Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: GSoC Cloud Scanning Platform Proposal
From: David Fifield <david () bamsoftware com>
Date: Thu, 7 Apr 2011 15:54:42 -0700

On Wed, Apr 06, 2011 at 04:36:19PM +0400, Alexey Nayden wrote:
I'm very interested in Nmap Cloud Scanning Platform development. I've
read all the documents you have on that idea and it seems to be great.

A couple of words about myself: I live in St.Petersburg, Russia, study
at St.Petersburg State University, Mathemathics and Mechanics faculty,
Computer Science department. I mainly work with Ruby on Rails,
developing my own and some commercial projects from time to time. I
even have a couple of commits in rails core (very minimalistic to be
completely sincere), I've had a presentation at Piter.rb (local Ruby
developer conference) regarding low-level database access mechanisms
for Ruby (gem sequel).

Regarding the project, as you can see, Ruby on Rails is my primary
expertise, so I'd prefer to implement the platform with it, but, on
the other side, I have some Python skills (more like reading code, not
so much on writing it), and I'd gladly use "Rainmap" ideas and code in
my project.

I plan to resolve security issues (speaking of root privileges
required for nmap) with a small middle-tier application implementing
task queue (with rabbitMQ or Reddis, for instance) which takes tasks
from web-app and runs nmap in a root (chrooted, i think) environment.
Other tools I plan to use are CentOS, Nginx and Postgresql.

Hello Alexey, thank you for writing. Your ideas about cloud scanning
sound solid. I would recommend that you check out the Rainmap code (it's
not a big download) and learn about its architecture, so you can comment
on what you would do differently, what you would extend, and what is
already completed. There is already a task queue system using RabbitMQ,
so that potentially doesn't have to be reimplemented or could be treated
as a separable module.

svn co --username guest --password "" svn://svn.insecure.org/rainmap

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]