Re: Web-Based GUI

[Michael Pattrick <mpattrick () rhinovirus org>]

On Fri, Oct 23, 2009 at 1:01 PM, Rob Youles <rob.youles () googlemail com> wrote:
> Luis A. Bastiao Silva wrote:
> > Hi Rob,
> > ...
> > Yeap. There is already a web interface to Nmap made and mantained by Umit
> > Project. If you're interested you can check it in trac page of UmitWeb [1].
> > You can download the last release as well. Just check out sourceforge [2].
> > [1] - http://trac.umitproject.org/wiki/UmitWeb
> > [2] - http://sourceforge.net/projects/umit/files/umitweb/0.1rc1
> > Luís A. Bastião Silva
>
> Damn, that's disappointing though I suppose not unexpected.
>
> So I suppose I have a few questions before I can continue:
> - Is UmitWeb an active project? It looks as though it hasn't been updated
> since Feb '09.
> - Assuming UmitWeb is fit for purpose (I haven't tried it) is there a
> different angle I could take for an Nmap frontend?
> - I would prefer it if I could avoid having to think of something else for
> my dissertation, but will it be worth my while pursuing this? (I would like
> to)

Hey Rob,

All hope is not lost! I don't know the requirements of your
dissertation but there are a few different ways that you could take an
nmap web-ui. First, I recommend you actually try UmitWeb to find ways
to differentiate your project.

Without looking in detail at all of UmitWebs features:
 - A web interface that issues scans on multiple remote network
sensors and then uses nDiff to figure out how a computer reacts to
IP’s in different locations. Use this data as well as the raw data to
perform analytics on all scans (ie, if a server runs port 80, how
often is it also serving port 443) and output a pretty table of
colorations.
 - As Dirk Loss suggested, integrating with nCrack and nCat as well.
Perhaps giving the user the ability to specify advanced behaviours, ie
if port x is detected to be running y, then have nCat send a custom
packet.
 - Having the user upload LUA scripts would be dangerous, but if you
were really ambitious you could create an in browser graphical event
based programming language where the user specifies how they want a
packet flow to occur. The output would be an NSE script that the user
could ether download or use to scan hosts with.

I’m sure you can think of more ideas.

It may also be relevant to note that some other non open source web
user interfaces exist for Nmap[0][1], which you may also want to look
at too.


Cheers,
Michael Pattrick
http://www.rhinovirus.org/math


[0] http://nmap-online.com/
[1] http://www.linux-sec.net/Audit/nmap.test.gwif.html
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/