Network Tools

#!/usr/bin/perl $|=1; ################################################################## # # INSTRUCTIONS # # Upload this file to your cgi-bin directory. # Read the CONFIGURATION section carefully. The only items you # need to set are the commands. # # The .html form only has to provide at the most, two # items - program and target. ################################################################## # # CONFIGURATION SECTION # # Put your list of commands here. The first column is the code you # will put in your form for any program. The "P-" at the start of # a code indicates that an argument MUST be specified. Otherwise # the code starts with "N-". If a parameter is forbidden, code # starts with "R-". # If no hostname (target) is specified by the user, then the CGI # environment variable 'REMOTE_ADDR' will be used. # # The actual locations of various utility programs vary from server # to server. The examples below are particular to our site. use strict; my %commands = ( 'N-PING', '/bin/ping -c 5 -w 5 ', 'N-TRACE', '/usr/sbin/traceroute ', 'P-LOOK', '/usr/bin/host -a ', 'P-LOOKA', '/usr/bin/host -l -v -t any ', 'P-FING', '/usr/bin/finger ', 'R-UP', '/usr/bin/uptime' ); ################################################################## # THERE IS NOTHING YOU NEED DO BEYOND THIS POINT ################################################################## my $PROGRAMM = ''; # Programmname (1. Wert des Hashes %commands) my $ZIELHOST = ''; # Eingabeparameter my $temp = ''; # Hilfvariable my $i = 0; # Zaehlvariable my $content = ''; # Variablen zur Aufbereitung der CGI-Parameter my $key = ''; my %fields = (); # to prevent runaways, call it quits after 60 seconds. $SIG{'ALRM'} =\&alarm_handle; alarm(60); print "Content-type: text/html\n\n"; print "Network Tools", "\n"; print "", "\n"; print "

Netzmafia Network Tools

", "\n"; # Sicherheitsmassnahmen: # 1. Eingabe auf zulaessige Zeichen beschraenken # 2. Laengenueberpruefung der Eingabe if ($ENV{'REQUEST_METHOD'} ne "POST") { $temp = $ENV{'QUERY_STRING'}; } else { read(STDIN,$temp,$ENV{'CONTENT_LENGTH'}); } foreach (split("&",$temp)) { /(.*)=(.*)/; $key = $1; $content = $2; $content =~ s/\+/ /g; $content =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $fields{$key} = $content; } $PROGRAMM = $fields{'program'}; if ($fields{'target'} =~ /^([-\@\w.]+)$/ || $fields{'target'} eq "") { $ZIELHOST = $fields{'target'}; } else { $ZIELHOST = ""; print "Unzul\ässige Zeichen im Parameter. Abbruch!"; print "", "\n"; exit 0; } if (length($ZIELHOST) > 255) { $ZIELHOST = ""; print "Parameter zu lang (mehr als 255 Zeichen). Abbruch!"; print "", "\n"; exit 0; } if ($commands{$PROGRAMM} eq "") { print "

Fehler

", "\n"; print "Kein Kommando angegeben!\n"; print "", "\n"; exit 0; } if ($ZIELHOST eq "") { if ($PROGRAMM =~ /^P-/) { print "

Fehler

", "\n"; print "Das Kommando ben\ötigt eine Angabe im Eingabefeld!\n"; print "", "\n"; exit 0; } else { if ($ENV{'REQUEST_METHOD'} eq "POST") { $ZIELHOST = $ENV{'REMOTE_ADDR'}; } } } if ($PROGRAMM =~ /^R-/) { $ZIELHOST = ""; } $temp = $commands{$PROGRAMM}; $temp =~ s/^..*\///; print "Bitte etwas Geduld, bis die gew\ünschten Daten ermittelt sind.

", "\n"; print "Ergebnisse von Kommando: $temp", "\n"; if ($ZIELHOST ne "") { print " $ZIELHOST", "\n"; } print "

", "\n";
open (INP, "$commands{$PROGRAMM} $ZIELHOST |");
while ()
  {
  chop $_;
  print "$_\n";
  }
close (INP);
print "

", "\n"; exit 0; # Unterprogramm fuer Timeout # sub alarm_handle { alarm(0); print "

Fehler

", "\n"; print "Zeit\überschreitung beim Bearbeiten der Abfrage, Abbruch!", "\n"; print "", "\n"; exit 0; }