Closed ShayNehmad closed 3 years ago
Do we want to have this as a subprocess call and carry nmap or do we want to integrate the nmap engine?
We need to check the licensing prior to starting the feature.
Free nmap doesn't allow bundling in commercial tools, but the Monkey itself is GPLed. need a lawyer to go over and say if Infection Monkey applies or not but I'm gonna guess it's okay.
But how to best add? nmap isn't exactly small or fast
A lot of options, but none ideal. We could try to build our own fork with only the things we need, because my idea was to include nmap for safe vulnerability scanning scripts, not for network discovery. Or maybe the binaries are not that bad + easy to update. Without doing more in depth investigation I can't tell which is the lesser evil.
If NMAP doesn't work out, this is another option: Something like this might help: https://github.com/robertdavidgraham/masscan
It doesn't have all of the same benefits as NMAP, but it might be useful in other ways.
This issue is about a trivial way to add safe vulnerability scanning. Nmap had +30 safe vuln. scanning scripts at the time, that's why I came up with this idea.
For the moment, we want to avoid turning monkey into a vulnerability scanner. Closing for now.
Will add a lot of vuln scanners to the reports etc.