Cheat Engine

gameyoda · Posted: Sun Nov 14, 2010 4:35 pm Post subject: Nessus in PHP

Hello,
Lately I wanted to make a site that gets your IP-adress and then does a port scan using Nessus.

However I'm having some problems with the command lines that you can give to Nessus.
Also I'm not sure if there is another way, but if you write your scan to a file how do you read the file and print it in a nice list?
I assume you could put it in an array and just print that in a for loop, but how do you read the file to begin with, because the scan results are written to a .NBE file.

AhMunRa · Posted: Sun Nov 14, 2010 5:15 pm Post subject:

Using fopen() you can open the file in php you want to write to. You can do this using fwrite(). Just tear open .NBE file see what headers/footers you would need to have your script include to make the file an actual Nessuss file.

fopen() in PHP http://php.net/manual/en/function.fopen.php

fwrite() in PHP http://php.net/manual/en/function.fwrite.php

gameyoda · Posted: Mon Nov 15, 2010 2:55 am Post subject:

Ok, thanks for the help. Would still like to know about the command lines.

edit: got to try it out and it works. Do have a question though, is it possible to create the file and then write to it using fopen?
So you can get something like fopen("C:\test.txt").

edit: Can also create files now (fopen($path, "w+")). Only need to know about Nessus and how to use it with the propper command lines, but that can't be too hard I think. Help on that is still welcome though.
Thanks again for your help.

gameyoda · Posted: Tue Nov 16, 2010 7:40 am Post subject:

Hello again, been bussy with the site and it can now read and write files, but for some reason it wont start Nessus. At the moment I have this code:

AhMunRa · Posted: Tue Nov 16, 2010 2:41 pm Post subject:

Try shell_exec() instead of exec.

http://php.net/manual/en/function.shell-exec.php

http://php.net/manual/en/function.exec.php

Also make sure that the web process has permissions to execute the command. If on Linux you may need to add www-data to /etc/sudoers (if you do, I strongly suggest only allowing sudo for the command you need in this case to execute nessus.)

If on Windows I'm not quite sure, either add code for debugging or check your event log in Windows to make sure it is firing. Also check the Nessuss logs, should be something in there.

gameyoda · Posted: Tue Nov 16, 2010 4:06 pm Post subject:

Changed exec to shell_exec now and it does write a file, but it is empty.
Is it at all possible to have "C:\scanResult.txt" as destination for the file or should it just be "C:\scanResult"?
Also, after I started the site I did notice I could no longer start the client (the one in the browser, https://localhost:8834/) and after a restart I went there and saw the scan was not in the log. At the moment I don't really know what to do to make it work.

PS: I started everything as admin just to be sure that the permissions wouldn't be in the way. I can start a scan manually and it will be visible in the log on localhost:8834.

edit 1:
Ok, it appears that it doesnt do anything now. The file was made because of a test I made in my code.
That was why the file was created, but the normal one still doesn't work. Do wonder why it didn't allow me to start the client the first time though.

The normal code I use to execute it is:

AhMunRa · Posted: Wed Nov 17, 2010 9:09 am Post subject:

If you would upload your code somewhere with a list of all tools you are using. I'd be happy to go through tonight and see if I can get it running on one of my servers.