:
Certain Nmap features require root privileges to run. -sU UDP port scanning is one of these. On Linux, the full list is:
-sUUDP port scans-sSTCP SYN scans-sA/W/M/N/F/XTCP scans with various flags-PE/PP/PMICMP host discovery probes-sOIP Protocol scans-sY/ZSCTP scans-OOS detection--traceroutetracerouting- Pretty much all the IDS evasion options
Needless to say, it's probably NOT A GOOD IDEA to let your web server run Nmap commands as root. I also caution you to be very strict about what user input you let into the Nmap command line. Lots of Nmap features can be abused to execute arbitrary functions.
回答3:
Try using the backtick operator (`) to run Nmap. That will return the output into a variable. So:
$output = `nmap -p 586 -sU xx.xx.xx.xx`;
More on the backtick operator: http://php.net/manual/en/language.operators.execution.php
来源:https://stackoverflow.com/questions/25429527/how-to-use-nmap-in-php-exec