diff options
Diffstat (limited to 'todo/djalal.txt')
| -rw-r--r-- | todo/djalal.txt | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/todo/djalal.txt b/todo/djalal.txt new file mode 100644 index 0000000..b674d16 --- /dev/null +++ b/todo/djalal.txt @@ -0,0 +1,146 @@ +== + +GSoC 2011 TASKS: + +o Work on my GSoC vulnerability and exploitation script ideas: + https://secwiki.org/w/Nmap/Script_Ideas#Djalal_Harouni + +o Review all the "Improve NSE HTTP architecture" proposal suggetions + and comments, and try to include them and update the proposal. + http://seclists.org/nmap-dev/2011/q2/967 + +o Start a thread on Nmap-dev about users favorite Nmap and NSE commands, + and create a special page for it in the secwiki.org site. + This will also let us to create more scan profiles for Zenmap. + +== + +1) Nmap Scripting Engine Infrastructure: + +o [High priority] + Take a look at Dan's NSE XML output patch and try to commit it. + http://seclists.org/nmap-dev/2011/q2/1230 + +o NSE Version Numbering. + http://seclists.org/nmap-dev/2010/q4/693 + +[Other tasks] +o Propose a better duplicate scanned IPs filtering engine. + + +2) NSE Scripts: + +[Priorities tasks] +o NFS/RPC features: +- add NFS READLINK support to let nfs-ls show symbolic files. + +o Review NSE scripts and libs, and fixing bugs: + - Document all the new NFS procedures. + +[Other tasks] +o NFS/RPC features: +- Add more authentication support: Unix authentication. +- NFSv4 support. +- Add recursion support to nfs-ls.nse + + +== + +MAYBE: + +o Create a new rule "versionrule" which will be used by version + category scripts. + http://seclists.org/nmap-dev/2010/q3/551 + +o NSE debugger. + +o Add more NSE control for long running scripts: one option will be a +boolean expression filter (like: tcpdump) which will change NSE scripts +arguments or behaviour according to previous results, this will be +really useful for big networks. Another option will be a generic NSE +(Lua) script with an easy and readable code that includes expressions or +filters selection to let us change NSE arguments according to previous +results. +Note: this option will be useful on big networks. however for the moment +this is a simple idea and it needs further discussion on the nmap-dev. + +o Privileges dropping for NSE scripts [nmap TODO list]. + +o NSE security review [nmap TODO list]. + + +o Fixing bugs. +- NSE not honoring the source port flag when doing version scan. + http://seclists.org/nmap-dev/2010/q2/576 + + David said that it will not be easy to support setting the source port + http://seclists.org/nmap-dev/2010/q3/331 + + +== + +DONE: + +1) Nmap Scripting Engine Infrastructure: + +o Submitted the "Improve NSE HTTP architecture" proposal + http://seclists.org/nmap-dev/2011/q2/967 + +o Make NSE scripts able to retrieve the interface network + information. + +o LuaFileSystem directory iterator [1] port. +[1] http://keplerproject.github.com/luafilesystem/ + +o New class of scripts which use two new script rules: + - Script Pre-scanning and Script Post-scanning rules: "prerule" and + "postrule". Documented these new phases. + - Update scripts to use these new rules: + dns-zone-transfer now uses "prerule" and "portrule". + +o Update other parts of Nmap book to show the new Script scan phases. + +o Fixing bugs: + - NSE not honoring the Exclude directive bug fixed and committed + as r18467. + +o Let NSE "prerule", "portrule" and "hostrule" scripts to add new +discoverd targets to Nmap. + +o Update scripting.xml to show the new script scan phases. + + +2) NSE Scripts: + +o smtp-vuln-cve2011-1764 script to check Exim DKIM Format String + vulnerability (CVE-2011-1764). + +o Updated and Improved ftp-vsftpd-backdoor to detect the vsFTPd backdoor + (CVE-2011-2523). + +o ftp-vuln-cve2010-4221.nse script to check the ProFTPD Telnet IAC stack + overflow (CVE-2010-4221). + +o smtp-vuln-cve2010-4344 script to check and exploit Exim SMTP Server: + heap overflow (CVE-2010-4344) and privileges escalation (CVE-2010-4345) + +o SMTP library. + +o Rewritten SMTP scripts to use the smtp library: + - smtp-commands + - smtp-open-relay + - smtp-enum-users + +o smtp-vuln-cve2011-1720 script to check for CVE-2011-1720 + +o broadcast-avahi-dos script to check for CVE-2011-1002 + +o NFS/RPC features: + - New script: nfs-ls which combines nfs-dirlist and nfs-acls and try to + emulates some features of the old "ls" unix tool. The script support + NFSv2 and NFSv3. + - Readapted the RPC and NFS library code with a new re-design with new + high level functions. + - Added NFS procedures support: + NFSv2: LOOKUP + NFSv3: FSSTAT, FSINFO, READDIRPLUS, PATHCONF, ACCESS, LOOKUP |