mailing list archives
Re: GSoC Cloud Scanning Platform Proposal
From: Alexey Nayden <alexey.nayden () gmail com>
Date: Fri, 8 Apr 2011 18:42:47 +0400
That sounds good. So…done! And keeping my fingers crossed.
08.04.2011, в 18:36, Nick Nikolaou написал(а):
Since the deadline is in a few hours (19:00 UTC), I would suggest you submit your proposal to the website and make
any necessary changes later if you have to.
As Fyodor said, It would be a shame if you couldn't participate because a last minute issue caused you to miss the
On 8 April 2011 15:25, Alexey Nayden <alexey.nayden () gmail com> wrote:
Thank you for an advice, I’ve downloaded Rainmap code and looked through it. I should admit the code is pretty nice.
On the other side, it has quite simple UI and capabilities, but it’s Nmap options parser is gorgeous! Additionally
the project contains a TODO-file with numerous ideas and some problems to fix.
I think I could use Nmap Options Parser code in my project because it’s great and saves a lot of time, but I’d like
to start the UI from the beginning — of course based on the current Rainmap ideas, anyway it wouldn’t take too much
time. I would use RabbitMQ configuration from the Rainmap as well.
Here’s the application form I plan to post to GSoC website
• Your Name: Alexey Nayden
• Email Address: alexey.nayden () gmail com
• Instant messenger names and protocols (if any): gtalk alexey.nayden () gmail com
• Telephone number (optional): +7 911 259 4221
• If you have a URL for your résumé/CV, please list it here: —
• If you wish to list any personal/blog/LinkedIn/Twitter URLs, do so here: —
• Top Project Choice (If choosing one from the Nmap ideas page): Nmap Cloud Scanning Platform
• Are you willing and able to do other projects instead? Not in Nmap project, unfortunately. I’m not so good
at c/c++ programming.
• Please describe in a few lines your C/C++ knowledge or experience (if any): I mainly use c/c++ for AVR
microcontroller programming now. I used to develop some minor tools with C++ and MFC, but I’m not an experienced
developer in that area anyway.
• Please describe any Lua, Python, Perl, or other scripting language knowledge/experience: I use Python, Perl
and TCL when I have to, but it mainly consists of code reading, some changes and developing plugins — eggdrop
scripts, for example. On the other side Ruby is my primary language, I use it almost everyday — for local scripts (if
a problem can’t be solved in 3-5 line bash-script), web-spiders, data processing apps and web-applications.
• Please describe any Windows development experience: I used to work with a little bit of C++/MFC a couple of
years ago and I have 2-year experience in C#/WinForms/ASP.NET development of commercial applications.
• Please describe any UNIX development experience: all my projects run on UNIX machines, so maybe it could be
named UNIX-development, but I’m almost not using platform-specific features.
• Please describe any Mac development experience: I use Mac as my primary machine, but I haven’t written
anything mac-specific except some AppleScripts.
• Please describe any previous Nmap usage experience: I use Nmap from time to time to test machines under my
control or the ones I am interested in (not meaning any kind of abuse or hacking, of course).
• Please describe any previous Nmap development experience: none
• Please describe any previous Open Source development experience: I have some commits in Rails core, so I’m
pretty familiar with the OSS development process (bugzilla/lighthouse, patches, tests, documentation, discussions
before importing the code to upstream etc.)
• If possible, include a link to source code you've written, such as a school or personal project:
https://github.com/anayden/habrafiles — a Sinatra-based file sharing web-app;
https://github.com/anayden/chordpro_processor a very small utility to convert plain text chord files to a chord pro
format; https://github.com/anayden/DParser — web-spider collecting girls’ profiles on a dating website :)
• Have you participated in any previous Summer of Code projects? If so (and it wasn't Nmap), please describe
your projects and experience. Be sure to mention the years involved and the name of your former mentors. Nope
• Have you applied for (or intend to) any other 2011 Summer of Code projects? If so, which ones? No.
• What school do you attend? St.Peterbsurg State University, Mathematics and Mechanics Faculty, Computer
• What degree are you pursuing (include the specialty/major)? Master’s Degree in «Mathematics Foundations of
• How many years have you attended there? 6
• When do you expect to graduate? June 2011 (however I plan to continue with postgraduate studies)
• What city/country will you be spending this summer in? St.Petersburg, Russia
• How much time do you expect to have for this project? 15—25 hours/week
• Please list jobs, summer classes, and/or vacations that you'll need to work around: I need to finish my
diploma during the May, but it wont be extremely time-consuming (as it’s mostly done already) I also plan to have
part-time job during the summer, but it would allow me to have 15-25 hours per week mentioned earlier.
• Please describe your proposed project in detail, including deliverables and expected timeline with
milestones (this is the long answer):
My vision of that project includes several modules:
1. Nmap Runner module — starts Nmap, passes the options and fetches result file
2. Task queue (RabbitMQ) — web-app puts scan tasks there, Nmap Runnes gets and executes them.
3. Web-application for task management and project administration, separated in following submodules:
i) User management module — registration, authorization, password reminders, activation etc.
ii) Scan management module — scan task creation, running, storing
ii) Scan result module — viewing completed scan results, diff-ing them
iii) Scan scheduler — running scans on a regular basis
iv) Quotas — limiting the amount of system resources used by each user
v) User notification subsystem — sending emails (maybe even SMS-messages) when a certain event is triggered (for
instance, host not responding)
vi) Admin panel — statistics, load monitoring, quota management, role management, prohibited hosts database.
I see following milestones for my project:
1. Implementing current Rainmap UI in Rails. 2 weeks.
2. Binding to a current Nmap options parser — at this step we’re able to run scans. 1 week
3. Administration module. 3 weeks.
4. Scan diffs. 2 weeks.
5. Scan quotas. 1 week.
6. Notifications. 1 week.
7. Final pre-release fixes and features (pre-production work). 2 weeks.
I plan to deploy most current version to at the end of an each milestone — and maybe even more often — so current
progress and stats can not only be viewed in emails and code repository, but live as well.
• Why are you well suited to perform this project? (This can be a long answer too if you don't have a
I should say I’ve been dreaming to take part in GSoC since it was first time announced a couple of years ago, but
every year I had something important to do during the summer, so I’ve never applied before. Now that might be my last
chance as soon as I’m graduating the university. Regarding the project itself I liked it at the moment I’ve seen the
first lines of the description. I think that’s a really cool project and very useful for the community. And I’d like
to continue it’s development and support after GSoC ends.
Thank you for your attention!
08.04.2011, в 2:54, David Fifield написал(а):
On Wed, Apr 06, 2011 at 04:36:19PM +0400, Alexey Nayden wrote:
I'm very interested in Nmap Cloud Scanning Platform development. I've
read all the documents you have on that idea and it seems to be great.
A couple of words about myself: I live in St.Petersburg, Russia, study
at St.Petersburg State University, Mathemathics and Mechanics faculty,
Computer Science department. I mainly work with Ruby on Rails,
developing my own and some commercial projects from time to time. I
even have a couple of commits in rails core (very minimalistic to be
completely sincere), I've had a presentation at Piter.rb (local Ruby
developer conference) regarding low-level database access mechanisms
for Ruby (gem sequel).
Regarding the project, as you can see, Ruby on Rails is my primary
expertise, so I'd prefer to implement the platform with it, but, on
the other side, I have some Python skills (more like reading code, not
so much on writing it), and I'd gladly use "Rainmap" ideas and code in
I plan to resolve security issues (speaking of root privileges
required for nmap) with a small middle-tier application implementing
task queue (with rabbitMQ or Reddis, for instance) which takes tasks
from web-app and runs nmap in a root (chrooted, i think) environment.
Other tools I plan to use are CentOS, Nginx and Postgresql.
Hello Alexey, thank you for writing. Your ideas about cloud scanning
sound solid. I would recommend that you check out the Rainmap code (it's
not a big download) and learn about its architecture, so you can comment
on what you would do differently, what you would extend, and what is
already completed. There is already a task queue system using RabbitMQ,
so that potentially doesn't have to be reimplemented or could be treated
as a separable module.
svn co --username guest --password "" svn://svn.insecure.org/rainmap
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/