mirror of
https://github.com/nmap/nmap.git
synced 2025-12-25 17:09:02 +00:00
Changes from discussion w/David
This commit is contained in:
fyodor
63
docs/TODO
63
docs/TODO
@@ -15,10 +15,6 @@ o Move nmap/docs/TODO into its own todo directory (probably nmap/todo)
|
||||
o Get set up for Coverity scan of latest version to see if it catches
|
||||
any important issues before stable release. [Fyodor,David]
|
||||
|
||||
o Once we go into deep stability freeze mode, create an nmap-exp
|
||||
development branches for changes we plan to integrate after the
|
||||
stable release. [Fyodor]
|
||||
|
||||
o Device categorization improvements
|
||||
o Examine Nmap's device categorization in nmap-os-deb and
|
||||
nmap-service-probes. Decide if some small categories which have
|
||||
@@ -113,9 +109,6 @@ o [Ncat] In verbose mode, I'd like to see clock time and maybe in/out
|
||||
o Change Nsock to give an error if you try to FD_SET a fd larger than
|
||||
FD_SETSIZE. [Brandon]
|
||||
|
||||
o Decide what to do about ncat source code headers -- maybe just use
|
||||
the Nmap ones.
|
||||
|
||||
o Change Nsock so that it is able to take advantage of more modern
|
||||
interfaces to dealing with large sockets, rather than just select.
|
||||
Perhaps we should look at poll(), Windows completion ports, and some
|
||||
@@ -124,6 +117,32 @@ o Change Nsock so that it is able to take advantage of more modern
|
||||
should do some benchmarking and decide on the interface to use for
|
||||
each platform.
|
||||
|
||||
o Ncat SSLv2 issues. See
|
||||
http://seclists.org/nmap-dev/2009/q1/0319.html. A big part of it is
|
||||
done, which was enhanced version detection probes to detect more SSL
|
||||
servers, The defect that remains is that Nsock can't connect to a
|
||||
small fraction of servers (including some of the ones detected by
|
||||
the new version probe). They are the servers that do only SSLv3 or
|
||||
TLSv1 and don't respond to a SSLv2-compatible ClientHello. Even
|
||||
though most servers don't support SSLv2, they usually respond to the
|
||||
ClientHello and just don't offer any SSLv2 features. [David/Venkat
|
||||
working on this]
|
||||
|
||||
o [nsock] Fix Makefile to handle dependencies correctly (if that turns
|
||||
out to be the problem). See
|
||||
http://seclists.org/nmap-dev/2009/q1/0629.html. o Or it may be
|
||||
related to SVN timestampling. See
|
||||
http://seclists.org/nmap-dev/2009/q1/0632.html. Diagnosed by David:
|
||||
http://seclists.org/nmap-dev/2009/q2/0728.html
|
||||
|
||||
o [Zenmap] The Search dialogue is helpful for finding a certain scan
|
||||
you've performed recently, but we should probably also offer a similar
|
||||
function for searching for certain applications/hosts within a scan
|
||||
(e.g. find all the hosts running Apache). This new functionality
|
||||
might be a find option or some other mechanism rather than being
|
||||
part of the Search dialogue proper.
|
||||
|
||||
|
||||
o Scanning through proxies
|
||||
o Nmap should be able to scan through proxy servers, particularly now
|
||||
that we have an NSE script for detectiong open proxies and now that
|
||||
@@ -330,16 +349,6 @@ o [NSE] Security Review
|
||||
address the known risk of malicious scripts too.
|
||||
o Consider that NSE runs scripts as root
|
||||
|
||||
o Ncat SSLv2 issues. See
|
||||
http://seclists.org/nmap-dev/2009/q1/0319.html. A big part of it is
|
||||
done, which was enhanced version detection probes to detect more SSL
|
||||
servers, The defect that remains is that Nsock can't connect to a
|
||||
small fraction of servers (including some of the ones detected by
|
||||
the new version probe). They are the servers that do only SSLv3 or
|
||||
TLSv1 and don't respond to a SSLv2-compatible ClientHello. Even
|
||||
though most servers don't support SSLv2, they usually respond to the
|
||||
ClientHello and just don't offer any SSLv2 features.
|
||||
|
||||
o Figure out and document (in at least the Ncat user's guide) the best
|
||||
way to use Ncat for chaining through proxies. One option is this
|
||||
sort of thing:
|
||||
@@ -354,13 +363,6 @@ o Consider converting this file to emacs org-mode
|
||||
o That format is still plain text and can be read/edited by vi
|
||||
users, etc.
|
||||
|
||||
o [Zenmap] The Search dialogue is helpful for finding a certain scan
|
||||
you've performed recently, but we should probably also offer a similar
|
||||
function for searching for certain applications/hosts within a scan
|
||||
(e.g. find all the hosts running Apache). This new functionality
|
||||
might be a find option or some other mechanism rather than being
|
||||
part of the Search dialogue proper.
|
||||
|
||||
o [Zenmap] More complete implementation of ZenmapCommandLine/profile
|
||||
editor improvement ideas. See
|
||||
http://www.bamsoftware.com/wiki/Nmap/ZenmapCommandLine. [David]
|
||||
@@ -373,12 +375,6 @@ o Look into whether we should loosen/change the global congestion
|
||||
Right now it seems to go WAY TOO FAST (e.g. several thousand
|
||||
packets per second on my DSL line).
|
||||
|
||||
o [nsock] Fix Makefile to handle dependencies correctly (if that turns
|
||||
out to be the problem). See
|
||||
http://seclists.org/nmap-dev/2009/q1/0629.html.
|
||||
o Or it may be related to SVN timestampling. See
|
||||
http://seclists.org/nmap-dev/2009/q1/0632.html.
|
||||
|
||||
o We should document an official way to compile/test refguide.xml so
|
||||
people can more easily test their changes to it. This will probably
|
||||
involve moving legal-notices.xml into /nmap/docs, among other
|
||||
@@ -597,6 +593,13 @@ o random tip database
|
||||
|
||||
DONE:
|
||||
|
||||
o Decide what to do about ncat source code headers -- maybe just use
|
||||
the Nmap ones. [David added the Nmap headers]
|
||||
|
||||
o Once we go into deep stability freeze mode, create an nmap-exp
|
||||
development branches for changes we plan to integrate after the
|
||||
stable release. [Fyodor]
|
||||
|
||||
o Update CHANGELOG for latest changes [Fyodor]
|
||||
|
||||
o Release 4.85BETA10
|
||||
|
||||
Reference in New Issue
Block a user