mirror of
https://github.com/nmap/nmap.git
synced 2026-01-11 00:49:02 +00:00
Add my TODO file.
This commit is contained in:
shinnok
61
todo/shinnok.txt
Normal file
61
todo/shinnok.txt
Normal file
@@ -0,0 +1,61 @@
|
||||
In progress:
|
||||
|
||||
o Review Marek's ncat_proxy.patch
|
||||
o E-mail nmap-dev with QtCreator steps for Nmap
|
||||
o E-mail nmap-dev with GProfiles /ncrack
|
||||
|
||||
|
||||
Potentional:
|
||||
|
||||
From todo/nmap.txt:
|
||||
|
||||
o Investigate and document how easy it is to drop Ncat.exe by itself
|
||||
on other systems and have it work. We should also look into the
|
||||
dependencies of Nmap and Zenmap. It may be instructive to look at
|
||||
"Portable Firefox"
|
||||
(http://portableapps.com/apps/internet/firefox_portable) which is
|
||||
built using open source technology from portableapps.com, or look at
|
||||
"The Network Toolkit" by Cace
|
||||
(http://www.cacetech.com/products/network_toolkit.html). For Nmap
|
||||
and Nping, we may want to improve our Winpcap to load as a DLL
|
||||
without requiring installation. There is a separate TODO item for that.
|
||||
|
||||
o Consider offering a way to link Winpcap DLLs so that they start the
|
||||
service as needed rather than requiring explicitly installing
|
||||
Winpcap and having it start upon system boot. CACE has offered such
|
||||
a thing for many years as WinPcap Pro
|
||||
(http://www.cacetech.com/products/winpcap_pro.html). If we change
|
||||
WinPcap in this way, we'd presumably want to also change the symbol
|
||||
names as is done in WinPcap Pro. And it would mean that we have to
|
||||
build our Winpcap binaries ourselves (including 64-bit). We might
|
||||
even have to sign our drivers for 64-bit Windows.
|
||||
|
||||
o Create new default username list:
|
||||
http://seclists.org/nmap-dev/2010/q1/798
|
||||
o Could be a SoC Ncrack task, though should prove useful for Nmap
|
||||
too
|
||||
o We probably want to support several lists. Like an admin/default
|
||||
list like "root", "admin", "administrator", "web", "user", "test",
|
||||
and also a general list which we obtain from spidering from
|
||||
emails, etc.
|
||||
|
||||
o We should offer partial results when a host
|
||||
timeouts. I (Fyodor) have been against this in the past, but maybe
|
||||
the value is sufficient to be worth the maintenance headaches. Many
|
||||
users have asked for this. If we do implement this, we may want to
|
||||
only print results for the COMPLETED phases (e.g. host discovery,
|
||||
port scanning, version detection, traceroute, NSE, etc.) Trying to
|
||||
print partial results of a port scan or NSE or the like might be a
|
||||
pain. And if we print some results for a host which timeouts, we
|
||||
should give a very clear warning that the results for that host are
|
||||
incomplete. As an example, here is someone who hacked Nmap source
|
||||
code to achieve this: http://seclists.org/pen-test/2010/Mar/108.
|
||||
o Another benefit would be that it would allow us to clean
|
||||
up/regularize the host output code. Right now there are I think
|
||||
three places where a host's final output can be printed. If,
|
||||
instead, that code just looked at what information was available and
|
||||
printed that out only, we could potentially isolate it in just one
|
||||
place.
|
||||
o This also might let us provide a feature for skipping the rest of
|
||||
an Nmap phase which is going too slowly (I think that has its own
|
||||
Nmap TODO item).
|
||||
Reference in New Issue
Block a user