lmoskala/MinIPAM
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
MinIPAM/README.md

56 lines
No EOL
2.7 KiB
Markdown
Raw Blame History

# MinIPAM
A simple tool that scans specified subnet(s) and has WEB UI to easily see which IPs are available
I wanted something like space map from PHPIPAM but with less clicking to get to see what I want to see.
Web UI is just a bunch of buttons (one for subnet) and table, representing hosts in said subnet. Hosts that were online
during last scan are marked as green, hosts which were online at least once but were offline during last scan are marked
red, and hosts that were never seen online are marked gray. Also for every online host during a scan RevDNS lookup
is made to attempt to get its hostname. Web UI does not allow editing presented data in any way, which is also why
there is no authorization mechanism built in.
Scanning is kind of slow, but I prefer to keep it that way, since I don't need it to be fast, and I don't want to waste
my compute resources. It doesn't matter for me if my scan completes within 1 minute or within 30 minutes.
TODO: screenshot
# Configuration reference
```yaml
bind_address: "0.0.0.0:8443"
scan_subnets:
- 192.168.145.0/24
- 10.250.100.64.0/27
delay_between_scans: 15m
persistence_location: "data.json"
exclude_special_addresses: true
use_tls: false
tls_key_file: "key.pem"
tls_cert_file: "fullchain.pem"
```
`delay_between_scans` specifies time to wait between scans. For example 15m means that
scan starts at 17:43, takes 2 minutes, finishes at 17:45, next scan will start at 18:00
`exclude_special_addresses` excludes network and broadcast addresses from scanning and results.
With subnets in example above, those would be `192.168.145.0`,`192.168.145.255`,`10.250.100.64`,`10.250.100.95`.
`persistence_location` indicates where data should be stored. It needs to be writable.
# Requirements
Scanning is done by running:
```go
exec.Command("ping", "-n", "-W", "0.2", "-c", "1", addr)
```
So you need OS that has `ping` command with those options.
Tested with GNU coreutils on archlinux. Also works on FreeBSD, however, FreeBSD's ping will wait 1 second instead of
0.2 seconds, making scanning networks with a lot of free IPs slower.
While we're at it, hosts are expected to reply within 0.2 seconds (except on FreeBSD, where ping is not accepting
fractional timeout values). This is currently hard-coded.
# Authentication
Since I don't think that any data presented by this tool would be considered sensitive, I didn't implement any
authentication mechanism. If for some reason you decided that you NEED one, consider following options:
- Use firewall to only allow trusted networks to access this tool
- If this tool happens to be running on your workstation, bind it to localhost only
- Bind this tool to localhost only and use SSH port forwarding
- Set up reverse proxy with authorization, then bind this tool to localhost only.
Reference in a new issue View git blame Copy permalink