Rumāl

Project Name: Project 8 - Rumāl
Mentor: Pietro Delsante (IT)
Backup mentor: Fedele Mantuano (IT)
Skills required: Python, Django + TastyPie, HTML/JavaScript, MongoDB
Project type: Improve existing tool
Project goal: Provide a web GUI for Thug, designed as a sort of social network where data can be enriched with metadata coming from various sources, and where users can share results, settings, analyses and whatever else.
 
Description:
Thug [1] is a client honeypot developed during previous GSoC years that is used to analyse potentially malicious websites. Now that Thug is pretty stable and in general use, this project aims to be Thug's dress - providing a convenient web GUI - but also its weapon, as it should provide a set of tools that should enrich Thug's output with new metadata and allow for correlation of results.

Rumāl is composed of a front-end and a back-end, each running a set of daemons that provide the main functionality, some RESTful APIs and the web GUI. Rumāl is written in pure Python, using Django for the web server and Django-Tastypie for the APIs; the HTML/JavaScript part is made with standard libraries like Material.js, jQuery, jQuery UI and so on.

While it is perfectly possible to use it as a simple web GUI for Thug on your own computer, with you as the only user, we want to take Rumāl to a powerful multi-user environment with you. During GSoC 2016, we want to add all the social elements that are required to make it a strong, cooperative platform. This includes elements like user profiles, data sharing, correlated searches and so on.
 
Achievements:
Rumal's architecture has been completely reviewed and the communication channel between the front-end and back-end is now provided by RabbitMQ, which also makes the whole process quicker. All of Rumal's components are now available through a set of Docker images that can be run through docker compose. A lot of bugs have been fixed, and several new "social" features have been added (e.g. user groups, private scans, tags, comments). Finally, Rumal now has its own documentation site. To get more information about what has been done during GSoC 2016, please head to Dennis Parchkov's GitHub pages.