Run nmap security audit tool from a Web interface

This topic describes a method to run nmap in a browser.

Unfortunately, the required zip file cannot be downloaded without registering.
Download the zip file here. You'll get some mails after you have registered and downloaded, but all of them have an unsubscribe link, so after a while, you will no longer receive their mails.

First, create a new directory:

sudo mkdir -p /var/www/html/nmapweb

and place the downloaded zip file in that folder.

Now execute the following commands:

cd /var/www/html/nmapweb
sudo unzip

Locate nmap on your system (which nmap). If nmap isn't installed on your system yet, install it with sudo apt-get -yq install nmap --no-install-recommends (reference here).

You need to check if the paths in the commands below match the actual location!
You also need to change the IP address of your workstation in the lighttpd configuration!

Because copy/paste from discourse doesn't always work, you can find the script here (remember you need to execute the manual steps - download the zip file - first!)


sudo sed -i 's#/opt/local/bin/nmap#/usr/bin/nmap#' $indexfile
# the following sed commands modify the file to replace deprecated nmap commands 
sudo sed -i 's#-P0#-Pn#' $indexfile
sudo sed -i 's#-sR#-sV#' $indexfile

# /usr/bin/nmap permissions
sudo chmod 4755 /usr/bin/nmap

# since running Nmap with setuid, as we are doing, is a major security risk 
# we add lighttpd security for nmapweb
# allow only access from a specific IP (your workstation)
if ! grep -q "/nmapweb/" $file; then
    echo '$HTTP["remoteip"] != "" {' | sudo tee -a $file
    echo '  $HTTP["url"] =~ "^/nmapweb/" {' | sudo tee -a $file
    echo '    url.access-deny = ( "" )' | sudo tee -a $file
    echo '  }' | sudo tee -a $file
    echo '}' | sudo tee -a $file
sudo service lighttpd stop
sudo service lighttpd start

If lighttpd doesn't start (sudo service lighttpd status is running), you probably have an error in your configuration file(s). Check the files with:

lighttpd -t -f /etc/lighttpd/lighttpd.conf

to start the web application:



This web application was very useful to help me create this pihole feature...