blob: b674d16ee973d3759c9a11b29021ce902f467123 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
==
GSoC 2011 TASKS:
o Work on my GSoC vulnerability and exploitation script ideas:
https://secwiki.org/w/Nmap/Script_Ideas#Djalal_Harouni
o Review all the "Improve NSE HTTP architecture" proposal suggetions
and comments, and try to include them and update the proposal.
http://seclists.org/nmap-dev/2011/q2/967
o Start a thread on Nmap-dev about users favorite Nmap and NSE commands,
and create a special page for it in the secwiki.org site.
This will also let us to create more scan profiles for Zenmap.
==
1) Nmap Scripting Engine Infrastructure:
o [High priority]
Take a look at Dan's NSE XML output patch and try to commit it.
http://seclists.org/nmap-dev/2011/q2/1230
o NSE Version Numbering.
http://seclists.org/nmap-dev/2010/q4/693
[Other tasks]
o Propose a better duplicate scanned IPs filtering engine.
2) NSE Scripts:
[Priorities tasks]
o NFS/RPC features:
- add NFS READLINK support to let nfs-ls show symbolic files.
o Review NSE scripts and libs, and fixing bugs:
- Document all the new NFS procedures.
[Other tasks]
o NFS/RPC features:
- Add more authentication support: Unix authentication.
- NFSv4 support.
- Add recursion support to nfs-ls.nse
==
MAYBE:
o Create a new rule "versionrule" which will be used by version
category scripts.
http://seclists.org/nmap-dev/2010/q3/551
o NSE debugger.
o Add more NSE control for long running scripts: one option will be a
boolean expression filter (like: tcpdump) which will change NSE scripts
arguments or behaviour according to previous results, this will be
really useful for big networks. Another option will be a generic NSE
(Lua) script with an easy and readable code that includes expressions or
filters selection to let us change NSE arguments according to previous
results.
Note: this option will be useful on big networks. however for the moment
this is a simple idea and it needs further discussion on the nmap-dev.
o Privileges dropping for NSE scripts [nmap TODO list].
o NSE security review [nmap TODO list].
o Fixing bugs.
- NSE not honoring the source port flag when doing version scan.
http://seclists.org/nmap-dev/2010/q2/576
David said that it will not be easy to support setting the source port
http://seclists.org/nmap-dev/2010/q3/331
==
DONE:
1) Nmap Scripting Engine Infrastructure:
o Submitted the "Improve NSE HTTP architecture" proposal
http://seclists.org/nmap-dev/2011/q2/967
o Make NSE scripts able to retrieve the interface network
information.
o LuaFileSystem directory iterator [1] port.
[1] http://keplerproject.github.com/luafilesystem/
o New class of scripts which use two new script rules:
- Script Pre-scanning and Script Post-scanning rules: "prerule" and
"postrule". Documented these new phases.
- Update scripts to use these new rules:
dns-zone-transfer now uses "prerule" and "portrule".
o Update other parts of Nmap book to show the new Script scan phases.
o Fixing bugs:
- NSE not honoring the Exclude directive bug fixed and committed
as r18467.
o Let NSE "prerule", "portrule" and "hostrule" scripts to add new
discoverd targets to Nmap.
o Update scripting.xml to show the new script scan phases.
2) NSE Scripts:
o smtp-vuln-cve2011-1764 script to check Exim DKIM Format String
vulnerability (CVE-2011-1764).
o Updated and Improved ftp-vsftpd-backdoor to detect the vsFTPd backdoor
(CVE-2011-2523).
o ftp-vuln-cve2010-4221.nse script to check the ProFTPD Telnet IAC stack
overflow (CVE-2010-4221).
o smtp-vuln-cve2010-4344 script to check and exploit Exim SMTP Server:
heap overflow (CVE-2010-4344) and privileges escalation (CVE-2010-4345)
o SMTP library.
o Rewritten SMTP scripts to use the smtp library:
- smtp-commands
- smtp-open-relay
- smtp-enum-users
o smtp-vuln-cve2011-1720 script to check for CVE-2011-1720
o broadcast-avahi-dos script to check for CVE-2011-1002
o NFS/RPC features:
- New script: nfs-ls which combines nfs-dirlist and nfs-acls and try to
emulates some features of the old "ls" unix tool. The script support
NFSv2 and NFSv3.
- Readapted the RPC and NFS library code with a new re-design with new
high level functions.
- Added NFS procedures support:
NFSv2: LOOKUP
NFSv3: FSSTAT, FSINFO, READDIRPLUS, PATHCONF, ACCESS, LOOKUP
|