From 2e53469b9efa506228ca6e6b7bc482e4b7d63f5e Mon Sep 17 00:00:00 2001 From: shinnok Date: Tue, 24 May 2011 16:16:23 +0000 Subject: [PATCH] Add my TODO file. --- todo/shinnok.txt | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 todo/shinnok.txt diff --git a/todo/shinnok.txt b/todo/shinnok.txt new file mode 100644 index 000000000..48120c28a --- /dev/null +++ b/todo/shinnok.txt @@ -0,0 +1,61 @@ +In progress: + +o Review Marek's ncat_proxy.patch +o E-mail nmap-dev with QtCreator steps for Nmap +o E-mail nmap-dev with GProfiles /ncrack + + +Potentional: + +From todo/nmap.txt: + +o Investigate and document how easy it is to drop Ncat.exe by itself + on other systems and have it work. We should also look into the + dependencies of Nmap and Zenmap. It may be instructive to look at + "Portable Firefox" + (http://portableapps.com/apps/internet/firefox_portable) which is + built using open source technology from portableapps.com, or look at + "The Network Toolkit" by Cace + (http://www.cacetech.com/products/network_toolkit.html). For Nmap + and Nping, we may want to improve our Winpcap to load as a DLL + without requiring installation. There is a separate TODO item for that. + +o Consider offering a way to link Winpcap DLLs so that they start the + service as needed rather than requiring explicitly installing + Winpcap and having it start upon system boot. CACE has offered such + a thing for many years as WinPcap Pro + (http://www.cacetech.com/products/winpcap_pro.html). If we change + WinPcap in this way, we'd presumably want to also change the symbol + names as is done in WinPcap Pro. And it would mean that we have to + build our Winpcap binaries ourselves (including 64-bit). We might + even have to sign our drivers for 64-bit Windows. + +o Create new default username list: + http://seclists.org/nmap-dev/2010/q1/798 + o Could be a SoC Ncrack task, though should prove useful for Nmap + too + o We probably want to support several lists. Like an admin/default + list like "root", "admin", "administrator", "web", "user", "test", + and also a general list which we obtain from spidering from + emails, etc. + +o We should offer partial results when a host + timeouts. I (Fyodor) have been against this in the past, but maybe + the value is sufficient to be worth the maintenance headaches. Many + users have asked for this. If we do implement this, we may want to + only print results for the COMPLETED phases (e.g. host discovery, + port scanning, version detection, traceroute, NSE, etc.) Trying to + print partial results of a port scan or NSE or the like might be a + pain. And if we print some results for a host which timeouts, we + should give a very clear warning that the results for that host are + incomplete. As an example, here is someone who hacked Nmap source + code to achieve this: http://seclists.org/pen-test/2010/Mar/108. + o Another benefit would be that it would allow us to clean + up/regularize the host output code. Right now there are I think + three places where a host's final output can be printed. If, + instead, that code just looked at what information was available and + printed that out only, we could potentially isolate it in just one + place. + o This also might let us provide a feature for skipping the rest of + an Nmap phase which is going too slowly (I think that has its own + Nmap TODO item).