mirror of
https://github.com/nmap/nmap.git
synced 2025-12-24 16:39:03 +00:00
latest items from chat w/David
This commit is contained in:
fyodor
@@ -3,39 +3,17 @@ TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*-
|
||||
o Fix reported (by many people) crash when trying to launch Zenmap on
|
||||
Mac OS X 10.7 (Lion).
|
||||
|
||||
o Add anti-spam defenses to secwiki.com to stop the current onslaught
|
||||
of spam. An extention like ConfirmEdit
|
||||
(http://www.mediawiki.org/wiki/Extension:ConfirmEdit) may be a good choice.
|
||||
|
||||
o Collect many more IPv6 OS detection training samples from users
|
||||
- Can start with nmap-dev, but will probably have to do an Nmap
|
||||
release too.
|
||||
o Unless we get good arguments for keeping it, we should remove Mac OS
|
||||
X PowerPC support from our binaries. Apple stopped selling PowerPC
|
||||
machines in 2006 and they stopped making new OS releases available
|
||||
for PowerPC as of Snow Leopard (10.6) in August 2009. See this
|
||||
thread: http://seclists.org/nmap-dev/2011/q3/430
|
||||
|
||||
o Integrate more NSE scripts, I think our review queue is getting
|
||||
pretty long.
|
||||
|
||||
o Document IPv6 OS detection at http://nmap.org/book/osdetect.html
|
||||
|
||||
o Improvements to the Nmap multicast IPv6 host discovery scripts
|
||||
- Note that we hope to move them into core Nmap at some point, but
|
||||
would be good to improve them for now.
|
||||
- They should probably print the discovered IPv6 addresses, otherwise
|
||||
they don't actually give the user any information (despite doing
|
||||
their work) unless you give the newtargets script arg. This would
|
||||
be similar to the current behavior of broadcast-ping.
|
||||
- It might be nice if they gave the target MAC address and vendor
|
||||
when printing the discovered IPv6 information too. Daniel Miller
|
||||
wrote an initial patch for this (though we need to make sure it can
|
||||
handle (e.g. doesn't crash for) non-ethernet
|
||||
devices:http://seclists.org/nmap-dev/2011/q3/862. Our broadcast-ping script
|
||||
currently prints MAC addresses.
|
||||
- It is great that the scripts properly use a specific device when
|
||||
given the Nmap -e option, but they shouldn't require this. They
|
||||
should do something smart if no specific device name is given.
|
||||
Examples include performing on all compatable devices or trying to
|
||||
pick the best device. The all-devices appraoch may be the best,
|
||||
IMHO. That is how our broadcast-ping script works now.
|
||||
|
||||
o Do more thinking/researching/investigating the way our machine
|
||||
learning IPv6 OS detection system decides whether a match is perfect
|
||||
and/or how close the match is. Maybe our current system works well
|
||||
@@ -50,14 +28,12 @@ o We should add fields to the service submitter
|
||||
(http://insecure.org/cgi-bin/submit.cgi?new-service) for the
|
||||
application name and version.
|
||||
|
||||
o Unless we get good arguments for keeping it, we should remove Mac OS
|
||||
X PowerPC support from our binaries. Apple stopped selling PowerPC
|
||||
machines in 2006 and they stopped making new OS releases available
|
||||
for PowerPC as of Snow Leopard (10.6) in August 2009. See this
|
||||
thread: http://seclists.org/nmap-dev/2011/q3/430
|
||||
|
||||
o Give CPE visibility to NSE.
|
||||
|
||||
o Collect many more IPv6 OS detection training samples from users
|
||||
- Can start with nmap-dev, but will probably have to do an Nmap
|
||||
release too.
|
||||
|
||||
o Make sure we update everywhere relevant (e.g. refguide, etc.) to
|
||||
note the addition in Nmap of the Liblinear library for large linear
|
||||
classification (http://www.csie.ntu.edu.tw/~cjlin/liblinear/). It
|
||||
@@ -748,6 +724,30 @@ o random tip database
|
||||
|
||||
DONE:
|
||||
|
||||
o Improvements to the Nmap multicast IPv6 host discovery scripts
|
||||
- Note that we hope to move them into core Nmap at some point, but
|
||||
would be good to improve them for now.
|
||||
- They should probably print the discovered IPv6 addresses, otherwise
|
||||
they don't actually give the user any information (despite doing
|
||||
their work) unless you give the newtargets script arg. This would
|
||||
be similar to the current behavior of broadcast-ping.
|
||||
- It might be nice if they gave the target MAC address and vendor
|
||||
when printing the discovered IPv6 information too. Daniel Miller
|
||||
wrote an initial patch for this (though we need to make sure it can
|
||||
handle (e.g. doesn't crash for) non-ethernet
|
||||
devices:http://seclists.org/nmap-dev/2011/q3/862. Our broadcast-ping script
|
||||
currently prints MAC addresses.
|
||||
- It is great that the scripts properly use a specific device when
|
||||
given the Nmap -e option, but they shouldn't require this. They
|
||||
should do something smart if no specific device name is given.
|
||||
Examples include performing on all compatable devices or trying to
|
||||
pick the best device. The all-devices appraoch may be the best,
|
||||
IMHO. That is how our broadcast-ping script works now.
|
||||
|
||||
o Add anti-spam defenses to secwiki.com to stop the current onslaught
|
||||
of spam. An extention like ConfirmEdit
|
||||
(http://www.mediawiki.org/wiki/Extension:ConfirmEdit) may be a good choice.
|
||||
|
||||
o Collect a bunch of IPv6 OS detection signatures from users,
|
||||
integrate them, and then when we have enough, re-enable OS detection
|
||||
results.
|
||||
|
||||
Reference in New Issue
Block a user