Web-initiated IPv6 TCP Port Scanner (IPv6 Firewall Tester)

ipscan requires access to a MySQL database and the associated client development libraries (libmysqlclient-dev or similar) to be installed on the server which will act as your scanner. ipscan is known to build on: Opensuse versions 11.1/11.4/12.1, Centos 6.2, Fedora 16, Ubuntu 12.04, Mint 12 and FreeBSD 9 and run alongside Apache version 2.2. Please let me know of any other build successes/failures on unlisted platforms.Installation Steps:
1. edit the Makefile and adjust the following entries as required:
a. TARGETDIR – this should be set to the desired location for the cgi files (e.g. /srv/www/cgi-bin6)
Ensure that the selected target directory exists, with appropriate permissions, before attempting to install the final executables.
b. URIPATH – this is the request URI by which the cgi files will be accessed from your webserver
e.g. http://ipv6.chappell-family.com/cgi-bin6/ipscan-js.cgi then set URIPATH=/cgi-bin6
c. TXTTARGET and JSTARGET – these define the names of the two cgi objects that will be created

2. edit ipscan.h and adjust *at least* the following entries:
a. EMAILADDRESS – suggest you use a non-personal email address if the webserver will
be world-accessible
b. MYSQL_XXXX   – Adjust the following constants to match the settings of your database server:
MYSQL_HOST – the hostname or IP address of the machine hosting the MySQL database
MYSQL_USER – the username used to access the ipscan database.
MYSQL_PASSWD – the password used to identify the MySQL user.
MYSQL_DBNAME – the name of the ipscan database.
MYSQL_TBLNAME – the name of the table in which ipscan results will reside.

3. edit ipscan_portlist.h and change the list of ports to be tested, if required

4. Create the database and user and allocate appropriate user privileges, using the following commands within the mysql shell:

NB: adjust the host, user name, password and database name to match the globals you’ve edited in step 2 above:

If necessary to delete an existing database prior to version 0.90, then begin with:

mysql> drop database ipscan;

Otherwise just use the following steps:

mysql> create database ipscan;
Query OK, 1 row affected (0.00 sec)

Note: it is unnecessary to re-create the user if upgrading from a previous version.

mysql> create user ‘ipscan-user’@’localhost’ identified by ‘ipscan-passwd’;
Query OK, 0 rows affected (0.01 sec)

mysql> grant all privileges on ipscan.* to ‘ipscan-user’@’localhost’ identified by ‘ipscan-passwd’;
Query OK, 0 rows affected (0.01 sec)

mysql> exit

5. make && make install
Given that the suid bit is set on the installed executables it is necessary to perform the ‘make install’ stage as root user.

Note: please use gmake under FreeBSD.

6. make sure that the URI path directory (which may well be accessed via an Apache alias) is enabled to execute cgi:

ScriptAlias /cgi-bin6/ “/srv/www/cgi-bin6/”

AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from 2000::/3

Don’t forget to restart your web server after making the appropriate modifications.

7. If you are using an SELinux-enabled distribution (e.g. Fedora 16) then it may be necessary to perform additional steps similar to those outlined below:
a. Ensure that your Apache server is enabled to support cgi, as root type:
# setsebool -P httpd_enable_cgi on
b. Enable the correct execution permissions to the cgi scripts, as root type:
# cd /srv/www/cgi-bin6/ (use your selected installation path)
# chcon -t httpd_unconfined_script_exec_t *.cgi

IMPORTANT NOTE: the steps listed in step 7 above are only indicative of what may be required, and depend upon your existing installation. Please consult the SELinux documentation for further details.

8. Browse from a machine that you want testing towards your servers’ IPv6 address, e.g.
w3m http://ipv6.chappell-family.com/cgi-bin6/ipscan-txt.cgi
lynx http://[2001:470:1f08:185c::2]/cgi-bin6/ipscan-txt.cgi

9. Check the web server access and error logs for messages. ipscan will place summary messages in the error log for all scans, if enabled to do so (default option). It is possible to enable copious amounts of debug by uncommenting the debug #define statements in ipscan.h.

10. If you’re providing public access to ipscan then please ensure that you add a cron job that executes every 5 minutes and deletes expired results from the ipscan database. This not only ensures that your database remains small but more importantly it protects your users’ security. The database is only intended to provide short-term storage for results generated by the port scanner process until they are reported via the web browser. The database tidy up can be achieved using the included sqltidy.pl script, but it will require modification to match any changes you made to the MYSQL_XXXX variables in step 2b above. The cron line to call the script would be something similar to:

*/5 * * * * /path/to/sqltidy.pl 2>&1

For those considering providing ipscan access on the public internet then consider adding a landing page which will check for host IP address suitability prior to allowing access to the cgi script(s) – most (apart from google) search engine spiders/robots currently only use IPv4.
It may be advisable to only offer direct links to the cgi scripts if the address checks were successful.

See http://ipv6.chappell-family.com/ipv6tcptest/ as an example.

Download Version :
Zipball (49,5 KB) https://github.com/timsgit/ipscan/zipball/master
Tarball (44,0 KB) https://github.com/timsgit/ipscan/tarball/master
Find other version | https://github.com/timsgit/ipscan
Read more in here :  http://ipv6.chappell-family.com/ipv6tcptest/