Rarick, David wrote: : I'm looking for a way to have a web form that collects a host IP : address, a choice of one (of three or so) sets of plugins to use, and : a "start scan" button that calls a script to start the scan : accordingly. The results should be returned as HTML as a new page. : : As an overview of what I'm trying to accomplish... we have a customer : "portal" that allows all of our customers to access all of their : account information, see previous billing statements, make changes, : etc. The goal is to add Nessus scanning as a tool. Ideally, they : click a link, and a few seconds/minutes later, the page refreshes (or : maybe in a frame) with the results of the scan. : : I'm assuming this is possible with the command line and some fancy : scripting (perl, PHP, whatever)... I just don't know where to start. : Maybe someone has already done something similar?
I made a quick PHP page that allows a user to input the IP of the machine they want scanned, along with their name and e-mail address for internal purposes here. It's in no way secure (since it's only accessible from 1 subnet internally), but it works for me. All it does is write a .txt file with IP:Name:email to a temp directory, and a cronjob checks for the existance of that file; if it's there, it parses it and kicks off the scan, then posts the HTML page to the secure webserver, along with sending the zipped HTML results to the person who submitted the scan. I can sanitize it and send it along if you'd like. Also, I remember seeing a PHP front-end awhile ago called something like "scanme" or "scanit" or something similar. A quick Google search didn't return any results pointing to what I was looking for, but if I find it, I'll post a followup. -Kevin This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. _______________________________________________ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
