nicholas/showcase
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added index.php

Browse Source
This commit is contained in:
nicholasmanios
2020-03-19 16:21:32 -04:00
parent f695b6d004
commit 9366563bd7
1 changed files with 203 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

203
CROWLEY/testssl/index.php Normal file
View File

@@ -0,0 +1,203 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?php
// page logic. no error checking, relying on HTML5 page validation for now (dangerous, but I'm the one using it...)
// vars
$server = $port = $starttls = $starttlsType = "";
$serverError = $portError = $starttlsError = $starttlsTypeError = "";
$cmdError = 0;
$serverRegex = "(((^|\.)((25[0-5])|(2[0-4]\d)|(1\d\d)|([1-9]?\d))){4})|(^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9]))$";
$portRegex = "^([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6])$";
$startDict = array(
'[m[1;30m' => '<span style="color:black">',
'[m[1;31m' => '<span style="color:red">',
'[m[1;32m' => '<span style="color:green">',
'[m[1;33m' => '<span style="color:yellow">',
'[m[1;34m' => '<span style="color:blue">',
'[m[1;37m' => '<span style="color:white">',
);
// $endDict = array(
// '[m' => '</span>',
// );
// validation logic
if($_SERVER["REQUEST_METHOD"] == "POST") {
//if(!empty($_POST["server"]) && preg_match($serverRegex, $_POST["server"]) == 1) {
if(!empty($_POST["server"])) {
//$server = validateServer($_POST["server"]);
$server = $_POST["server"];
$serverError = "";
} else {
$server = "";
$serverError = "Please enter a valid hostname or IP";
$cmdError += 1;
}
//if(!empty($_POST["port"]) && preg_match($portRegex, $_POST["port"]) == 1) {
if(!empty($_POST["port"])) {
//$port = validatePort($_POST["port"]);
$port = $_POST["port"];
$portError = "";
} else {
$port = "";
$portError = "Please enter a valid port";
$cmdError += 2;
}
if(!empty($_POST["starttls"])) {
//$starttls = validateStarttls($_POST["starttls"]);
$starttls = $_POST["starttls"];
$starttlsError = "";
} else {
// no POST data? assume no
//$starttls = "";
//$starttlsError = "Please enter a valid STARTTLS value";
//$cmdError += 4;
$starttls = "No";
}
if((!empty($_POST["starttls"]) && !empty($_POST["starttlsType"])) || empty($_POST["starttls"])) {
//$starttlsType = validateStarttlsType($_POST["starttlsType"]);
$starttlsType = $_POST["starttlsType"];
$starttlsTypeError = "";
} else {
$starttlsType = "";
$starttlsTypeError = "Please enter a valid STARTTLS Type";
$cmdError += 8;
}
}
function validateStarttls() {
}
function validateStarttlsType() {
}
?>
<html>
<head>
<!-- UTF-8 charset -->
<meta charset="ISO-8859-1">
<!-- spectre.css -->
<link rel="stylesheet" href="spectre.min.css">
<link rel="stylesheet" href="spectre-exp.min.css">
<link rel="stylesheet" href="spectre-icons.min.css">
<!-- JS for page controls -->
<script>
function update_starttls() {
document.getElementById("select_starttls_type").disabled = (document.getElementById("checkbox_starttls").checked ? false : true);
}
</script>
</head>
<body>
<div class="container">
<h1>Target</h1>
<form method="post" action="<?= htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<div class="columns">
<!--
TODO: set testssl.sh command to always use COLORBLIND
TODO: should i put the STARTTLS Types into an array?
-->
<div class="form-group column col-9">
<label class="form-label" for="input_server">Server</label>
<input class="form-input<?= $starttlsTypeError ? ' is-error' : '' ?>" type="text" id="input_server" name="server" value="<?= $server; ?>" required pattern="<?= $serverRegex; ?>" placeholder="Server">
<p class="form-input-hint"><?= $serverError; ?></p>
</div>
<div class="form-group column col-3">
<label class="form-label" for="input_port">Port</label>
<input class="form-input<?= $starttlsTypeError ? ' is-error' : '' ?>" type="text" id="input_port" name="port" value="<?= $port; ?>" required pattern="<?= $portRegex; ?>" placeholder="Port">
<p class="form-input-hint"><?= $portError; ?></p>
</div>
<div class="form-group column col-3">
<label class="form-switch<?= $starttlsTypeError ? ' is-error' : '' ?>">
<input type="checkbox" id="checkbox_starttls" name="starttls" value="Yes" <?= $starttls=="Yes" ? 'checked' : ''; ?> onclick="update_starttls();">
<i class="form-icon"></i>STARTTLS
</label>
<p class="form-input-hint"><?= $starttlsError; ?></p>
</div>
<div class="form-group column col-9">
<select class="form-select<?= $starttlsTypeError ? ' is-error' : '' ?>" id="select_starttls_type" name="starttlsType">
<option>STARTTLS Type</option>
<option value="ftp" <?= $starttlsType == 'ftp' ? 'selected="selected"' : '' ?>>FTP</option>
<option value="smtp" <?= $starttlsType == 'smtp' ? 'selected="selected"' : '' ?>>SMTP</option>
<option value="pop3" <?= $starttlsType == 'pop3' ? 'selected="selected"' : '' ?>>POP3</option>
<option value="imap" <?= $starttlsType == 'imap' ? 'selected="selected"' : '' ?>>IMAP</option>
<option value="xmpp" <?= $starttlsType == 'xmpp' ? 'selected="selected"' : '' ?>>XMPP</option>
<option value="telnet" <?= $starttlsType == 'telnet' ? 'selected="selected"' : '' ?>>TELNET</option>
<option value="ldap" <?= $starttlsType == 'ldap' ? 'selected="selected"' : '' ?>>LDAP</option>
<option value="lmtp" <?= $starttlsType == 'lmtp' ? 'selected="selected"' : '' ?>>LMTP</option>
<option value="nntp" <?= $starttlsType == 'nntp' ? 'selected="selected"' : '' ?>>NNTP</option>
<option value="postgres" <?= $starttlsType == 'postgres' ? 'selected="selected"' : '' ?>>POSTGRES</option>
<option value="mysql" <?= $starttlsType == 'mysql' ? 'selected="selected"' : '' ?>>MYSQL</option>
</select>
<p class="form-input-hint"><?= $starttlsTypeError; ?></p>
</div>
<div class="form-group column col-12">
<input class="btn btn-primary" type="submit" value="Scan">
</div>
</div>
</form>
<!-- run this to disable controls as soon as control is rendered -->
<script>
update_starttls();
</script>
<h1>Result</h1>
<div class="columns">
<div class="form-group column col-12">
<pre class="code" data-lang="bash">
<code>
<?php
if($_SERVER["REQUEST_METHOD"] == "POST" && $cmdError == 0) {
// vars
$starttls_args = ($starttls == 'Yes' ? " -t $starttlsType" : '');
$cmd_args = "--quiet$starttls_args $server:$port";
$cmd = "/usr/local/bin/bash /usr/local/bin/testssl.sh $cmd_args";
// debug values
echo "\r\n";
echo "Debug: $server $port $starttls $starttlstype";
echo "\r\n";
echo "Command: $cmd";
echo "\r\n";
// end all output buffers if any
while(@ ob_end_flush());
$proc = popen($cmd, 'r');
while(!feof($proc)) {
//$result_raw = str_replace(array("\e", "\s"), '', fread($proc, 4096));
//$result_raw = preg_replace("/[^a-zA-Z0-9_ -\[\]\(\)\{\}\:\"\;\'\,\.\/\<\>\?\r\n]/", '', fread($proc, 4096));
//$htmlString = str_replace(array_keys($endDict), $endDict, str_replace(array_keys($startDict), $startDict, $result_raw));
//$htmlString = str_replace(array_keys($startDict), $startDict, $result_raw);
//$htmlString = str_replace('[m[1;32m', '<span style="color:green">', $result_raw);
$htmlString = preg_replace("/\e\[m\e\[1;32m/", '<span style="color:green">', fread($proc, 4096));
//echo fread($proc, 4096);
echo "$htmlString";
@ flush();
}
}
?>
</code>
</pre>
</div>
</div>
</div>
</body>
</html>