Nmap Hosted Scanner

The goal of this project is to create a hosted application which allows users to log in and execute Nmap scans. They should be able to view the results online (using Nmap XML output, rendered to XHTML using the nmap.xsl stylesheet distributed with Nmap) or have the normal (-oN) output emailed to them. Users should also be able to view online (or have mailed to them) differences since the last time they executed a particular scan.

Update [March 26, 2011]: We already have an initial version named Rainmap. It was written last year by SoC student Alexandru Totolici in Python (using the Django framework). It is anticipated that a sponsored student will work on improving and extending Rainmap rather than starting from scratch. That being said, it is 100% OK to write your application as if you were starting from scratch. That will allow you to express your own vision and you may be able to add many of those ideas to Rainmap during the summer.

If users like this application enough, the Nmap Project may be willing to continue hosting it. It can be very handy to see what your network looks like from the outside. Being notified automatically when new ports open/close or machines go online (or offline) is also useful. Obviously providing such a service carries serious security and abuse risks, which is why those are a key focus of this document.


If you think of other important features/requirements for this document, or feel it should be changed in other ways, please post your suggestions to nmap-dev. Labels such as "should" or "would be nice" denote less-critical features that can be worked on last, while "musts" have to be met unless we agree to make changes. Here are the proposed features and infrastructure requirements for the new Nmap scripting engine: