scantron v1.37 releases: A distributed nmap scanning framework
Scantron is a distributed nmap scanner comprised of two components. The first is a master node that consists of a web front end used for scheduling scans and storing nmap scan targets and results. The second component is an agent that pulls scan jobs from the master and conducts the actual nmap scanning. A majority of the application’s logic is purposely placed on the master to make the agent(s) as “dumb” as possible. All nmap target files and nmap results reside on master and are shared through a network file share (NFS) leveraging SSH tunnels. The agents call back to master periodically using a REST API to check for scan tasks and provide scan status updates.
Scantron is coded for Python3.6+ exclusively and leverages Django for the web front-end, Django REST Framework as the API endpoint, PostgreSQL as the database, and comes complete with Ubuntu-focused Ansible playbooks for smooth deployments. Scantron has been tested on Ubuntu 18.04 and may be compatible with other operating systems. Scantron’s inspiration comes from:
Scantron relies heavily on utilizing SSH port forwards (-R / -L) as an umbilical cord to the agents. Either an SSH connection from master –> agent or agent –> master is acceptable and may be required depending on different firewall rules, but tweaking the port forwards and autossh commands will be necessary.
Added scan engine pooling support to support both nmap and masscan. Multiple scan engines can be assigned to a pool, and that pool can be assigned to a site. A site’s targets will be evenly distributed between the number of scan engines in the pool.
The caveats are that it does not understand CIDR notation. If the targets are 10.0.0.0/24 192.168.1.0/24 10.1.2.3, it will not evenly distribute the 513 targets (256 + 256 + 1) evenly across the scan engines. If 3 scan engines are in the pool, engine1 will scan 10.0.0.0/24, engine2 will scan 192.168.1.0/24, and engine3 will scan 10.1.2.3.
Another caveat is that the separate scan files (both .xml and .json) for pooled scans are not combined to make a final merged file. That capability will be coming later, for now, the onus is on the user to combine them.
- The API client has not been updated to utilize the new /api/engine_pools endpoint.
Copyright 2012-2013 Rackspace, Inc.