1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
In progress:
============
o We should offer partial results when a host
timeouts. I (Fyodor) have been against this in the past, but maybe
the value is sufficient to be worth the maintenance headaches. Many
users have asked for this. If we do implement this, we may want to
only print results for the COMPLETED phases (e.g. host discovery,
port scanning, version detection, traceroute, NSE, etc.) Trying to
print partial results of a port scan or NSE or the like might be a
pain. And if we print some results for a host which timeouts, we
should give a very clear warning that the results for that host are
incomplete. As an example, here is someone who hacked Nmap source
code to achieve this: http://seclists.org/pen-test/2010/Mar/108.
o Another benefit would be that it would allow us to clean
up/regularize the host output code. Right now there are I think
three places where a host's final output can be printed. If,
instead, that code just looked at what information was available and
printed that out only, we could potentially isolate it in just one
place.
o This also might let us provide a feature for skipping the rest of
an Nmap phase which is going too slowly (I think that has its own
Nmap TODO item).
Hanging(waiting for further input, etc..):
==========================================
o Nmap *poor's man* test suite by expanding on what I already have in
/nmap-exp/shinnok/nmap-test-script.
o NMAP reports different service results every so often with the same port.
http://seclists.org/nmap-dev/2011/q2/815
o Review latest revision of Marek's ncat_proxy.patch - DONE
http://seclists.org/nmap-dev/2011/q2/573
o Commit approval pending
Pending:
========
Pending (low priority):
=======================
o E-mail nmap-dev with GProfiles /ncrack
o Create new default username list:
http://seclists.org/nmap-dev/2010/q1/798
o Could be a SoC Ncrack task, though should prove useful for Nmap
too
o We probably want to support several lists. Like an admin/default
list like "root", "admin", "administrator", "web", "user", "test",
and also a general list which we obtain from spidering from
emails, etc.
Potential:
==========
COMPLETED:
==========
o Add a --append-output option to ncat. [DONE - r25737]
o libpcre/pcre.h - is cleared upon make distclean thus leaving the SVN
working directory dirty
http://seclists.org/nmap-dev/2011/q2/708
o De-duplicate code by unifying ncat_broker.c and ncat_listen.c code paths,
either as a single file in ncat_listen.c or merge duplicate code in
ncat_listen.c and keep only broker specific code in ncat_broker.c(it it's a
lot of code, otherwise ncat_listen.c would do just fine).
o Nmap should defer address parsing in arguments until it has read
through all the args. Otherwise you get an error if you use like -S
with an IPv6 address before you put -6 in the command line. You
get a similar problem (on David's IPv6 branch) if you do "-A -6"
(but "-6 -A works properly).
o Delve into Lua and NSE and try to write some scripts to get the hang
of it and gain a better understanding of the NSE engine in Nmap.
o Written two NSE scripts, http-reverse-ip and http-google-email that
can be found in /nmap-exp/shinnok/nse.
o E-mail nmap-dev with QtCreator usage steps for Nmap
--
o Ncat hangs on ssl -> REFACTORING
some refactoring left to be done to reduce code duplication
http://seclists.org/nmap-dev/2011/q2/842
o Commit current switch/ifdef refactoring patch.
o Research code deduplication even further.
o Ncat chat (at least in ssl mode) no longer gives the banner greeting
when I connect. This worked in r23918, but not in r24185, which is
the one running on chat.nmap.org as of 6/20/11. Verify by running
"ncat --ssl -v chat.nmap.org"
o Pending uncompleted SSL handshakes when in --exec* listening mode make
Ncat consume 100% cpu(core/thread).
Possible solutions:
o Listen on the union of the two sets in ncat_listen.c composed of the
current set and a secondary one, ssl_pending which should include the
pending ssl hanshake sockets.
o Timeout ssl handshakes.
o Delay adding the exec output pipes to fselect/WaitForMultipleObjects
until the ssl handshake has been completed.
http://seclists.org/nmap-dev/2011/q2/988
---
o Fix ncat.xml(the input for the man page) examples section. - David came up
with the final right fix on this one.
o Ncat should close its socket and refuse further connections after the first
one, if invoked without --keep-open. That's what traditional netcat does
too. - DONE [r24197]
http://seclists.org/nmap-dev/2011/q2/944
o Add TEST in ncat-test.pl - DONE [r24373]
o Closing Zenmap without stopping the scan first will leave nmap running in
the process list on Windows. [r24308]
[Actually, Zenmap was unable to kill the nmap scan processes at all on
Windows]
o Zenmap should wait for the return exit code of the nmap scanning subprocess
upon killing it(canceled scan), otherwise the subprocesses will enter a
defunct(zombie) state.[r24235]
o Fix build_icmp_raw and build_igmp_raw filling the packet data payload
with zeroes instead of the supplied random data, when nmap is invoked
with --data-length.[r24127]
o Investigate and document how easy it is to drop Ncat.exe by itself
on other systems and have it work. [r24242]
http://seclists.org/nmap-dev/2011/q2/1090
o We should also look into the dependencies of Nmap and Zenmap.
It may be instructive to look at "Portable Firefox"
(http://portableapps.com/apps/internet/firefox_portable) which is
built using open source technology from portableapps.com, or look at
"The Network Toolkit" by Cace
(http://www.cacetech.com/products/network_toolkit.html).
o --max-conns is broken in latest svn -> fixed in r24130, other two
bugs discovered:
o --max-conns 0 kills ncat with a glibc assertion error on calloc with
zero as nmemb(??) at:
init_fdlist(&broadcast_fdlist, o.conn_limit);
o When killing the first initiated connection on --max-conns > 1 Ncat:
Ncat: Program bug: fd (5) not on list. QUITTING.
[DONE]The previous two bugs were introduced in r24130, they are now fixed
in r24193.
|
