Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GSoC Cloud Scanning Platform Proposal

From: alexandru <alex () hackd net>
Date: Tue, 12 Apr 2011 12:53:45 -0700

On 2011-04-12, at 12:23 PM, Alexey Nayden wrote:


The UI is indeed the sorest point of Rainmap, so I'm looking forward to see what ideas you come up with.



I think I’d prefer UI of that sort http://idisk.me.com/anayden/Public/Pictures/Skitch/Rainmap_UI-20110412-232210.png
Is it fine?


One of the constraints I had in the original design was to integrate into the existing Insecure.Org chrome. So, you 
should consider adding that around in the mockup, and possibly tuning the colour scheme to better integrate with that.

Overall, I like the mockup, and the idea of a 'templates library'. The challenging bit is coming up with the UI for 
customizing the scan page itself. There are many different approaches to be taken there, but the washing machine 
analogy is pretty good.


P.S. My original mockups are at http://rainmap.labs.hackd.net/ and the features we wanted to support in early versions 
of Rainmap are at http://rainmap.labs.hackd.net/features/




Cheers,
Alexey

09.04.2011, в 0:26, alexandru написал(а):



On 2011-04-08, at 7:25 AM, Alexey Nayden wrote:


David,

Thank you for an advice, I’ve downloaded Rainmap code and looked through it. I should admit the code is pretty 
nice. On the other side, it has quite simple UI and capabilities, but it’s Nmap options parser is gorgeous!


All credit for that goes to David, in fact, as it's the same parser used by Zenmap. Made life much, much easier!

As for capabilities: Fyodor and I wanted to make sure that even people that don't know much about port scanning 
could use Rainmap. So, some of the more advanced features that are available in Nmap weren't considered at the time, 
or we tried to hide them where possible.

Anyway, I'm sure Fyodor has ideas for Rainmap that go beyond what's currently in the TODO.



Additionally the project contains a TODO-file with numerous ideas and some problems to fix.

I think I could use Nmap Options Parser code in my project because it’s great and saves a lot of time, but I’d like 
to start the UI from the beginning — of course based on the current Rainmap ideas, anyway it wouldn’t take too much 
time.


The UI is indeed the sorest point of Rainmap, so I'm looking forward to see what ideas you come up with.

Good luck with the application process!



I would use RabbitMQ configuration from the Rainmap as well.



Here’s the application form I plan to post to GSoC website

Basic/Contact Information

    • Your Name: Alexey Nayden
    • Email Address: alexey.nayden () gmail com
    • Instant messenger names and protocols (if any): gtalk alexey.nayden () gmail com
    • Telephone number (optional): +7 911 259 4221
    • If you have a URL for your résumé/CV, please list it here: —
    • If you wish to list any personal/blog/LinkedIn/Twitter URLs, do so here:  —

Project Selection

    • Top Project Choice (If choosing one from the Nmap ideas page): Nmap Cloud Scanning Platform
    • Are you willing and able to do other projects instead? Not in Nmap project, unfortunately. I’m not so good at 
c/c++ programming.


Skills/Experience
    • Please describe in a few lines your C/C++ knowledge or experience (if any): I mainly use c/c++ for AVR 
microcontroller programming now. I used to develop some minor tools with C++ and MFC, but I’m not an experienced 
developer in that area anyway.
    • Please describe any Lua, Python, Perl, or other scripting language knowledge/experience: I use Python, Perl 
and TCL when I have to, but it mainly consists of code reading, some changes and developing plugins — eggdrop 
scripts, for example. On the other side Ruby is my primary language, I use it almost everyday — for local scripts 
(if a problem can’t be solved in 3-5 line bash-script), web-spiders, data processing apps and web-applications.
    • Please describe any Windows development experience: I used to work with a little bit of C++/MFC a couple of 
years ago and I have 2-year experience in C#/WinForms/ASP.NET development of commercial applications.
    • Please describe any UNIX development experience: all my projects run on UNIX machines, so maybe it could be 
named UNIX-development, but I’m almost not using platform-specific features.
    • Please describe any Mac development experience: I use Mac as my primary machine, but I haven’t written 
anything mac-specific except some AppleScripts.
    • Please describe any previous Nmap usage experience: I use Nmap from time to time to test machines under my 
control or the ones I am interested in (not meaning any kind of abuse or hacking, of course).
    • Please describe any previous Nmap development experience: none
    • Please describe any previous Open Source development experience: I have some commits in Rails core, so I’m 
pretty familiar with the OSS development process (bugzilla/lighthouse, patches, tests, documentation, discussions 
before importing the code to upstream etc.)
    • If possible, include a link to source code you've written, such as a school or personal project: 
https://github.com/anayden/habrafiles — a Sinatra-based file sharing web-app; 
https://github.com/anayden/chordpro_processor a very small utility to convert plain text chord files to a chord pro 
format; https://github.com/anayden/DParser — web-spider collecting girls’ profiles on a dating website :)
    • Have you participated in any previous Summer of Code projects? If so (and it wasn't Nmap), please describe 
your projects and experience. Be sure to mention the years involved and the name of your former mentors. Nope
    • Have you applied for (or intend to) any other 2011 Summer of Code projects? If so, which ones? No.

Education
    • What school do you attend? St.Peterbsurg State University, Mathematics and Mechanics Faculty, Computer 
Science Department
    • What degree are you pursuing (include the specialty/major)? Master’s Degree in «Mathematics Foundations of 
Computer Science»
    • How many years have you attended there? 6
    • When do you expect to graduate? June 2011 (however I plan to continue with postgraduate studies)
    • What city/country will you be spending this summer in? St.Petersburg, Russia
    • How much time do you expect to have for this project? 15—25 hours/week
    • Please list jobs, summer classes, and/or vacations that you'll need to work around: I need to finish my 
diploma during the May, but it wont be extremely time-consuming (as it’s mostly done already) I also plan to have 
part-time job during the summer, but it would allow me to have 15-25 hours per week mentioned earlier.

Project Proposal
    • Please describe your proposed project in detail, including deliverables and expected timeline with milestones 
(this is the long answer):
My vision of that project includes several modules:
1. Nmap Runner module — starts Nmap, passes the options and fetches result file
2. Task queue (RabbitMQ) — web-app puts scan tasks there, Nmap Runnes gets and executes them.
3. Web-application for task management and project administration, separated in following submodules:
i) User management module — registration, authorization, password reminders, activation etc.
ii) Scan management module — scan task creation, running, storing
ii) Scan result module — viewing completed scan results, diff-ing them
iii) Scan scheduler — running scans on a regular basis
iv) Quotas — limiting the amount of system resources used by each user
v) User notification subsystem — sending emails (maybe even SMS-messages) when a certain event is triggered (for 
instance, host not responding)
vi) Admin panel — statistics, load monitoring, quota management, role management, prohibited hosts database.

I see following milestones for my project:
1. Implementing current Rainmap UI in Rails. 2 weeks.
2. Binding to a current Nmap options parser — at this step we’re able to run scans. 1 week
3. Administration module. 3 weeks.
4. Scan diffs. 2 weeks.
5. Scan quotas. 1 week.
6. Notifications. 1 week.
7. Final pre-release fixes and features (pre-production work). 2 weeks.

I plan to deploy most current version to at the end of an each milestone — and maybe even more often — so current 
progress and stats can not only be viewed in emails and code repository, but live as well.

    • Why are you well suited to perform this project? (This can be a long answer too if you don't have a résumé/CV 
link.)
I should say I’ve been dreaming to take part in GSoC since it was first time announced a couple of years ago, but 
every year I had something important to do during the summer, so I’ve never applied before. Now that might be my 
last chance as soon as I’m graduating the university. Regarding the project itself I liked it at the moment I’ve 
seen the first lines of the description. I think that’s a really cool project and very useful for the community. 
And I’d like to continue it’s development and support after GSoC ends.

Thank you for your attention!

Cheers,
Alexey Nayden


08.04.2011, в 2:54, David Fifield написал(а):


On Wed, Apr 06, 2011 at 04:36:19PM +0400, Alexey Nayden wrote:

I'm very interested in Nmap Cloud Scanning Platform development. I've
read all the documents you have on that idea and it seems to be great.

A couple of words about myself: I live in St.Petersburg, Russia, study
at St.Petersburg State University, Mathemathics and Mechanics faculty,
Computer Science department. I mainly work with Ruby on Rails,
developing my own and some commercial projects from time to time. I
even have a couple of commits in rails core (very minimalistic to be
completely sincere), I've had a presentation at Piter.rb (local Ruby
developer conference) regarding low-level database access mechanisms
for Ruby (gem sequel).

Regarding the project, as you can see, Ruby on Rails is my primary
expertise, so I'd prefer to implement the platform with it, but, on
the other side, I have some Python skills (more like reading code, not
so much on writing it), and I'd gladly use "Rainmap" ideas and code in
my project.

I plan to resolve security issues (speaking of root privileges
required for nmap) with a small middle-tier application implementing
task queue (with rabbitMQ or Reddis, for instance) which takes tasks
from web-app and runs nmap in a root (chrooted, i think) environment.
Other tools I plan to use are CentOS, Nginx and Postgresql.


Hello Alexey, thank you for writing. Your ideas about cloud scanning
sound solid. I would recommend that you check out the Rainmap code (it's
not a big download) and learn about its architecture, so you can comment
on what you would do differently, what you would extend, and what is
already completed. There is already a task queue system using RabbitMQ,
so that potentially doesn't have to be reimplemented or could be treated
as a separable module.

svn co --username guest --password "" svn://svn.insecure.org/rainmap

David Fifield


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



--
ατ



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



--
ατ

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: