From 0d47952611198ef6b1163f366dc03922d20b1475 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 09:42:04 +0200 Subject: Adding upstream version 7.94+git20230807.3be01efb1+dfsg. Signed-off-by: Daniel Baumann --- todo/shinnok.txt | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 todo/shinnok.txt (limited to 'todo/shinnok.txt') diff --git a/todo/shinnok.txt b/todo/shinnok.txt new file mode 100644 index 0000000..b294e42 --- /dev/null +++ b/todo/shinnok.txt @@ -0,0 +1,150 @@ +In progress: +============ + +o We should offer partial results when a host + timeouts. I (Fyodor) have been against this in the past, but maybe + the value is sufficient to be worth the maintenance headaches. Many + users have asked for this. If we do implement this, we may want to + only print results for the COMPLETED phases (e.g. host discovery, + port scanning, version detection, traceroute, NSE, etc.) Trying to + print partial results of a port scan or NSE or the like might be a + pain. And if we print some results for a host which timeouts, we + should give a very clear warning that the results for that host are + incomplete. As an example, here is someone who hacked Nmap source + code to achieve this: http://seclists.org/pen-test/2010/Mar/108. + o Another benefit would be that it would allow us to clean + up/regularize the host output code. Right now there are I think + three places where a host's final output can be printed. If, + instead, that code just looked at what information was available and + printed that out only, we could potentially isolate it in just one + place. + o This also might let us provide a feature for skipping the rest of + an Nmap phase which is going too slowly (I think that has its own + Nmap TODO item). + +Hanging(waiting for further input, etc..): +========================================== + +o Nmap *poor's man* test suite by expanding on what I already have in + /nmap-exp/shinnok/nmap-test-script. + +o NMAP reports different service results every so often with the same port. + http://seclists.org/nmap-dev/2011/q2/815 + +o Review latest revision of Marek's ncat_proxy.patch - DONE + http://seclists.org/nmap-dev/2011/q2/573 + o Commit approval pending + +Pending: +======== + +Pending (low priority): +======================= + +o E-mail nmap-dev with GProfiles /ncrack + o Create new default username list: + http://seclists.org/nmap-dev/2010/q1/798 + o Could be a SoC Ncrack task, though should prove useful for Nmap + too + o We probably want to support several lists. Like an admin/default + list like "root", "admin", "administrator", "web", "user", "test", + and also a general list which we obtain from spidering from + emails, etc. + +Potential: +========== + +COMPLETED: +========== + +o Add a --append-output option to ncat. [DONE - r25737] + +o libpcre/pcre.h - is cleared upon make distclean thus leaving the SVN + working directory dirty + http://seclists.org/nmap-dev/2011/q2/708 + +o De-duplicate code by unifying ncat_broker.c and ncat_listen.c code paths, + either as a single file in ncat_listen.c or merge duplicate code in + ncat_listen.c and keep only broker specific code in ncat_broker.c(it it's a + lot of code, otherwise ncat_listen.c would do just fine). + +o Nmap should defer address parsing in arguments until it has read + through all the args. Otherwise you get an error if you use like -S + with an IPv6 address before you put -6 in the command line. You + get a similar problem (on David's IPv6 branch) if you do "-A -6" + (but "-6 -A works properly). + +o Delve into Lua and NSE and try to write some scripts to get the hang + of it and gain a better understanding of the NSE engine in Nmap. + o Written two NSE scripts, http-reverse-ip and http-google-email that + can be found in /nmap-exp/shinnok/nse. + +o E-mail nmap-dev with QtCreator usage steps for Nmap + +-- +o Ncat hangs on ssl -> REFACTORING + some refactoring left to be done to reduce code duplication + http://seclists.org/nmap-dev/2011/q2/842 + o Commit current switch/ifdef refactoring patch. + o Research code deduplication even further. + +o Ncat chat (at least in ssl mode) no longer gives the banner greeting + when I connect. This worked in r23918, but not in r24185, which is + the one running on chat.nmap.org as of 6/20/11. Verify by running + "ncat --ssl -v chat.nmap.org" + +o Pending uncompleted SSL handshakes when in --exec* listening mode make + Ncat consume 100% cpu(core/thread). + Possible solutions: + o Listen on the union of the two sets in ncat_listen.c composed of the + current set and a secondary one, ssl_pending which should include the + pending ssl hanshake sockets. + o Timeout ssl handshakes. + o Delay adding the exec output pipes to fselect/WaitForMultipleObjects + until the ssl handshake has been completed. + http://seclists.org/nmap-dev/2011/q2/988 +--- + +o Fix ncat.xml(the input for the man page) examples section. - David came up + with the final right fix on this one. + +o Ncat should close its socket and refuse further connections after the first + one, if invoked without --keep-open. That's what traditional netcat does + too. - DONE [r24197] + http://seclists.org/nmap-dev/2011/q2/944 + o Add TEST in ncat-test.pl - DONE [r24373] + +o Closing Zenmap without stopping the scan first will leave nmap running in + the process list on Windows. [r24308] + [Actually, Zenmap was unable to kill the nmap scan processes at all on + Windows] + +o Zenmap should wait for the return exit code of the nmap scanning subprocess + upon killing it(canceled scan), otherwise the subprocesses will enter a + defunct(zombie) state.[r24235] + +o Fix build_icmp_raw and build_igmp_raw filling the packet data payload + with zeroes instead of the supplied random data, when nmap is invoked + with --data-length.[r24127] + +o Investigate and document how easy it is to drop Ncat.exe by itself + on other systems and have it work. [r24242] + http://seclists.org/nmap-dev/2011/q2/1090 + + o We should also look into the dependencies of Nmap and Zenmap. + It may be instructive to look at "Portable Firefox" + (http://portableapps.com/apps/internet/firefox_portable) which is + built using open source technology from portableapps.com, or look at + "The Network Toolkit" by Cace + (http://www.cacetech.com/products/network_toolkit.html). + +o --max-conns is broken in latest svn -> fixed in r24130, other two + bugs discovered: + o --max-conns 0 kills ncat with a glibc assertion error on calloc with + zero as nmemb(??) at: + init_fdlist(&broadcast_fdlist, o.conn_limit); + o When killing the first initiated connection on --max-conns > 1 Ncat: + Ncat: Program bug: fd (5) not on list. QUITTING. + [DONE]The previous two bugs were introduced in r24130, they are now fixed + in r24193. + -- cgit v1.2.3