diff --git a/todo/nmap.txt b/todo/nmap.txt index 9c74fa5b7..f08627a3a 100644 --- a/todo/nmap.txt +++ b/todo/nmap.txt @@ -3,39 +3,17 @@ TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- o Fix reported (by many people) crash when trying to launch Zenmap on Mac OS X 10.7 (Lion). -o Add anti-spam defenses to secwiki.com to stop the current onslaught - of spam. An extention like ConfirmEdit - (http://www.mediawiki.org/wiki/Extension:ConfirmEdit) may be a good choice. - -o Collect many more IPv6 OS detection training samples from users - - Can start with nmap-dev, but will probably have to do an Nmap - release too. +o Unless we get good arguments for keeping it, we should remove Mac OS + X PowerPC support from our binaries. Apple stopped selling PowerPC + machines in 2006 and they stopped making new OS releases available + for PowerPC as of Snow Leopard (10.6) in August 2009. See this + thread: http://seclists.org/nmap-dev/2011/q3/430 o Integrate more NSE scripts, I think our review queue is getting pretty long. o Document IPv6 OS detection at http://nmap.org/book/osdetect.html -o Improvements to the Nmap multicast IPv6 host discovery scripts - - Note that we hope to move them into core Nmap at some point, but - would be good to improve them for now. - - They should probably print the discovered IPv6 addresses, otherwise - they don't actually give the user any information (despite doing - their work) unless you give the newtargets script arg. This would - be similar to the current behavior of broadcast-ping. - - It might be nice if they gave the target MAC address and vendor - when printing the discovered IPv6 information too. Daniel Miller - wrote an initial patch for this (though we need to make sure it can - handle (e.g. doesn't crash for) non-ethernet - devices:http://seclists.org/nmap-dev/2011/q3/862. Our broadcast-ping script - currently prints MAC addresses. - - It is great that the scripts properly use a specific device when - given the Nmap -e option, but they shouldn't require this. They - should do something smart if no specific device name is given. - Examples include performing on all compatable devices or trying to - pick the best device. The all-devices appraoch may be the best, - IMHO. That is how our broadcast-ping script works now. - o Do more thinking/researching/investigating the way our machine learning IPv6 OS detection system decides whether a match is perfect and/or how close the match is. Maybe our current system works well @@ -50,14 +28,12 @@ o We should add fields to the service submitter (http://insecure.org/cgi-bin/submit.cgi?new-service) for the application name and version. -o Unless we get good arguments for keeping it, we should remove Mac OS - X PowerPC support from our binaries. Apple stopped selling PowerPC - machines in 2006 and they stopped making new OS releases available - for PowerPC as of Snow Leopard (10.6) in August 2009. See this - thread: http://seclists.org/nmap-dev/2011/q3/430 - o Give CPE visibility to NSE. +o Collect many more IPv6 OS detection training samples from users + - Can start with nmap-dev, but will probably have to do an Nmap + release too. + o Make sure we update everywhere relevant (e.g. refguide, etc.) to note the addition in Nmap of the Liblinear library for large linear classification (http://www.csie.ntu.edu.tw/~cjlin/liblinear/). It @@ -748,6 +724,30 @@ o random tip database DONE: +o Improvements to the Nmap multicast IPv6 host discovery scripts + - Note that we hope to move them into core Nmap at some point, but + would be good to improve them for now. + - They should probably print the discovered IPv6 addresses, otherwise + they don't actually give the user any information (despite doing + their work) unless you give the newtargets script arg. This would + be similar to the current behavior of broadcast-ping. + - It might be nice if they gave the target MAC address and vendor + when printing the discovered IPv6 information too. Daniel Miller + wrote an initial patch for this (though we need to make sure it can + handle (e.g. doesn't crash for) non-ethernet + devices:http://seclists.org/nmap-dev/2011/q3/862. Our broadcast-ping script + currently prints MAC addresses. + - It is great that the scripts properly use a specific device when + given the Nmap -e option, but they shouldn't require this. They + should do something smart if no specific device name is given. + Examples include performing on all compatable devices or trying to + pick the best device. The all-devices appraoch may be the best, + IMHO. That is how our broadcast-ping script works now. + +o Add anti-spam defenses to secwiki.com to stop the current onslaught + of spam. An extention like ConfirmEdit + (http://www.mediawiki.org/wiki/Extension:ConfirmEdit) may be a good choice. + o Collect a bunch of IPv6 OS detection signatures from users, integrate them, and then when we have enough, re-enable OS detection results.