One Last Requirements Doc: Hosted Scanner

[Fyodor <fyodor () insecure org>]

I've probably been overwhelming you all with requests for comments.
At least writing them all has overwhelmed me :).  But this is the last
formal requirements doc, at least for now.

This one covers the idea of an open source web interface to Nmap
scanning.  You can run this on your network and give admins access to
scan from the central server.  You can configure it to scan you every
day or every week and email you changes.  Or you can host this on a
different network so that you can see what your systems look like from
the outside.

Also, I think a version of this hosted as a public service would be
pretty cool.  If it turns out well, I might be able to host it myself.
But that depends on how much hardware/bandwidth resources it ends up
taking.  Also, I don't want to get kicked off my ISP if a bunch of
script kiddies get on and start scanning the whole 'net :).  So this
requirements doc has a major focus on security and authorization
privileges.

If giving free accounts to everyone turns out to be too expensive (in
time or money), one cool idea would be to offer accounts only to
people listed in the Nmap CHANGELOG, as a sort of perk for developers.
Some other party could always run a version open to everyone.  They
could even charge a little for it.  Hopefully the open source nature
would lead to competition and thus keep prices low.  And you'd always
have the ability to run it on your own server for free as well.

Anyway, here is the doc:

http://www.insecure.org/nmap/SoC/HostedScan.html

As always, let me know if you have any suggestions for improving this!

Cheers,
Fyodor





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev