Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
Web page to start scan via CGI?
DRarick at nuvox
Jan 6, 2009, 8:20 AM
Post #1 of 2 (1762 views)
Permalink
I'm looking for a way to have a web form that collects a host IP
address, a choice of one (of three or so) sets of plugins to use, and a
"start scan" button that calls a script to start the scan accordingly.
The results should be returned as HTML as a new page.



As an overview of what I'm trying to accomplish... we have a customer
"portal" that allows all of our customers to access all of their account
information, see previous billing statements, make changes, etc. The
goal is to add Nessus scanning as a tool. Ideally, they click a link,
and a few seconds/minutes later, the page refreshes (or maybe in a
frame) with the results of the scan.



I'm assuming this is possible with the command line and some fancy
scripting (perl, PHP, whatever)... I just don't know where to start.
Maybe someone has already done something similar?
RE: Web page to start scan via CGI? [ In reply to ]
KReiter at insidefsi
Jan 6, 2009, 10:26 AM
Post #2 of 2 (1682 views)
Permalink
Rarick, David wrote:
: I'm looking for a way to have a web form that collects a host IP
: address, a choice of one (of three or so) sets of plugins to use, and
: a "start scan" button that calls a script to start the scan
: accordingly. The results should be returned as HTML as a new page.
:
: As an overview of what I'm trying to accomplish... we have a customer
: "portal" that allows all of our customers to access all of their
: account information, see previous billing statements, make changes,
: etc. The goal is to add Nessus scanning as a tool. Ideally, they
: click a link, and a few seconds/minutes later, the page refreshes (or
: maybe in a frame) with the results of the scan.
:
: I'm assuming this is possible with the command line and some fancy
: scripting (perl, PHP, whatever)... I just don't know where to start.
: Maybe someone has already done something similar?

I made a quick PHP page that allows a user to input the IP of the machine they want scanned, along with their name and e-mail address for internal purposes here. It's in no way secure (since it's only accessible from 1 subnet internally), but it works for me.

All it does is write a .txt file with IP:Name:email to a temp directory, and a cronjob checks for the existance of that file; if it's there, it parses it and kicks off the scan, then posts the HTML page to the secure webserver, along with sending the zipped HTML results to the person who submitted the scan.

I can sanitize it and send it along if you'd like.

Also, I remember seeing a PHP front-end awhile ago called something like "scanme" or "scanit" or something similar. A quick Google search didn't return any results pointing to what I was looking for, but if I find it, I'll post a followup.

-Kevin

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal