<?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>nmap</name> <version>3.70</version> <title>Diagnostics: NMap</title> <donotsave>true</donotsave> <preoutput>yes</preoutput> <savetext>Scan</savetext> <!-- Menu is where this packages menu will appear --> <menu> <name>NMap</name> <tooltiptext>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</tooltiptext> <section>Diagnostics</section> <configfile>nmap.xml</configfile> </menu> <!-- Do not save invokes a simple input menu and will not update the configuration database. --> <fields> <field> <fielddescr>IP or Hostname</fielddescr> <fieldname>hostname</fieldname> <description>Enter the IP address or hostname that you would like to scan.</description> <type>input</type> </field> <field> <fielddescr>-sT</fielddescr> <fieldname>option</fieldname> <description>This is the most basic form of TCP scanning. The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, oth- erwise the port isn't reachable. One strong advantage to this technique is that you don't need any special privileges. Anyuser on most UNIX boxes is free to use this call.</description> <type>radio</type> <typehint>TCP connect() scan.</typehint> </field> <field> <fielddescr>-sP</fielddescr> <fieldname>option</fieldname> <description> Ping scanning: Sometimes you only want to know which hosts on a network are up. Nmap can do this by sending ICMP echo request packets to every IP address on the networks you specify. Hosts that respond are up. Unfortunately, some sites such as microsoft.com block echo request packets. Thus nmap can also send a TCP ack packet to (by default) port 80. If we get an RST back, that machine is up. A third technique involves sending a SYN packet and waiting for a RST or a SYN/ACK. For non-root users, a connect() method is used.</description> <type>radio</type> <typehint>Ping scanning</typehint> </field> <field> <fielddescr>-sU</fielddescr> <fieldname>option</fieldname> <description>This method is used to determine which UDP (User Datagram Protocol, RFC 768) ports are open on a host. The tech- nique is to send 0 byte UDP packets to each port on the target machine. If we receive an ICMP port unreachable message, then the port is closed. Otherwise we assume it is open. Unfortunately, firewalls often block the port unreachable messages, causing the port to appear open. Sometimes an ISP will block only a few specific dangerous ports such as 31337 (back orifice) and 139 (Windows NetBIOS), making it look like these vulnerable ports are open. So don't panic immediately. Unfortunately, it isn't always trivial to differentiate between real open UDP ports and these filtered false-positives.</description> <type>radio</type> <typehint>UDP Scanning</typehint> </field> <field> <fielddescr>-P0</fielddescr> <typehint>Do not try to ping hosts at all before scanning them.</typehint> <fieldname>noping</fieldname> <description>This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall. microsoft.com is an example of such a network, and thus you should always use -P0 or -PT80 when portscanning microsoft.com. Note tht "ping" in this contect may involve more than the traditional ICMP echo request packet. Nmap supports many such probes, including arbi- trary combinations of TCP, UDP, and ICMP probes. By default, Nmap sends an ICMP echo request and a TCP ACK packet to port 80.</description> <type>checkbox</type> </field> <field> <fielddescr>-sV</fielddescr> <typehint>Try to identify service versions</typehint> <fieldname>servicever</fieldname> <description>After TCP and/or UDP ports are discovered using one of the other scan methods, version detection communicates with those ports to try and determine more about what is actually running. A file called nmap-service-probes is used to determine the best probes for detecting various services and the match strings to expect. Nmap tries to determine the service protocol (e.g. ftp, ssh, telnet, http), the application name (e.g. ISC Bind, Apache httpd, Solaris telnetd), the version number, and sometimes miscellaneous details like whether an X server is open to connections or the SSH protocol version)</description> <type>checkbox</type> </field> <field> <fielddescr>-O</fielddescr> <typehint>Turn on OS detection</typehint> <fieldname>osdetect</fieldname> <description>This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtleties in the underlying operating system network stack of the computers you are scanning. It uses this informa- tion to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file) to decide what type of system you are scanning</description> <type>checkbox</type> </field> </fields> <custom_php_deinstall_command> </custom_php_deinstall_command> <custom_add_php_command> $nmap_options = ""; if($_POST['option'] == "-sT: TCP connect() scan.") $nmap_options .= " -sT"; if($_POST['option'] == "-sP: Ping scanning") $nmap_options .= " -sP"; if($_POST['option'] == "-sU: UDP Scanning") $nmap_options .= " -sU"; if($_POST['noping']) $nmap_options .= " -P0"; if($_POST['servicever']) $nmap_options .= " -sV"; if($_POST['osdetect']) $nmap_options .= " -O"; $nmap_options .= " " . $_POST['hostname']; system("/usr/local/bin/nmap" . $nmap_options); </custom_add_php_command> </packagegui>