PHP - `shell_exec` 不适用于 NMap（Windows 服务器）

Question

我一直试图弄清楚为什么我不能让 NMap 给我任何类型的输出，甚至不能通过 PHP 解决这个问题。

到目前为止我尝试过的事情：

// this doesn't return anything because it's wrong
$output = passthru('nmap -V');
echo $output;

// this returns a negated integer value
passthru('nmap -V', $output);
echo $output;

// this doesn't return anything either
$stream = popen('C:\nmap -V', 'r');
while (!feof($stream))
{
    $buffer = fread($stream, 1024);
    echo $buffer;
}
pclose($stream);

// this doesn't do anything as well
$output = system('C:\nmap -V');
echo $output;

// this does nothing also...
ob_start(); // start output buffering
fpassthru('C:\nmap -V'); // flush COMPLETE output of nmap
$output = ob_get_contents(); // capture output buffer contents
ob_end_clean(); // shutdown output buffers
echo $output; // echo it

.

// okay, how about we try a 'proc_open()'?
// nope, this doesn't work either. I just get a value of "command returned -1073741515"
$descriptorspec = array(
    0 => array("pipe", "r"), // stdin is a pipe that the child will read from
    1 => array("pipe", "w"), // stdout is a pipe that the child will write to
    2 => array("file", "errors/errors.txt", "a") // stderr is a file to write to
 );
 
 $cwd = 'errors';
 $env = array('some_option' => 'aeiou');
 
 $process = proc_open('C:/nmap -V', $descriptorspec, $pipes, $cwd, $env);
 
 if (is_resource($process))
 {
     // $pipes now looks like this:
     // 0 => writeable handle connected to child stdin
     // 1 => readable handle connected to child stdout
     // Any error output will be appended to /errors/errors.txt
 
     fwrite($pipes[0], '<?php print_r($_ENV); ?>');
     fclose($pipes[0]);
 
     echo stream_get_contents($pipes[1]);
     fclose($pipes[1]);
 
     // It is important that you close any pipes before calling
     // proc_close in order to avoid a deadlock
     $return_value = proc_close($process);
 
     echo "command returned $return_value\n";
 }

还有许多其他人，但我从$output 得到绝对NOTHING。我也做了很多谷歌搜索，但我仍然无法弄清楚。许多示例似乎也适用于 Linux，但无济于事。

谢谢。

Answer 1

好的，我使用此代码得到输出。我将继续编码并完成程序的其余部分。感谢 'Chris Haas' 提出使用 proc_open

的建议

注意：包含“errors.txt”文件的目录必须具有“IIS_IUSRS”写入权限。如有疑问，请检查您的 PHP 错误日志。

 $descriptorSpec = array(
    0 => array("pipe", "r"), // stdin is a pipe that the child will read from
    1 => array("pipe", "w"), // stdout is a pipe that the child will write to
    2 => array("file", "errors/errors.txt", "a") // stderr is a file to write to
 );

 $env = array('bypass_shell' => true);
 $process = proc_open("NMAP.EXE -V", $descriptorSpec, $pipes, "C:\\Program Files (x86)\\NMap", $env);

 if (is_resource($process))
 {
     // '$pipes' now looks like this:
     // 0 => writeable handle connected to child stdin
     // 1 => readable handle connected to child stdout
     fwrite($pipes[0], '<?php print_r($_ENV); ?>');
     fclose($pipes[0]);
 
     echo stream_get_contents($pipes[1]);
     fclose($pipes[1]);
 
     // it is important that you close any pipes before calling
     // proc_close in order to avoid a deadlock
     $return_value = proc_close($process);
 
     echo "<br /><br />Command Returned: $return_value\n";
 }

Nmap 版本 7.91 (https://nmap.org) 平台： i686-pc-windows-windows 编译：nmap-liblua-5.3.5 openssl-1.1.1h nmap-libssh2-1.9.0 nmap-libz-1.2.11 nmap-libpcre-7.6 Npcap-1.00 nmap-libdnet-1.12 ipv6 编译时没有：可用 nsock 引擎：iocp 轮询选择

返回的命令：0