RE: One Last Requirements Doc: Hosted Scanner

["Jones, David H" <Jones.David.H () principal com>]

"You have a bit of latitude in selecting the language for this system.
Perl, Python, or C would be good choices. PHP is probably not OK."

Just wondering what you have against PHP... :)

-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Fyodor
Sent: Tuesday, May 23, 2006 4:22 AM
To: nmap-dev () insecure org
Subject: One Last Requirements Doc: Hosted Scanner

I've probably been overwhelming you all with requests for comments.
At least writing them all has overwhelmed me :).  But this is the last
formal requirements doc, at least for now.

This one covers the idea of an open source web interface to Nmap
scanning.  You can run this on your network and give admins access to
scan from the central server.  You can configure it to scan you every
day or every week and email you changes.  Or you can host this on a
different network so that you can see what your systems look like from
the outside.

Also, I think a version of this hosted as a public service would be
pretty cool.  If it turns out well, I might be able to host it myself.
But that depends on how much hardware/bandwidth resources it ends up
taking.  Also, I don't want to get kicked off my ISP if a bunch of
script kiddies get on and start scanning the whole 'net :).  So this
requirements doc has a major focus on security and authorization
privileges.

If giving free accounts to everyone turns out to be too expensive (in
time or money), one cool idea would be to offer accounts only to
people listed in the Nmap CHANGELOG, as a sort of perk for developers.
Some other party could always run a version open to everyone.  They
could even charge a little for it.  Hopefully the open source nature
would lead to competition and thus keep prices low.  And you'd always
have the ability to run it on your own server for free as well.

Anyway, here is the doc:

http://www.insecure.org/nmap/SoC/HostedScan.html

As always, let me know if you have any suggestions for improving this!

Cheers,
Fyodor





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to Connect () principal com and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev