It has been a full month since we launched Project Sonar and I wanted to provide quick update about where things are, the feedback we have received, and where we are going from here.
We have received a ton of questions from interested contributors about the legal risk of internet-wide scanning. These risks are real, but differ widely by region, country, and type of scan. We can't provide legal advice, but we have obtained help from the illustrious Marcia Hofmann, who has written a great blog post describing the issues involved. As always, every situation is different, and we do recommend getting legal counsel before embarking on your own scans. If you have don't have the appetite (or budget) to hire a lawyer, you can still get involved on the research side by downloading and analyzing publicly available datasets from Scans.IO.
Currently, we are running regular scans for SSL certificates, IPv4 reverse DNS lookups, and most recently, HTTP GET requests. Our current challenge is automating the pipeline between the job scheduler and the final upload to the Scans.IO portal. We should have the process worked out and the new datasets publicly available in the next couple weeks. As the processing side improves, we will continue to add new protocols and types of probes to our recurring scans. If you have any ideas for what you would like to see covered, please leave a comment below, or get in touch via research-at-rapid7.com.