0 Twitter Votes

Alone With You

Project Name: ErrMahPorts

Project URL: https://errmahports-alonewithyou.rhcloud.com/

Note: Not sure why the site states but I was not in a team, worked on this project solo.

This server is an API service for scanning hosts for ports, whether they are open or closed.

API can be accessed but first registering on /register.

Then create a request at /scan?host=[IPV4 address]&ports=[port 1]&ports=[port 2]&key=[API Key]

Lastly, when you receive your UUID, check the status a /status?uuid=[UUID].

I came up with this idea because there was a request for such a service on the DuckDuckGo request page.

The architecture of the service uses Amazon AWS services including S3 and SQS to handle queuing of requests and storage of the data.

The goal was to get a fully functional port scanning server running in NodeJS utilizing nmap.

Unfortunately, I was unable to commit the last piece of the software which tapped into nmap and gave the proper results back. I also would have liked to have:

  • Version Control on API
  • Setup some sort of caching system (NGINX)
  • Use API keys for checking all requests
  • Add package.json pre-install scripts for nmap and python nmap module
  • Adding services that are attached to the ports AKA fingerprinting
  • Setup email service for forgotten API keys.
  • Moving node-validator to express middleware
  • Making unit tests
  • Refactor for less callback hell

More information can be found on the README at the source page.

Finally, I will be continuously updating this project on my personal github page.

brutalhonesty

Real Name: Adam

Location: Arizona, USA

Bio: ASU CS undergraduate.

MikeDalziel

Real Name: Mike Dalziel

Location: Canada

Bio:


Comments

Its too bad that you were not able to finish. It is hard to judge the project in such an incomplete state. Looks like you have solid plans for the future, good luck with getting it fully functional.

dfmcphee

Real Name: Dominic McPhee

Location: Ottawa, ON

Bio: Pandacodium Co-Founder - Web & Mobile Developer


Comments

This is a neat idea for a project. I could see a REST service to scan ports being handy for a lot of server admins. It doesn't really incorporate real-time in anyway, but it could still be useful. I know you hit some road blocks while doing this project and I am glad you persevered to get this much done.

Panel Judge

davefp

Real Name: David Underwood

Location: Ottawa

Bio:


Comments

Ease of Use:

The multi-step setup process was frustrating. Use of an API key doesn't seem to add anything as all the info is in the scanning request. Simply making a request to the scan endpoint and getting some results back would be a lot more intuitive.

Utility:

I can see this being quite useful as part of a security suite. Not a bad service to have available.

Real-Time:

There's little to no feeling of real-time interactivity. I'm making http requests in a synchronous fashion, and all the results come back at once.

Innovation

Port scanning isn't an original idea, although I've not seen one exposed as an API before

Completeness

The API is complete as far as I can tell, although I noticed that setting ports=80 seemed to result in port 0 and port 8 being scanned, which was very odd.

Overall

The trouble with an API is that there's no real 'wow' factor involved. If there had been a front-end demonstrating the usage I would have been more impressed.

Panel Judge

doomhz

Real Name: Dumitru Glavan

Location: Kapellen, Belgium

Bio: http://be.linkedin.com/in/dumitruglavan


Comments

Nice idea, too bad there was not enough time to give it a decent shape. I guess it was hard to work on it alone.

The interface is still confusing and there are no guidelines or a clear UI that could guide you through the entire tracing process, step by step. Had to use Postman to test it out. Couldn't have done it without the instructions from the README file on GitHub.

I guess that the tool could be useful for someone who needs a to check for his server's vulnerable ports. It might evolve in a handy security check tool for sysadmins. But there is still a lot of work to be done.

A weird thing is that I couldn't understand the result I've received after the scan - { "version": "0.1", "input": { "host": "192.165.67.18", "ports": [ "80", "500" ] }, "output": { "host": "99.240.72.195", "ports": { "0": true, "8": true }, "services": {} }, "requester": "" }. Not sure what the 0 and 8 true means... Is it a bug?

Thumbs up for using the Amazon SQS, it's a smart way to handle lots of requests.

Looked through the code and was a bit surprised to see that you are using S3 as a storage for the accounts and requests. Wouldn't it be easier to keep the data in a MongoDB or Redis instance? Or DynamoMongo perhaps, if you want to stick with the AWS technology. Do you usually use S3 in production as a storage mechanism?

Anyway, it's nice that you've built everything by ourself without a team. Good luck in the future!

maxmackie

Real Name: Max Mackie

Location: Ottawa, Canada

Bio: Pandacodium Co-Founder, entrepreneur and board game addict


Comments

A very interesting idea to give port scanning an API - don't think I've ever seen that before. It was disappointing to not see any kind of website or nice presentation of the API, but I understand 48 hours isn't a whole lot of time. If you continue developing this, I recommend getting all the pertinent information on the website instead of a readme in the repository. You could easily make this a very useful API and even host it through Mashape.

akand074

Real Name: Andrew Kandalaft

Location:

Bio:


Comments

Definitely an intriguing idea, I can see it being useful for some people for sure. There isn't any real-time aspect though and it's very difficult to use. You definitely get some credit for doing this within only 48 hours on your own. This is definitely one of the more complex projects done given the knowledge needed to be able to do it so you should get credit for that as well.

If you could make the API a lot more intuitive to use this can actually end up being very useful. There's a lot of things this can evolve into that can be useful for many different users. It's a great idea, but within context of this hackathon which was centered around real-time applications, it didn't really follow what was expected and it wasn't impressive enough in its current form to warrant a really high score. Good luck with the API though, I have a feeling I could end up seeing it again with a lot of users.

lancelafon

Real Name: Lance Lafontaine

Location:

Bio:


Comments

Unfortunately, UI was visually lacking, and the end goal was not achieved. However, I do recognize the usefulness of such a tool as an interactive web app.

Panel Judge

kenkeiter

Real Name: Kenneth Keiter

Location: Portland, OR

Bio:


Comments

So, obviously the demo for this was incomplete -- but I'll do my best to give you feedback anyway. Port-scanning as a service could be useful with the proper infrastructure in place -- I think your idea has merit. You'd have to figure out a way to rotate through servers to prevent your IPs from simply being blacklisted, and there are a few other technical hurdles which could prevent this from being successful.

That said, when I tried out your implementation, I ran into a number of frustrations which caused me to give you a low score. First slight irritation: server said said my email address was invalid. You're probably validating it using a regex of some sort -- but you should remember that "+" characters are legal (see http://www.regular-expressions.info/email.html for more info).

I made a GET request to /scan using CURL, asked it to scan a Google public server's IP address on ports 80 and 8080, and provided my API key. The first time, it failed with some weird SSL error (which may or may not be your fault). I shifted from HTTPS to HTTP and tried again, receiving a request UUID. Shortly thereafter, I made a GET to /status with my UUID, and got some very odd results back in the ['output']['ports'] key of the resulting JSON. The resulting port numbers (four of them) were each one digit long, with the exception of one which was (randomly) a comma. I'm assuming you were applying more regex-fu to the output of NMAP, which can be a really tricky approach -- either way, I commend you for your attempt! I've tried the same thing before. You should take a look at this NMAP interface in Ruby -- it provides a decent example for how you might build a more reliable interface.

I see where you're going with this, but I think you've got a ways to go! There's definitely some potential. Good luck with the rest of the build!

digitrev

Real Name: Trevor

Location:

Bio:


Comments

Too many manual requests. Output ports don't match input ports (not sure if that is the desired functionality).

Panel Judge

turcotte

Real Name: Marcel Turcotte

Location: Ottawa, ON, Canada

Bio: Associate Computer Science professor at the University of Ottawa.


Comments

It hard to compare this entry with the others. The other entries were applications, this one is a service.

  1. Design / Ease of use
    1. The API was fairly easy to use.
  2. Utility / Fun
    1. Guess so.
  3. Real-Time
  4. Innovation / Originality
  5. Completeness
  6. Overall
Panel Judge

liamtoo

Real Name: Adrian Rylski

Location:

Bio:


Comments

Keep on coding!