Skip to content

Add Go-based nmap agent for ZEPSEC vulnerability scanning#1

Open
peteralcock wants to merge 1 commit intomainfrom
claude/go-nmap-agent-PmbTT
Open

Add Go-based nmap agent for ZEPSEC vulnerability scanning#1
peteralcock wants to merge 1 commit intomainfrom
claude/go-nmap-agent-PmbTT

Conversation

@peteralcock
Copy link
Owner

@peteralcock peteralcock commented Jan 31, 2026

Summary

This PR introduces a new Go-based remote scanning agent for the ZEPSEC vulnerability tracking platform. The agent deploys to target machines to execute nmap scans and report results back to the ZEPSEC server for centralized network monitoring.

Key Changes

  • Agent binary (main.go, server.go): HTTP server that receives scan jobs from ZEPSEC via POST /scans, executes nmap, and reports results back to /api/v1/ra_api
  • Scanner (scanner.go): Executes nmap with configurable options, parses XML output, and converts results to ZEPSEC API format
  • Reporter (reporter.go): Submits scan results to ZEPSEC server with retry logic and exponential backoff
  • Scheduler (scheduler.go): Autonomous periodic scanning mode for continuous network monitoring without server coordination
  • Network utilities (network.go): External IP detection, local interface enumeration, and connectivity checks
  • Configuration (config.go, config.example.yml): YAML-based config with environment variable overrides for all settings
  • Build tooling (Makefile, Dockerfile): Multi-platform builds (Linux, macOS, Windows) and Docker image with non-root user and sudo nmap access
  • Documentation (README.md): Architecture overview, quick start, configuration guide, API endpoints, and security notes

Notable Implementation Details

  • Two operating modes: Server-dispatched (reactive) and autonomous scheduled (proactive) scanning
  • Authentication: Bearer token for incoming requests, API token for result submission
  • Async execution: Scan jobs are accepted immediately and executed in background goroutines
  • Robust error handling: Retry logic with exponential backoff for result submission, graceful shutdown
  • Security: Docker image runs as non-root user with sudo access only for nmap; TLS support for agent listener
  • Flexible configuration: All settings support environment variable overrides for containerized deployments
  • Nmap XML parsing: Structured conversion of nmap output to ZEPSEC's JSON API format with service detection, port states, and host addresses

Testing

The agent is ready for integration testing with a ZEPSEC Rails server instance. Configuration examples and deployment instructions are provided in the README.

https://claude.ai/code/session_01LVKNMhijABe5c9ApiLqzJZ

@claude
Add Go nmap remote scanning agent for distributed network monitoring
13fbbfb 
Implements a standalone Go agent that integrates with the ZEPSEC platform's
existing remote agent (RA) protocol. The agent receives scan jobs dispatched
by the Rails server via POST /scans, executes nmap locally, parses XML output,
and reports structured results back to /api/v1/ra_api.

Features:
- Server-dispatched mode: accepts scan jobs from ZEPSEC server
- Autonomous scheduled mode: periodic scans without server coordination
- Bearer token authentication matching ZEPSEC agent model
- Nmap XML parsing with full service/port/host extraction
- External IP detection for source_ip reporting
- TLS support, YAML+env var configuration, Docker packaging
- Health check and status endpoints
- Graceful shutdown with signal handling
- Cross-platform builds via Makefile

https://claude.ai/code/session_01LVKNMhijABe5c9ApiLqzJZ
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@peteralcock @claude