Home page logo

nmap-dev logo Nmap Development mailing list archives

Nmap - Summer Project Idea
From: Everardo Padilla Saca <everardo.padilla.saca () gmail com>
Date: Sat, 15 Feb 2014 02:24:16 +0000

Hi all,
I've been thinking on how I could make something useful for the Nmap
community. I would appreciate your feedback on this idea. It's about a
distributed Nmap network with a RESTful backend, where multiple Nmap
clients are managed by a control server, who is managed by the final
user(s) through a web browser.

The control server would act as a bridge between the final user(s) and the
network of Nmap clients. The control server should be able to observe the
Nmap clients' status in a live fashion (connecting, disconnecting,
scanning) and report back to the user(s) so they can choose between the
clients that will participate in a scenario. The user(s) will be able to
configure that scenario in such a way that each one of the chosen Nmap
clients gets a chunk of the workload. The Nmap clients would report back to
control server about their progress, so that the user(s) can observe that
through their web browser. The configuration given to the clients and
scenarios would be saved in a storage unit accessible by the control
server, thus, by the final user(s) too. Past scenarios could be compared,
replayed, edited, or deleted; and their results would reside in the storage
unit for further reference. The following image shows a very simplified
architecture of this:

Image: http://i.imgur.com/r0ovDlD.png

A prototype can be found here: https://github.com/epadillas/cnmap (needs a
better name).
This prototype consists of the client and server code. The client code
listens to the control server for commands, executes Nmap scans, and
reports back to the control server. The control server listens to the final
user (who's using a web browser) and to the Nmap client(s). The server will
relay any commands to the Nmap clients given by the user(s). For now, the
prototype can only scan ports in a distributed fashion (instead of IP
addresses for the sake of the demo) and report the results to the control
server. These results are displayed to the final user who's connected to
the control server via web browser. This is done using node.js and socket.io.
The demo's repo has a link to a short silent video showing how this works.

-Perhaps the web interface could use an HTML5 canvas to "draw" scan
scenarios (maybe like Cisco's packet tracer?).
-PKI could be used to authenticate clients, maybe a Web of Trust if several
control servers are used.
-Ndiff could be used to compare scans saved in the control server.
-NSE scripts could be distributed to the clients from the control server.
-The clients would tell the server which NSE scripts the currently have.
-Report exporting capabilities.

At the moment, the best tool for distributed Nmap scanning is of course
dnmap, it works great. Even though this project aims to distribute scanning
too, a few extra things can be achieved, like the potential of turning into
a web-based shared environment for pen-testers or auditors managing the
same control server.

If you all think this is a worthy/relevant idea it would be nice if it
could be part of this year's GSoC. I would like to hear your opinions and

A bit about myself: I'm a last year BSc in Computer Science student, about
to start working for my Uni on researching methods for IPv6 address
exploring with Raul Fuentes' work shown here
http://seclists.org/nmap-dev/2013/q4/285 (currently working on those
scripts' code).

Everardo Padilla
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]