summaryrefslogtreecommitdiffstats
path: root/todo/shinnok.txt
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 07:42:04 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 07:42:04 +0000
commit0d47952611198ef6b1163f366dc03922d20b1475 (patch)
tree3d840a3b8c0daef0754707bfb9f5e873b6b1ac13 /todo/shinnok.txt
parentInitial commit. (diff)
downloadnmap-0d47952611198ef6b1163f366dc03922d20b1475.tar.xz
nmap-0d47952611198ef6b1163f366dc03922d20b1475.zip
Adding upstream version 7.94+git20230807.3be01efb1+dfsg.upstream/7.94+git20230807.3be01efb1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--todo/shinnok.txt150
1 files changed, 150 insertions, 0 deletions
diff --git a/todo/shinnok.txt b/todo/shinnok.txt
new file mode 100644
index 0000000..b294e42
--- /dev/null
+++ b/todo/shinnok.txt
@@ -0,0 +1,150 @@
+In progress:
+============
+
+o We should offer partial results when a host
+ timeouts. I (Fyodor) have been against this in the past, but maybe
+ the value is sufficient to be worth the maintenance headaches. Many
+ users have asked for this. If we do implement this, we may want to
+ only print results for the COMPLETED phases (e.g. host discovery,
+ port scanning, version detection, traceroute, NSE, etc.) Trying to
+ print partial results of a port scan or NSE or the like might be a
+ pain. And if we print some results for a host which timeouts, we
+ should give a very clear warning that the results for that host are
+ incomplete. As an example, here is someone who hacked Nmap source
+ code to achieve this: http://seclists.org/pen-test/2010/Mar/108.
+ o Another benefit would be that it would allow us to clean
+ up/regularize the host output code. Right now there are I think
+ three places where a host's final output can be printed. If,
+ instead, that code just looked at what information was available and
+ printed that out only, we could potentially isolate it in just one
+ place.
+ o This also might let us provide a feature for skipping the rest of
+ an Nmap phase which is going too slowly (I think that has its own
+ Nmap TODO item).
+
+Hanging(waiting for further input, etc..):
+==========================================
+
+o Nmap *poor's man* test suite by expanding on what I already have in
+ /nmap-exp/shinnok/nmap-test-script.
+
+o NMAP reports different service results every so often with the same port.
+ http://seclists.org/nmap-dev/2011/q2/815
+
+o Review latest revision of Marek's ncat_proxy.patch - DONE
+ http://seclists.org/nmap-dev/2011/q2/573
+ o Commit approval pending
+
+Pending:
+========
+
+Pending (low priority):
+=======================
+
+o E-mail nmap-dev with GProfiles /ncrack
+ o Create new default username list:
+ http://seclists.org/nmap-dev/2010/q1/798
+ o Could be a SoC Ncrack task, though should prove useful for Nmap
+ too
+ o We probably want to support several lists. Like an admin/default
+ list like "root", "admin", "administrator", "web", "user", "test",
+ and also a general list which we obtain from spidering from
+ emails, etc.
+
+Potential:
+==========
+
+COMPLETED:
+==========
+
+o Add a --append-output option to ncat. [DONE - r25737]
+
+o libpcre/pcre.h - is cleared upon make distclean thus leaving the SVN
+ working directory dirty
+ http://seclists.org/nmap-dev/2011/q2/708
+
+o De-duplicate code by unifying ncat_broker.c and ncat_listen.c code paths,
+ either as a single file in ncat_listen.c or merge duplicate code in
+ ncat_listen.c and keep only broker specific code in ncat_broker.c(it it's a
+ lot of code, otherwise ncat_listen.c would do just fine).
+
+o Nmap should defer address parsing in arguments until it has read
+ through all the args. Otherwise you get an error if you use like -S
+ with an IPv6 address before you put -6 in the command line. You
+ get a similar problem (on David's IPv6 branch) if you do "-A -6"
+ (but "-6 -A works properly).
+
+o Delve into Lua and NSE and try to write some scripts to get the hang
+ of it and gain a better understanding of the NSE engine in Nmap.
+ o Written two NSE scripts, http-reverse-ip and http-google-email that
+ can be found in /nmap-exp/shinnok/nse.
+
+o E-mail nmap-dev with QtCreator usage steps for Nmap
+
+--
+o Ncat hangs on ssl -> REFACTORING
+ some refactoring left to be done to reduce code duplication
+ http://seclists.org/nmap-dev/2011/q2/842
+ o Commit current switch/ifdef refactoring patch.
+ o Research code deduplication even further.
+
+o Ncat chat (at least in ssl mode) no longer gives the banner greeting
+ when I connect. This worked in r23918, but not in r24185, which is
+ the one running on chat.nmap.org as of 6/20/11. Verify by running
+ "ncat --ssl -v chat.nmap.org"
+
+o Pending uncompleted SSL handshakes when in --exec* listening mode make
+ Ncat consume 100% cpu(core/thread).
+ Possible solutions:
+ o Listen on the union of the two sets in ncat_listen.c composed of the
+ current set and a secondary one, ssl_pending which should include the
+ pending ssl hanshake sockets.
+ o Timeout ssl handshakes.
+ o Delay adding the exec output pipes to fselect/WaitForMultipleObjects
+ until the ssl handshake has been completed.
+ http://seclists.org/nmap-dev/2011/q2/988
+---
+
+o Fix ncat.xml(the input for the man page) examples section. - David came up
+ with the final right fix on this one.
+
+o Ncat should close its socket and refuse further connections after the first
+ one, if invoked without --keep-open. That's what traditional netcat does
+ too. - DONE [r24197]
+ http://seclists.org/nmap-dev/2011/q2/944
+ o Add TEST in ncat-test.pl - DONE [r24373]
+
+o Closing Zenmap without stopping the scan first will leave nmap running in
+ the process list on Windows. [r24308]
+ [Actually, Zenmap was unable to kill the nmap scan processes at all on
+ Windows]
+
+o Zenmap should wait for the return exit code of the nmap scanning subprocess
+ upon killing it(canceled scan), otherwise the subprocesses will enter a
+ defunct(zombie) state.[r24235]
+
+o Fix build_icmp_raw and build_igmp_raw filling the packet data payload
+ with zeroes instead of the supplied random data, when nmap is invoked
+ with --data-length.[r24127]
+
+o Investigate and document how easy it is to drop Ncat.exe by itself
+ on other systems and have it work. [r24242]
+ http://seclists.org/nmap-dev/2011/q2/1090
+
+ o We should also look into the dependencies of Nmap and Zenmap.
+ It may be instructive to look at "Portable Firefox"
+ (http://portableapps.com/apps/internet/firefox_portable) which is
+ built using open source technology from portableapps.com, or look at
+ "The Network Toolkit" by Cace
+ (http://www.cacetech.com/products/network_toolkit.html).
+
+o --max-conns is broken in latest svn -> fixed in r24130, other two
+ bugs discovered:
+ o --max-conns 0 kills ncat with a glibc assertion error on calloc with
+ zero as nmemb(??) at:
+ init_fdlist(&broadcast_fdlist, o.conn_limit);
+ o When killing the first initiated connection on --max-conns > 1 Ncat:
+ Ncat: Program bug: fd (5) not on list. QUITTING.
+ [DONE]The previous two bugs were introduced in r24130, they are now fixed
+ in r24193.
+