Run nmap security audit tool from a Web interface

#1

This topic describes a method to run nmap in a browser.

Unfortunately, the required zip file cannot be downloaded without registering.
Download the zip file here. You’ll get some mails after you have registered and downloaded, but all of them have an unsubscribe link, so after a while, you will no longer receive their mails.

First, create a new directory:

sudo mkdir -p /var/www/html/nmapweb

and place the downloaded zip file in that folder.

Now execute the following commands:

cd /var/www/html/nmapweb
sudo unzip webmap-2012-06-20.zip

Locate nmap on your system (which nmap). If nmap isn’t installed on your system yet, install it with sudo apt-get -yq install nmap --no-install-recommends (reference here).

You need to check if the paths in the commands below match the actual location!
You also need to change the IP address of your workstation in the lighttpd configuration!

edit
Because copy/paste from discourse doesn’t always work, you can find the script here (remember you need to execute the manual steps - download the zip file - first!)
/edit

#!/bin/bash

indexfile=/var/www/html/nmapweb/index.php
sudo sed -i 's#/opt/local/bin/nmap#/usr/bin/nmap#' $indexfile
# the following sed commands modify the file to replace deprecated nmap commands 
sudo sed -i 's#-P0#-Pn#' $indexfile
sudo sed -i 's#-sR#-sV#' $indexfile

# /usr/bin/nmap permissions
sudo chmod 4755 /usr/bin/nmap

# since running Nmap with setuid, as we are doing, is a major security risk 
# we add lighttpd security for nmapweb
# allow only access from a specific IP (your workstation)
file=/etc/lighttpd/external.conf
if ! grep -q "/nmapweb/" $file; then
    echo '$HTTP["remoteip"] != "192.168.2.228" {' | sudo tee -a $file
    echo '  $HTTP["url"] =~ "^/nmapweb/" {' | sudo tee -a $file
    echo '    url.access-deny = ( "" )' | sudo tee -a $file
    echo '  }' | sudo tee -a $file
    echo '}' | sudo tee -a $file
fi
sudo service lighttpd stop
sudo service lighttpd start

If lighttpd doesn’t start (sudo service lighttpd status is running), you probably have an error in your configuration file(s). Check the files with:

lighttpd -t -f /etc/lighttpd/lighttpd.conf

to start the web application:

http://<your_pihole_ip_address>/nmapweb/index.php

result:

This web application was very useful to help me create this pihole feature…