An RDNS XSS was disclosed which has been patched by a temporary fix (thanks @ldrrp). To patch, simply replace LookingGlass/LookingGlass.php with the patched version found here: LookingGlass.php
A maintenance/security release will be issued before 2015-01-26, which will include a number of patches for v1.
LookingGlass is a user-friendly PHP based looking glass that allows the public (via a web interface) to execute network commands on behalf of your server.
The demo is hosted on a 50MB (RAM) VPS. 502 errors may occur in events of high use.
- Automated install via bash script
- IPv4 & IPv6 support
- Live output via long polling
- Multiple themes
- Rate limiting of network commands
- host
- mtr
- mtr6 (IPv6)
- ping
- ping6 (IPv6)
- traceroute
- traceroute6 (IPv6)
IPv6 commands will only work if your server has external IPv6 setup (or tunneled)
- PHP >= 5.3
- PHP PDO
- SSH/Terminal access (able to install commands/functions if non-existent)
- Download LookingGlass to the intended folder within your web directory (and unzip)
- Navigate to the
LookingGlasssubdirectory in terminal - Run
bash configure.sh - Follow the instructions and
configure.shwill take care of the rest
Forgot a setting? Simply run the configure.sh script again
To enable output buffering on Nginx, please append the following to your PHP configuration:
location ~ \.php$ {
...
# Append the following
fastcgi_buffer_size 1k;
fastcgi_buffers 128 1k;
fastcgi_max_temp_file_size 0;
gzip off;
}I recommend that you create a separate host file for LookingGlass OR a directory specific PHP "location". This is due to these settings not being optimal for conventional use.
Code is licensed under MIT Public License.
- If you wish to support my efforts, keep the "Powered by LookingGlass" link intact.