Re: GSoC Cloud Scanning Platform Proposal

[Nick Nikolaou <nikolasnikolaou1 () gmail com>]

Alexey,

Since the deadline is in a few hours (19:00 UTC), I would suggest you submit
your proposal to the website and make any necessary changes later if you
have to.

As Fyodor said, It would be a shame if you couldn't participate because a
last minute issue caused you to miss the deadline.

Cheers,
Nick


On 8 April 2011 15:25, Alexey Nayden <alexey.nayden () gmail com> wrote:

> David,
>
> Thank you for an advice, I’ve downloaded Rainmap code and looked through
> it. I should admit the code is pretty nice. On the other side, it has quite
> simple UI and capabilities, but it’s Nmap options parser is gorgeous!
> Additionally the project contains a TODO-file with numerous ideas and some
> problems to fix.
>
> I think I could use Nmap Options Parser code in my project because it’s
> great and saves a lot of time, but I’d like to start the UI from the
> beginning — of course based on the current Rainmap ideas, anyway it wouldn’t
> take too much time. I would use RabbitMQ configuration from the Rainmap as
> well.
>
>
>
> Here’s the application form I plan to post to GSoC website
>
> Basic/Contact Information
>
>        • Your Name: Alexey Nayden
>        • Email Address: alexey.nayden () gmail com
>        • Instant messenger names and protocols (if any): gtalk
> alexey.nayden () gmail com
>        • Telephone number (optional): +7 911 259 4221
>        • If you have a URL for your résumé/CV, please list it here: —
>        • If you wish to list any personal/blog/LinkedIn/Twitter URLs, do so
> here:  —
>
> Project Selection
>
>        • Top Project Choice (If choosing one from the Nmap ideas page):
> Nmap Cloud Scanning Platform
>        • Are you willing and able to do other projects instead? Not in Nmap
> project, unfortunately. I’m not so good at c/c++ programming.
>
>
> Skills/Experience
>        • Please describe in a few lines your C/C++ knowledge or experience
> (if any): I mainly use c/c++ for AVR microcontroller programming now. I used
> to develop some minor tools with C++ and MFC, but I’m not an experienced
> developer in that area anyway.
>        • Please describe any Lua, Python, Perl, or other scripting language
> knowledge/experience: I use Python, Perl and TCL when I have to, but it
> mainly consists of code reading, some changes and developing plugins —
> eggdrop scripts, for example. On the other side Ruby is my primary language,
> I use it almost everyday — for local scripts (if a problem can’t be solved
> in 3-5 line bash-script), web-spiders, data processing apps and
> web-applications.
>        • Please describe any Windows development experience: I used to work
> with a little bit of C++/MFC a couple of years ago and I have 2-year
> experience in C#/WinForms/ASP.NET development of commercial applications.
>        • Please describe any UNIX development experience: all my projects
> run on UNIX machines, so maybe it could be named UNIX-development, but I’m
> almost not using platform-specific features.
>        • Please describe any Mac development experience: I use Mac as my
> primary machine, but I haven’t written anything mac-specific except some
> AppleScripts.
>        • Please describe any previous Nmap usage experience: I use Nmap
> from time to time to test machines under my control or the ones I am
> interested in (not meaning any kind of abuse or hacking, of course).
>        • Please describe any previous Nmap development experience: none
>        • Please describe any previous Open Source development experience: I
> have some commits in Rails core, so I’m pretty familiar with the OSS
> development process (bugzilla/lighthouse, patches, tests, documentation,
> discussions before importing the code to upstream etc.)
>        • If possible, include a link to source code you've written, such as
> a school or personal project: https://github.com/anayden/habrafiles — a
> Sinatra-based file sharing web-app;
> https://github.com/anayden/chordpro_processor a very small utility to
> convert plain text chord files to a chord pro format;
> https://github.com/anayden/DParser — web-spider collecting girls’ profiles
> on a dating website :)
>        • Have you participated in any previous Summer of Code projects? If
> so (and it wasn't Nmap), please describe your projects and experience. Be
> sure to mention the years involved and the name of your former mentors. Nope
>        • Have you applied for (or intend to) any other 2011 Summer of Code
> projects? If so, which ones? No.
>
> Education
>        • What school do you attend? St.Peterbsurg State University,
> Mathematics and Mechanics Faculty, Computer Science Department
>        • What degree are you pursuing (include the specialty/major)?
> Master’s Degree in «Mathematics Foundations of Computer Science»
>        • How many years have you attended there? 6
>        • When do you expect to graduate? June 2011 (however I plan to
> continue with postgraduate studies)
>        • What city/country will you be spending this summer in?
> St.Petersburg, Russia
>        • How much time do you expect to have for this project? 15—25
> hours/week
>        • Please list jobs, summer classes, and/or vacations that you'll
> need to work around: I need to finish my diploma during the May, but it wont
> be extremely time-consuming (as it’s mostly done already) I also plan to
> have part-time job during the summer, but it would allow me to have 15-25
> hours per week mentioned earlier.
>
> Project Proposal
>        • Please describe your proposed project in detail, including
> deliverables and expected timeline with milestones (this is the long
> answer):
> My vision of that project includes several modules:
> 1. Nmap Runner module — starts Nmap, passes the options and fetches result
> file
> 2. Task queue (RabbitMQ) — web-app puts scan tasks there, Nmap Runnes gets
> and executes them.
> 3. Web-application for task management and project administration,
> separated in following submodules:
> i) User management module — registration, authorization, password
> reminders, activation etc.
> ii) Scan management module — scan task creation, running, storing
> ii) Scan result module — viewing completed scan results, diff-ing them
> iii) Scan scheduler — running scans on a regular basis
> iv) Quotas — limiting the amount of system resources used by each user
> v) User notification subsystem — sending emails (maybe even SMS-messages)
> when a certain event is triggered (for instance, host not responding)
> vi) Admin panel — statistics, load monitoring, quota management, role
> management, prohibited hosts database.
>
> I see following milestones for my project:
> 1. Implementing current Rainmap UI in Rails. 2 weeks.
> 2. Binding to a current Nmap options parser — at this step we’re able to
> run scans. 1 week
> 3. Administration module. 3 weeks.
> 4. Scan diffs. 2 weeks.
> 5. Scan quotas. 1 week.
> 6. Notifications. 1 week.
> 7. Final pre-release fixes and features (pre-production work). 2 weeks.
>
> I plan to deploy most current version to at the end of an each milestone —
> and maybe even more often — so current progress and stats can not only be
> viewed in emails and code repository, but live as well.
>
>        • Why are you well suited to perform this project? (This can be a
> long answer too if you don't have a résumé/CV link.)
> I should say I’ve been dreaming to take part in GSoC since it was first
> time announced a couple of years ago, but every year I had something
> important to do during the summer, so I’ve never applied before. Now that
> might be my last chance as soon as I’m graduating the university. Regarding
> the project itself I liked it at the moment I’ve seen the first lines of the
> description. I think that’s a really cool project and very useful for the
> community. And I’d like to continue it’s development and support after GSoC
> ends.
>
> Thank you for your attention!
>
> Cheers,
> Alexey Nayden
>
>
> 08.04.2011, в 2:54, David Fifield написал(а):
>
> > On Wed, Apr 06, 2011 at 04:36:19PM +0400, Alexey Nayden wrote:
> > > I'm very interested in Nmap Cloud Scanning Platform development. I've
> > > read all the documents you have on that idea and it seems to be great.
> > >
> > > A couple of words about myself: I live in St.Petersburg, Russia, study
> > > at St.Petersburg State University, Mathemathics and Mechanics faculty,
> > > Computer Science department. I mainly work with Ruby on Rails,
> > > developing my own and some commercial projects from time to time. I
> > > even have a couple of commits in rails core (very minimalistic to be
> > > completely sincere), I've had a presentation at Piter.rb (local Ruby
> > > developer conference) regarding low-level database access mechanisms
> > > for Ruby (gem sequel).
> > >
> > > Regarding the project, as you can see, Ruby on Rails is my primary
> > > expertise, so I'd prefer to implement the platform with it, but, on
> > > the other side, I have some Python skills (more like reading code, not
> > > so much on writing it), and I'd gladly use "Rainmap" ideas and code in
> > > my project.
> > >
> > > I plan to resolve security issues (speaking of root privileges
> > > required for nmap) with a small middle-tier application implementing
> > > task queue (with rabbitMQ or Reddis, for instance) which takes tasks
> > > from web-app and runs nmap in a root (chrooted, i think) environment.
> > > Other tools I plan to use are CentOS, Nginx and Postgresql.
> >
> > Hello Alexey, thank you for writing. Your ideas about cloud scanning
> > sound solid. I would recommend that you check out the Rainmap code (it's
> > not a big download) and learn about its architecture, so you can comment
> > on what you would do differently, what you would extend, and what is
> > already completed. There is already a task queue system using RabbitMQ,
> > so that potentially doesn't have to be reimplemented or could be treated
> > as a separable module.
> >
> > svn co --username guest --password "" svn://svn.insecure.org/rainmap
> >
> > David Fifield
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/