I would like to call Nmap from PHP.

IF I do that :

exec('nmap', $output);
var_dump( $output );

It works, I get the classic "Usage of Nmap" text.

But as soon as I tried to run an UDP check like

exec('nmap -p 586 -sU xx.xx.xx.xx', $output);
var_dump( $output );

It don't work anymore, with no output.

What am I missing?

Regards

Important notice: NMAP is not fully functional with the webservers user (apache, www-data, ...). Only root can do everything with NMAP.

I'd use popen().

$stream = popen('/usr/bin/nmap -p 586 -sU xx.xx.xx.xx', 'r');

while (!feof($stream)) {
    //Make sure you use semicolon at the end of command
    $buffer = fread($stream, 1024);
    echo $buffer, PHP_EOL;
}

pclose($stream);

Or worth trying:

// Start output buffering
ob_start();
// Flush COMPLETE output of nmap
fpassthru('/usr/bin/nmap -p 586 -sU xx.xx.xx.xx');
// Capture output buffer contents
$output = ob_get_contents();
// Shutdown output buffers
ob_end_clean();

Certain Nmap features require root privileges to run. -sU UDP port scanning is one of these. On Linux, the full list is:

• -sU UDP port scans
• -sS TCP SYN scans
• -sA/W/M/N/F/X TCP scans with various flags
• -PE/PP/PM ICMP host discovery probes
• -sO IP Protocol scans
• -sY/Z SCTP scans
• -O OS detection
• --traceroute tracerouting
• Pretty much all the IDS evasion options

Needless to say, it's probably NOT A GOOD IDEA to let your web server run Nmap commands as root. I also caution you to be very strict about what user input you let into the Nmap command line. Lots of Nmap features can be abused to execute arbitrary functions.

Try using the backtick operator (`) to run Nmap. That will return the output into a variable. So:

$output = `nmap -p 586 -sU xx.xx.xx.xx`;

More on the backtick operator: http://php.net/manual/en/language.operators.execution.php