#!/usr/bin/perl
# webmap: cheezy front end to nmap written by ajax@mobis.com 
#  v1.2 : for all the marketing people 
# 
# its best to either use suidperl, or make nmap suid-root
# added: sanity check '-' character in $ip_address

use CGI qw/:standard :html3 :fatalsToBrowser/;
use CGI::Carp; #qw(fatalsToBrowser);

# configuration options
$allow_bans = 0;                        # should we ban any hosts?
@banned = ('example.com', 
           'example.com', 
           'example.com', 
           'example.com');              # these hosts are banned
$restrict_hosts = 0;                    # should we restrict hosts?
@only_allow = ('example.com');          # only allow these hosts
$send_email = 0;                        # send mail upon usage of this program?
$email_address = "root\@example.com";   # email address to send email to
$nmap = "/usr/local/bin/nmap -sS -O";   # nmap program and options which will
                                        # be executed followed by dest IP



$query = new CGI;
print $query->header;
if (!($query->param('ip_address'))) { &print_prompt($query); }
&security_check($query);
&do_nmap($query);
print $query->end_html;
exit;

sub security_check
 {
   $not_allowed = 0;
   if ($allow_bans) {
     foreach $host (@banned) {
        if ($ENV{'REMOTE_HOST'} =~ /$host/) { 
           print "<H1>Sorry, Your host is banned.";
           exit; 
        }
     } 
   }
   if($restrict_hosts) {
     foreach $host (@only_allow) {
        if (!($ENV{'REMOTE_HOST'} =~ /$host/)) {
           $not_allowed++;
        }
     }
   }

   # sanity check
   if ($query->param('ip_address') !~ /^\s*[0-9a-zA-Z\.\-\_]\s*$/ ) 
   { print "<H1><tt>Sorry, Try again. </H1>";
     exit; 
   }

   if ($not_allowed) {
      print "<h1>Sorry, You are not connected from one of the allowed hosts.</h1>\n";
      exit;
   }
   return 0;
}

sub do_nmap {
    my($query) = @_;
    my(@values,$key);

 if ($query->param('ip_address') ne "") {
    $ipaddress = $query->param('ip_address');
    print "<b>Results (this may take a minute):</b><br><tt>";
    $output = `$nmap $ipaddress 2>&1`; 
    print "<p><PRE>$output</PRE>";

    if ($send_email) {
       #send email whenever this program was ran
       $hostname = $ENV{'REMOTE_HOST'};
       open (MAIL, "|/usr/bin/sendmail -t") || die "Can't open /usr/bin/sendmail\n";
       print MAIL "To: <",$email_address,">\n";
       print MAIL "From: <",$hostname,">\n";
       print MAIL "Subject: usage of webmap.cgi\n\n";
       print MAIL "------------------------------------------------------\n";
       # print the entire http environment for this session
       foreach $key ($query->param) {
          print MAIL "$key -> ";
          @values = $query->param($key);
          print MAIL join(", ",@values),"\n";
       }
       foreach $key (sort keys %ENV) {
          print MAIL "$key=$ENV{$key}\n";
       }
       print MAIL "------------------------------------------------------\n";
       close (MAIL);
       return 0;

    }
 }
 return 0;
}  


return 0;
sub print_prompt {
   my($query) = @_;

   print $query->start_html,
         "<FONT COLOR=\"#000000\" SIZE=\"3\" FACE=\"\">",
         $query->start_form,
         "<H1>K-RAD ELITE NMAP SCANNER</H1><br>\n",
         "<h5><EM>destinationIP </EM>",
         $query->textfield(-name=>'ip_address',
                           -size=>15),"<BR>",
         "<P>",$query->reset,
         $query->submit('Action','Submit'),
         $query->endform;
}