From c17cace17c3ab2eafb4b16b9fd05db10d52882cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Moska=C5=82a?= Date: Wed, 24 Jan 2024 18:39:01 +0100 Subject: [PATCH] Improvements, fixes --- README.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++ index.html | 64 ++++++++++++++++++++++++++++++++---------------------- minipam.go | 2 +- 3 files changed, 95 insertions(+), 27 deletions(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..55bd281 --- /dev/null +++ b/README.md @@ -0,0 +1,56 @@ +# MinIPAM +A simple tool that scans specified subnet(s) and has WEB UI to easily see which IPs are available + +I wanted something like space map from PHPIPAM but with less clicking to get to see what I want to see. +Web UI is just a bunch of buttons (one for subnet) and table, representing hosts in said subnet. Hosts that were online +during last scan are marked as green, hosts which were online at least once but were offline during last scan are marked +red, and hosts that were never seen online are marked gray. Also for every online host during a scan RevDNS lookup +is made to attempt to get its hostname. Web UI does not allow editing presented data in any way, which is also why +there is no authorization mechanism built in. + +Scanning is kind of slow, but I prefer to keep it that way, since I don't need it to be fast, and I don't want to waste +my compute resources. It doesn't matter for me if my scan completes within 1 minute or within 30 minutes. + +TODO: screenshot + +# Configuration reference +```yaml +bind_address: "0.0.0.0:8443" +scan_subnets: + - 192.168.145.0/24 + - 10.250.100.64.0/27 +delay_between_scans: 15m +persistence_location: "data.json" +exclude_special_addresses: true +use_tls: false +tls_key_file: "key.pem" +tls_cert_file: "fullchain.pem" +``` +`delay_between_scans` specifies time to wait between scans. For example 15m means that +scan starts at 17:43, takes 2 minutes, finishes at 17:45, next scan will start at 18:00 + +`exclude_special_addresses` excludes network and broadcast addresses from scanning and results. +With subnets in example above, those would be `192.168.145.0`,`192.168.145.255`,`10.250.100.64`,`10.250.100.95`. + +`persistence_location` indicates where data should be stored. It needs to be writable. + +# Requirements + +Scanning is done by running: +```go +exec.Command("ping", "-n", "-W", "0.2", "-c", "1", addr) +``` +So you need OS that has `ping` command with those options. +Tested with GNU coreutils on archlinux. Also works on FreeBSD, however, FreeBSD's ping will wait 1 second instead of +0.2 seconds, making scanning networks with a lot of free IPs slower. + +While we're at it, hosts are expected to reply within 0.2 seconds (except on FreeBSD, where ping is not accepting +fractional timeout values). This is currently hard-coded. + +# Authentication +Since I don't think that any data presented by this tool would be considered sensitive, I didn't implement any +authentication mechanism. If for some reason you decided that you NEED one, consider following options: + - Use firewall to only allow trusted networks to access this tool + - If this tool happens to be running on your workstation, bind it to localhost only + - Bind this tool to localhost only and use SSH port forwarding + - Set up reverse proxy with authorization, then bind this tool to localhost only. \ No newline at end of file diff --git a/index.html b/index.html index 103edd2..9cf5bac 100644 --- a/index.html +++ b/index.html @@ -5,12 +5,19 @@