Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[Rainmap] RFC on DB schema and planned use

From: alexandru <alex () hackd net>
Date: Mon, 31 May 2010 15:48:37 -0700
Hello all,

I'm hoping to get some feedback from those more experienced with databases, especially in terms of how easy it is to 
scale a certain DB system once the need arises. The currently-planned DB backend for Rainmap is PostgreSQL. It seems to 
be Django authors' preferred DB backend, and coincidentally Fyodor had it in mind when he first drafted the 
HostedScan[0] requirement.

I also propose a tentative DB schema, below. The privileges (User.can_*) are broad, in that something like 
can_version_detect would mean a user can tweak --version-intensity. A more granular system may be appropriate; it might 
be sufficient to store a string (mask) with all the options a user is allowed to use, and verify only those appear in 
the command string:

        User.privs = "-sV -sP -O"
        Scan.command = "nmap -sC -O scanme.nmap.org" # invalid, -sC isn't in the privs string

To accomplish this, Zenmap's NmapOptions class can be used; it'll also help provide an admin interface for modifying 
privileges by parsing the privilege mask back and forth. Suggestions welcome.


Here is the schema (also available in <svn>/nmap-exp/rainmap/docs/schema.txt). Please let me know if the comments 
aren't sufficient and you'd like further details on what the purpose of certain fields is:

_______
* User:
    uid (PK, integer) # unique user id
    email (varchar) # email for acct
    password (char) # password hash, stored with salt
    username (varchar) # user-chose display name
    first_name (varchar)
    last_name (varchar)
    credits_remaining (integer) # credit system tells user how many scans they can perform
    can_ping_scan (boolean) # is user allowed to ping sweep?
    can_port_scan (boolean) # is user allowed to port scan (-sT/-sU)?
    can_version_detect (boolean) # is user allowed to use -sV?
    can_os_detect (boolean) # is user allowed to use -sO?
    can_nse (boolean) # user allowed to use default scripts
    can_traceroute (boolean) # traceroute
    can_declare_ports (boolean) # can user declares custom ports for the scan?


* Scan:
    sid (PK, integer) # unique scan id
    owner_uid(FK, User.uid) # the user that owns this scan
    name (varchar)# name for the scan
    command (varchar) # the command Nmap will execute for this scan
    targets (text) # list of targets to scan. separate from the 'command' field as they'll be placed in a file and run 
with -iL
    output (varchar) # stores the path to the resulting xml


* Blacklist:
    bid (PK, integer) # unique blacklist id
    targets (text) # never scan target(s)
    desc (text) # description for this blacklist entry

_______


Thanks in advance!

[0]: http://nmap.org/soc/HostedScan.html

--
@

Attachment: PGP.sig
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: