Nmap Fingerprint Submitter 2.0

[doug () hcsw org]

Hi nmap-dev!

One project I've taken up for this Summer of Code is a new website
interface for submitting Nmap OS/service fingerprints. The previous
interface obviously has proven its worth many times over but has been
showing its age recently. Let's give it a well-deserved retirement and
replace it with something pretty, flashy, and Web 2.0y.

We can also take advantage of a smarter javascript based client to add
some useful features that should both make it more convenient to
submit to and produce better meta-fingerprint information. I think with
a more intuitive interface we can squeeze even more information out of
the collective knowledge and experience of the Nmap community through
fingerprint submissions and still make the overall process faster/easier!

I talked with Fyodor (who handles the OS detection fingerprints) to
get his ideas on the kind of information that should be collected,
combined that with some of my own ideas (I handle the service/version 
detection fingerprints), and created a mostly functional web service.

Please keep in mind that I am very much a javascript beginner! However
due to its dynamic typing, first-class functions, and true lexical
scoping, javascript is a reasonably powerful language which lets us
create reasonably powerful abstractions. In fact it might turn out that
javascript is an acceptable, well just barely acceptable, platform for
delivering applications to users. Whatever Web 2.0 is, I guess I'm
looking forward to it. On that note, I'm pleased to introduce:

Nmap Fingerprint Submitter 2.0

Here's the temporary URL: (all submissions go to /dev/null so play around!)

http://hoytech.com/temp/private/A03FCB37B9C1079D56C91935B8FA1EF5/

Features:
  * Merges OS/Service submissions into a single consistent interface.
  * Adds a way to submit corrections (an improvement over the previous
    best-practice: email fyodor and complain :))
  * Checks the pasted fingerprints against a set of regexps and warns
    user immediately about common problems.
  * Encodes lots of relevant information from the DB files in a tiny
    javascript file using an efficient Trie-like
    ( http://en.wikipedia.org/wiki/Trie ) data structure I developed.
  * Sorts services by popularity/alphabet for convenience in the
    service scan submission form.
  * Lets you specify OS and device type in the service submission form.
  * Lets you interactively navigate the OS Classes in the the nmap-os-db
    file and quickly narrow in on what type of device you scanned.
    * Should be very smart in not asking meaningless/redundant questions.
    * Puts a number in parens after each category so you know how popular
      it is and so conveys a better idea of nmap classification standards
      to submitters.
  * Gives the size stats for the latest nmap DB files.

The client interface is mostly finished as you can see by visiting the
above URL but I NEED YOUR HELP!

  * Could people please test it with various web browsers and report
    the results? Functionality? Appearance? I only tested it on Firefox.
  * Could somebody with some CSS experience possibly tweak the stylesheet
    a bit? I'm not an expert with CSS and I suspect a few small improvements
    could make a big difference.

Best,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org