natlas v0.6.12 releases: Scaling Network Scanning

by do son · Published March 10, 2020 · Updated May 1, 2024

Natlas should make continuous, extensible, host-oriented scanning an easy thing to deploy and make use of. Users shouldn’t require specialized knowledge of which nmap flags do what, which tools take the best screenshots, or how to write complicated elasticsearch queries to review their data.

Natlas has two general paths that it should take, in no particular order. One path revolves around the ability to deploy this service against your company or against a customer company and provide continuous data at a moment’s notice. This will usually be a self-contained installation where one person or one team is responsible for maintaining the server as well as all of the agents for a given deployment. They can scale up or down as necessary, but they will generally always be in control of the deployment. There is a tremendous value to organizations in being able to deploy these systems on their own, as easily as possible, and to consume the results in an easy, but powerful, way.

The other path revolves around creating a free, valuable community resource for scan data. This path will involve larger-scale internet scanning and research, and users may sign up from all around the world and wish to contribute scanning power. This path is the reason why agents can be configured to reject work requests against RFC1918 addresses, for instance. Agents should be able to protect themselves from doing work that would potentially compromise them. But by opening up scanning to what effectively amounts to crowdsourced scanning, Natlas can create a decentralized network of scanners that are crawling the internet all the time, sharing that data with one another (for free and in a standardized, central format), and can even provide small gamification elements such as leaderboards for number of scans completed, average number of ports found per scan, and other things to help bolster the community aspect of this.

Changelog v0.6.12

Added

(Agent) Better telemetry indicators for exceptions with Sentry (#445)

Fixed

(Server) Scope import via cli now works as expected (#436)
(Server) Scope export now works even when scope items have tags (#426)
(Server) Errors are now reported as json when json is expected (#442)
(Server) Searching with a bad search query now returns a 400 Bad Request page instead of an Internal Server Error, and links to our search documentation (#444)
(Server) Accessing /host/<an.invalid.ip> no longer throws an exception but rather throws a 404 as expected. (#449)
(Server) No longer throw an exception when xml_data is missing from a submission (#441)