Instalation simplified with setup and install pages.

ajax.php

@@ -1,5 +1,5 @@
-<?php 
-require dirname(__FILE__).'/includes/config.php';
+<?php
+require dirname(__FILE__).'/config.php';
 $ip = (int) $_GET['ip'];
 if ($ip > 0):
 	$q = "SELECT ip as ipaddress, port_id, service, protocol, banner, title FROM data WHERE ip =".(int) $ip." ORDER BY scanned_ts DESC";

assets/scripts.js

@@ -1,5 +1,4 @@
 var delayTimer;
-
 $('#myModal').on('show', function () {
     $(this).find('.modal-body').css({width:'auto',
                                height:'auto', 
@@ -164,4 +163,31 @@ function searchData(data, throbber)
         };
     $.ajax(ajax_options);
     return false;
+}
+
+function showImportHelp()
+{
+    jQuery('#myModalLabel').text('How to scan and import data?');
+    var ajax_options = {
+            beforeSend:function () {
+
+            },
+            complete:function () {
+
+            },
+            error:function (XMLHttpRequest, textStatus, errorThrown) {
+                alert('There was an error during request. Please try again!');
+            },
+            success:function (response, textStatus) {
+            	$('#myModal').modal('show');
+            	jQuery('.modal-body').html(response);
+            },
+            timeout:'100000',
+            type:'get',
+            dataType:'html',
+            data:'',
+            url:'/includes/html/import-help.html'
+        };
+    $.ajax(ajax_options);
+    return false;
 }

assets/style.css

@@ -131,4 +131,6 @@ img#ajax-loader-pagination { margin:10px 15px 0 0; display:none;}
 
 .container.errorPage { min-height:540px; }
 .container.errorPage p { font-size: inherit !important;}
-.container.errorPage .jumbotron { margin-top:5%; }
+.container.errorPage .jumbotron { margin-top:0 !important; padding-top:10px !important;}
+.container.errorPage .jumbotron h1 { margin:0 !important;}
+pre.shell { background:black; color:white; }

config.php

@@ -0,0 +1,25 @@
+<?php
+/**
+ * Some general settings
+ */
+date_default_timezone_set('Europe/Belgrade');
+set_time_limit(0);
+ini_set("memory_limit","-1");
+/**
+ * Error reporting settings
+ */
+ini_set('display_errors', 'On');
+error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED & ~E_WARNING);
+
+/**
+ * Database related configuration
+ */
+define('DB_DRIVER',	    'MySQL');
+define('DB_HOST',	    'localhost');
+define('DB_USERNAME',	'masscan');
+define('DB_PASSWORD', 	'changem3');
+define('DB_DATABASE', 	'masscan');
+/**
+ * Include the db class
+ */
+require dirname(__FILE__).'/lib/class.db.php';

db-structure.sql

@@ -11,7 +11,6 @@ CREATE TABLE IF NOT EXISTS `data` (
   `service` varchar(100) NOT NULL DEFAULT '',
   `banner` text NOT NULL,
   `title` text NOT NULL
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
-
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;
 ALTER TABLE `data` ADD PRIMARY KEY (`id`), ADD KEY `scanned_ts` (`scanned_ts`), ADD KEY `ip` (`ip`), ADD FULLTEXT KEY `banner` (`banner`,`title`);
-ALTER TABLE `data` MODIFY `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=1;
+ALTER TABLE `data` MODIFY `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=1;

export.php

@@ -1,5 +1,5 @@
 <?php 
-require dirname(__FILE__).'/includes/config.php';
+require dirname(__FILE__).'/config.php';
 require dirname(__FILE__).'/includes/functions.php';
 define('EXPORT', true);
 require dirname(__FILE__).'/includes/data_validation.php';

filter.php

@@ -1,6 +1,6 @@
 <?php
 define('APP_NAME', 'massscan');
-require dirname(__FILE__).'/includes/config.php';
+require dirname(__FILE__).'/config.php';
 require dirname(__FILE__).'/includes/functions.php';
 require dirname(__FILE__).'/includes/data_validation.php';
 if (isset($_GET['form'])):

import.php

@@ -39,7 +39,7 @@ function seconds2human($ss)
  * Magic starts here
  */
 $start_ts = time();
-require dirname(__FILE__).'/includes/config.php';
+require dirname(__FILE__).'/config.php';
 if (!isset($argv[1])):
 	die('Please provide a file name to import!'."\n");
 endif;

includes/error.php

@@ -6,10 +6,22 @@
                 <h1>Oops!</h1>
                 <h2>An error has occured.</h2>
                 <div class="alert alert-danger" role="alert">
-                    <p><?php echo htmlentities($this->getMessage()); ?></p>
+                    <p><?php echo $this->getMessage(); ?></p>
                 </div>
-                <p>Check <a href="https://github.com/offensive-security/masscan-web-ui#readme" target="_blank">read me</a> file for help.</p>
-            </div>
+                <?php
+                    if (preg_match('/^(.*)Access denied for user (.*)/s', $this->getMessage(), $matches)):
+                        include DOC_ROOT.'includes/html/db-create-user-help.html';
+                        include DOC_ROOT.'includes/html/db-structure-help.html';
+                        include DOC_ROOT.'includes/html/db-tuning.html';
+                        include DOC_ROOT.'includes/html/delete-files-help.html';
+                    elseif (preg_match('/^Database (.*) not found/', $this->getMessage(), $matches)):
+                            include DOC_ROOT.'includes/html/db-database-help.html';
+                            include DOC_ROOT.'includes/html/db-structure-help.html';
+                            include DOC_ROOT.'includes/html/db-tuning.html';
+                            include DOC_ROOT.'includes/html/delete-files-help.html';
+                    endif;
+                ?>
+            </div> <!-- end of .jumbotron -->
         </div>
     </div>
 </div>

includes/functions.php

@@ -22,8 +22,8 @@ function browse($filter, $export = false)
         list($start_ip, $end_ip) = getStartAndEndIps($filter['ip']);
         $q .= " AND (ip >= $start_ip AND ip <= $end_ip)";
     endif;
-    if (isset($filter['port']) && (int)$filter['port'] > 0 && (int)$filter['port'] <= 65535):
-        $q .= " AND port_id = " . (int)$filter['port'];
+    if (isset($filter['port']) && (int) $filter['port'] > 0 && (int) $filter['port'] <= 65535):
+        $q .= " AND port_id = " . (int) $filter['port'];
     endif;
     if (!empty($filter['protocol'])):
         $q .= " AND protocol = '" . DB::escape($filter['protocol']) . "'";

includes/html/db-create-user-help.html

@@ -0,0 +1,44 @@
+<p>Step by step instructions:</p>
+<p>Open <?php echo DOC_ROOT.'includes/config.php'; ?> and enter host, username, password and database name.</p>
+<p>Open terminal and go to the document root of application by typing:</p>
+<pre class="shell">
+root@kali:~# cd <?php echo DOC_ROOT;?>
+</pre>
+<p>Edit config.php and update the file with mysql host, user, password and database information. Type:</p>
+<pre class="shell">
+root@kali:<?php echo DOC_ROOT;?># nano includes/config.php
+</pre>
+<p>and change the following values to suit your MySql server:</p>
+<pre>
+define('DB_HOST',       '<?php echo DB_HOST;?>');
+define('DB_USERNAME',	'<?php echo DB_USERNAME;?>');
+define('DB_PASSWORD', 	'<?php echo DB_PASSWORD;?>');
+define('DB_DATABASE', 	'<?php echo DB_DATABASE;?>');
+</pre>
+<p>Next step is to open terminal and login to MySql as root by executing following command:</p>
+<pre class="shell">
+root@kali:<?php echo DOC_ROOT;?># mysql -u root -p
+Enter password:
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+mysql>
+</pre>
+<p>If you didn't create database before, create it now by executing following command:</p>
+<pre class="shell">
+mysql> create database <?php echo DB_DATABASE;?>;
+Query OK, 1 row affected (0.01 sec)
+</pre>
+<p>Now create new user:</p>
+<pre class="shell">
+mysql> CREATE USER '<?php echo DB_USERNAME;?>'@'<?php echo DB_HOST;?>' IDENTIFIED BY '<?php echo DB_PASSWORD;?>';
+Query OK, 0 rows affected (0.00 sec)
+</pre>
+<p>Give the newly created user <strong><?php echo DB_USERNAME;?></strong> privileges for database <strong><?php echo DB_DATABASE;?></strong>:</p>
+<pre class="shell">
+mysql> GRANT ALL PRIVILEGES ON <?php echo DB_DATABASE;?>.* TO '<?php echo DB_USERNAME;?>'@'<?php echo DB_HOST;?>';
+Query OK, 0 rows affected (0.01 sec)
+</pre>
+<p>Finally quit MySql:</p>
+<pre class="shell">
+mysql> exit
+Bye
+</pre>

includes/html/db-tuning.html

@@ -0,0 +1,34 @@
+<div class="alert alert-warning">
+    <h4 class="text-primary"><strong>MySql fine tunning</strong></h4>
+    <p>Masscan WEB UI use <a href="http://dev.mysql.com/doc/refman/5.7/en/fulltext-search.html">Full Text Search</a>. The minimum length of words to be indexed is defined by the variable <strong>ft_min_word_len</strong>.</p>
+    <p>Variable must be set at server startup time. A server restart is required for the change to take effect and variable cannot be modified while the server is running.</p>
+    <p>Default value for <strong>ft_min_word_len</strong> is 4 and you probably need smaller value, 2 or even 1.</p>
+    <br>
+    <p>To change this variable, open MySql configuration file named <strong>my.cnf</strong> and change the value to the smaller one.</p>
+    <p>On Linux my.cnf is usually located in /etc/my.cnf, so to edit file type in terminal as root:</p>
+    <pre class="shell">
+root@kali:~# nano /etc/my.cnf
+</pre>
+    <p>Find [mysqld] section in my.cnf and add/change variable=value pair to look something like this:</p>
+    <pre>
+[mysqld]
+ft_min_word_len=2
+</pre>
+    <p>Restart MySql server by executing following command:</p>
+    <pre class="shell">
+root@kali:~# service mysql restart
+</pre>
+    <br>
+    <p>If your database is not empty, you should rebuild your FULLTEXT indexes for the change to take effect.</p>
+    <p>For rebuilding FULLTEXT indexes, open terminal, log in into MySql as root, select appropriate database and execute REPAIR TABLE command.</p>
+    <p>That should be looking similar to this:</p>
+    <pre class="shell">
+root@kali:~# mysql -u root -p
+Enter password:
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+mysql>use <?php echo DB_DATABASE; ?>;
+Database changed
+mysql>REPAIR TABLE data QUICK;
+</pre>
+    <p>Doing that you are done with fine tuning of MySql.</p>
+</div>

includes/html/delete-files-help.html

@@ -0,0 +1,4 @@
+<p>Lastly, not required, but recommended is to delete files which are not used after install is completed.</p>
+<pre class="shell">
+root@kali:<?php echo DOC_ROOT; ?># rm db-structure.sql index.html README.md
+</pre>

includes/html/import-help.html

@@ -0,0 +1,35 @@
+<p>Now you can use masscan to scan your targets, while specifying an XML output. More information about banner grabbing with masscan can be found at <a href="https://github.com/robertdavidgraham/masscan#banner-checking">https://github.com/robertdavidgraham/masscan#banner-checking</a>.</p>
+<pre>
+masscan 10.0.0.0/8 -p80,21,53 --banners --source-ip 10.0.0.2 --max-rate 1000000 -oX scan-01.xml
+</pre>
+<p>Now let's import some scan results. In this example we imported the results of two class A scans:</p>
+<pre>
+root@kali:/var/www/html# ls -l scan*
+-rw-r--r-- 1 root root 212929324 Dec  1 13:23 scan-01.xml
+-rw-r--r-- 1 root root 700816226 Dec  1 13:55 scan-02.xml
+root@kali:/var/www/html# php import.php scan-01.xml
+
+Do you want to clear the database before importing (yes/no)?: yes
+
+Clearing the db
+Reading file
+Parsing file
+Processing data (This may take some time depending on file size)
+
+Summary:
+Total records:738279
+Inserted records:738279
+Took about:3 minutes,18 seconds
+root@kali:/var/www/html# php import.php scan-02.xml
+
+Do you want to clear the database before importing (yes/no)?: no
+Reading file
+Parsing file
+Processing data (This may take some time depending on file size)
+
+Summary:
+Total records:2411974
+Inserted records:2411974
+Took about:9 minutes,41 seconds
+root@kali:/var/www/html#
+</pre>

includes/install.php

@@ -0,0 +1,60 @@
+<?php include DOC_ROOT.'includes/header.php';?>
+<div class="container errorPage">
+    <div class="row">
+        <div class="col-md-12">
+            <div class="jumbotron">
+                <h2>Installing db tables</h2>
+                <p>Installer will try to automatically execute required db queries for creating necessary tables.</p>
+                <?php
+                if (is_file(DOC_ROOT.'db-structure.sql') && is_readable(DOC_ROOT.'db-structure.sql')):
+                    $sql = file_get_contents(DOC_ROOT.'db-structure.sql');
+                    $queries = explode(";", trim(trim($sql), ";"));
+                    if (!empty($queries)):
+                        $error = false;
+                        foreach ($queries as $q):
+                            if (!DB::query($q, false)):
+                                $error = true;
+                                break;
+                            endif;
+                        endforeach;
+                        if ($error): ?>
+                            <p class="alert alert-danger"><i class="glyphicon glyphicon-remove"></i> Installation failed, queries not executed.</p>
+                            <p>To manually install required tables, open terminal and go to the document root by executing following command:</p>
+                            <pre class="shell">
+root@kali:~# cd <?php echo DOC_ROOT; ?>
+                            </pre>
+                            <p>To execute necessary queries, execute following command:</p>
+                            <pre class="shell">
+root@kali:<?php echo DOC_ROOT; ?># mysql -u <?php echo DB_USERNAME;?> -p <?php echo DB_DATABASE;?> < db-structure.sql
+</pre>
+                            <p>You will be asked for MySql password. Enter password and if all went well, refresh the page by clicking <a href=""><strong>here</strong></a>.</p>
+                            <?php
+                        else:
+                            ?>
+                            <p class="alert alert-success"><i class="glyphicon glyphicon-ok"></i> Installation completed, queries executed successfully.</p>
+                            <?php include DOC_ROOT.'includes/html/db-tuning.html';?>
+                            <?php include DOC_ROOT.'includes/html/delete-files-help.html';?>
+                            <p>MASSCAN Web UI is ready for use. Refresh this page by pressing F5 or clicking <a href="/">here</a> to start.</p>
+                            <?php
+                        endif;
+                    endif;
+                else:
+                    if (!is_file(DOC_ROOT.'db-structure.sql')):
+                        ?>
+                        <p class="alert alert-danger"><i class="glyphicon glyphicon-remove"></i> Installer can not find file db-structure.sql in <?php echo DOC_ROOT;?> and can not create necessary db tables.</p>
+                        <p>Check our <a href="https://github.com/offensive-security/masscan-web-ui" target="_blank">Github</a> page for latest source and help.</p>
+                        <?php
+                    elseif (!is_readable(DOC_ROOT.'db-structure.sql')):
+                        ?>
+                        <p class="alert alert-danger"><i class="glyphicon glyphicon-remove"></i> File db-structure.sql in <?php echo DOC_ROOT;?> is not readable and installer can not execute required queries.</p>
+                        <p>Make it readable and refresh page by clicking <a href="/">here</a> to try again.</p>
+                        <?php
+                    else:
+
+                    endif;
+                endif; ?>
+            </div> <!-- end of .jumbotron -->
+        </div> <!-- end .col-md-12 -->
+    </div> <!-- end of .row -->
+</div> <!-- end of .container -->
+<?php include DOC_ROOT.'includes/footer.php';

includes/list.php

@@ -77,7 +77,6 @@
     <?php endif; ?>
     </tbody>
 </table>
-
 <?php if ($results['pagination']['records'] > 0):?>
     <div class="row pagination-container">
         <div class="col-md-6">