Skip to main content

index.through_script.php (Source)

<?php
    header("Access-Control-Allow-Origin: *");
    $HOME = "/home/christian";
    $host = gethostname();
?>
<!doctype html>
<html>
<head>
        <title><?= $host ?>!</title>
        <style>
            body {
                display: grid;
                justify-items: center;
                list-style: none;
                grid-template-columns: auto 1fr;
            }
            ul {
                font-size: 3rem;
            }
            li ~ li {
                margin-top: 1em;
            }
            dl {
                font-size: small;
                display: grid;
            }
            dt {
                grid-row: 1;
            }
        </style>
</head>
<body>
        <section>
            <h2>On port 80</h2>
            <ul>
<?php
    foreach(scandir(dirname(__FILE__)) as $p) {
        if(is_dir($p) && !str_starts_with($p, ".")) {
?>
                <li><a href="http://<?= $host ?>/<?= $p ?>"><?= $p ?></a></li>
<?php
        }
    }
?>
            </ul>
        </section>
        <section>
            <h2>Other open ports</h2>
            <ul>
<?php
$port_pids = [];
$res = explode("\n", shell_exec("sudo /var/www/html/ports-to-pids.py"));
foreach($res as $line) {
    if(!$line) {
        continue;
    }
    [$port, $pid, $cwd] = explode("\t", $line);
    $port_pids[$port] = [$pid, $cwd];
}
/* For each (port, pid) pair, show a link
*/
foreach($port_pids as $port => [$pid, $cwd]) {
    $connection = @fsockopen($host, $port);
    if (is_resource($connection)) {
        fclose($connection);
        if(str_starts_with(substr($cwd,0,strlen($HOME)), $HOME)) {
            $cwd = substr($cwd,strlen($HOME));
        } else {
            continue;
        }
        // Try an HTTP request to this port, to get the page's title.
        $URL = "http://${host}:${port}";
        $ch = curl_init();
        curl_setopt_array($ch, [
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_URL => $URL,
            CURLOPT_RETURNTRANSFER => true
        ]);
        $output = curl_exec($ch);
        curl_close($ch);
        if(!$output) {
            // Not an HTTP server
            continue;
        }
        libxml_use_internal_errors(true);
        $doc = new DOMDocument();
        if(!$doc->loadHTML($output)) {
            foreach (libxml_get_errors() as $error) {
                $title = "<div>$error</div>";
            }
        } else {
            $titles = $doc->getElementsByTagName('title');
            foreach($titles as $title_node) {
                $title = $title_node->nodeValue;
            }
        }
        libxml_use_internal_errors(false);
        
        // Show a link to the server, and information about the process.
?>
        <li>
            <a href="http://<?= $host ?>:<?= $port ?>"><?= $title ?></a>
            <dl>
                <dt>port</dt>
                <dd><?= $port ?></dd>
                <dt><abbr title="Current working directory of the process">cwd</abbr></dt>
                <dd>~<?= $cwd ?></dd>
                <dt><abbr title="Process ID">pid</abbr></dt>
                <dd><?= $pid ?></dd>
            </dl>
        </li>
<?php
    }
}
?>
            </ul>
        </section>
</body>
</html>