PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Update todo and done files with completed tasks

Browse Source
This commit is contained in:
dmiller
2015-11-19 18:19:59 +00:00
parent a4dd6ca4ea
commit 5bb076a30b
2 changed files with 41 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
todo/done.txt
View File

@@ -1,5 +1,44 @@
DONE: DONE:
o Augment the configure script to list unmet dependencies. Currently, configure
works just fine without a C++ compiler installed, but make generates an
error. The configure script should be able to detect this. Also, a list of
features that are/are-not available would be nice at the end of the script,
so folks can see that they've e.g. missed the OpenSSL dependency.
o Add parallel IPv6 reverse DNS support (right now we use the system
functions).
o [Ncat] This may sound ridiculous, but I'm starting to think that
Ncat should offer a very simple built-in http server (e.g. for simply
sharing files, etc.) And maybe a simple client too. (Done via --lua-exec and
the httpd.lua script shipped with Ncat)
o INFRASTRUCTURE: Add IPv6 support to secwiki
- We probably just have to designate a new IPv6 address for it and
add it to Apache config.
o [INFRASTRUCTURE] Improve our main web server http configuration to
better handle high load situations and DoS attacks. As part of
this, we may have to raise the max client limits. But then there is
a risk of running out of RAM, which can be even worse. So we need
to figure out a good balance.
o Migrate web.insecure.org to a RHEL-6 derived distro (probably CENTOS
6, since Linode doesn't currently offer ScientificLinux images).
o Actually, if we can wait until "second half of 2013", we might be
able to jump straight to RHEL 7. And RHEL 5 support looks like it
will go on for many more years for critical/security patches.
o Maybe start with svn server, since we've had reports of our
current one giving people unexpected password prompts. There is a
thread about that at http://seclists.org/nmap-dev/2012/q2/17
o UPDATE on this - adding read-only rights (rather than no rights)
to the root of the svn repo seems to have solved this problem.
o Make Windows 8.1 VM with VS 2013 and do more testing of Nmap compilation/running
o Make and test build on a newer OS X than 10.6 (10.10 was recently released)
o Adopt an issue tracking system for Nmap and related tools. We o Adopt an issue tracking system for Nmap and related tools. We
should probably look at our needs and options and then decide on and should probably look at our needs and options and then decide on and
either install it on our own infrastructure or use it hosted elsewhere. either install it on our own infrastructure or use it hosted elsewhere.

62
todo/nmap.txt
View File

@@ -1,18 +1,5 @@
TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*-
o Finish the version detection submission integration
o Do the very latest Nmap IPv4 OS detection (last was done with
snapshot from May).
o Make sure the new version detection sigs have appropriate CPEs.
o Integrate latest IPv6 OS detection submissions and corrections
o Make Windows 8.1 VM with VS 2013 and do more testing of Nmap compilation/running
o Make and test build on a newer OS X than 10.6 (10.10 was recently released)
o Deal with our out-of-date CA root certificate bundle by either using o Deal with our out-of-date CA root certificate bundle by either using
OS-specific mechanisms and/or updating the latest from Mozilla or OS-specific mechanisms and/or updating the latest from Mozilla or
another source. See http://seclists.org/nmap-dev/2014/q4/200 another source. See http://seclists.org/nmap-dev/2014/q4/200
@@ -30,16 +17,6 @@ o Figure out what nmap-update is doing for SSL certificate
o Audit ncat's ssl algorithm and ciphersuite choices o Audit ncat's ssl algorithm and ciphersuite choices
o Do a test/beta release (more, if necessary)
o Make sure people have tested on Mac OS 10.10
o Do CHANGELOG for new release[Fyodor]
o Web updates for new release
o Build and post new release
==Items we need to finish before next big release go above this line== ==Items we need to finish before next big release go above this line==
o Make Ncat avoid linking with libpcap even when it's available. Currently this o Make Ncat avoid linking with libpcap even when it's available. Currently this
@@ -114,14 +91,6 @@ o Consider using a binary decision diagram for --exclude list to make
it more efficient for large exclude lists. See it more efficient for large exclude lists. See
http://seclists.org/nmap-dev/2012/q4/420. http://seclists.org/nmap-dev/2012/q4/420.
o Augment the configure script to list unmet dependencies. Currently, configure
works just fine without a C++ compiler installed, but make generates an
error. The configure script should be able to detect this. Also, a list of
features that are/are-not available would be nice at the end of the script,
so folks can see that they've e.g. missed the OpenSSL dependency.
o Integrate latest version detection submissions and corrections
o Look into moving our Mac building/testing system into a virtual o Look into moving our Mac building/testing system into a virtual
machine or leased server sort of environment so that multiple Nmap machine or leased server sort of environment so that multiple Nmap
developers can access it and nobody has to keep a stack of Mac Minis developers can access it and nobody has to keep a stack of Mac Minis
@@ -152,10 +121,6 @@ o Make CONCURRENCY_LIMIT in nse_main.lua at least the min-parallelism.
Otherwise NSE is limited to 1000 socket-using threads even if you've Otherwise NSE is limited to 1000 socket-using threads even if you've
requested more. requested more.
o INFRASTRUCTURE: Add IPv6 support to secwiki
- We probably just have to designate a new IPv6 address for it and
add it to Apache config.
o INFRASTRUCTURE: Consider updating our svn-mailer.py (and conf file) o INFRASTRUCTURE: Consider updating our svn-mailer.py (and conf file)
to the latest official version. First check whether there is a to the latest official version. First check whether there is a
later official version and whether it has material changes. We're later official version and whether it has material changes. We're
@@ -211,7 +176,7 @@ o Our http library should allow the client to specify a max size in
o NSE digest auth should use the more robust parsing from o NSE digest auth should use the more robust parsing from
http.parse_www_authenticate as described at http.parse_www_authenticate as described at
http://seclists.org/nmap-dev/2012/q3/868 http://seclists.org/nmap-dev/2012/q3/868
o Treat the input to the escape function in xml.cc as UTF-8, not just o Treat the input to the escape function in xml.cc as UTF-8, not just
ASCII. Good UTF-8 should survive into the output; i.e., "\xe2\x98\xbb" ASCII. Good UTF-8 should survive into the output; i.e., "\xe2\x98\xbb"
should become "\xe2\x98\xbb" in the output, not "☻". should become "\xe2\x98\xbb" in the output, not "☻".
@@ -260,12 +225,6 @@ o Test a hierarchical classifier for IPv6 OS detection. Our classifier
suspect playing it by ear will be sufficient. Talk to David for more suspect playing it by ear will be sufficient. Talk to David for more
of his thinking on this topic. of his thinking on this topic.
o [INFRASTRUCTURE] Improve our main web server http configuration to
better handle high load situations and DoS attacks. As part of
this, we may have to raise the max client limits. But then there is
a risk of running out of RAM, which can be even worse. So we need
to figure out a good balance.
o Maybe we should rename dns-brute to dns-brute-enum since it is so different o Maybe we should rename dns-brute to dns-brute-enum since it is so different
from our traditional brute force authentication cracking -brute scripts? from our traditional brute force authentication cracking -brute scripts?
@@ -286,17 +245,6 @@ o Revive the Nmap Public Source License project (need to find an open
o Also take close look at Mozilla's license modernization project: o Also take close look at Mozilla's license modernization project:
http://mpl.mozilla.org/scope/ http://mpl.mozilla.org/scope/
o Migrate web.insecure.org to a RHEL-6 derived distro (probably CENTOS
6, since Linode doesn't currently offer ScientificLinux images).
o Actually, if we can wait until "second half of 2013", we might be
able to jump straight to RHEL 7. And RHEL 5 support looks like it
will go on for many more years for critical/security patches.
o Maybe start with svn server, since we've had reports of our
current one giving people unexpected password prompts. There is a
thread about that at http://seclists.org/nmap-dev/2012/q2/17
o UPDATE on this - adding read-only rights (rather than no rights)
to the root of the svn repo seems to have solved this problem.
o Maybe we should add an analysis or reporting or intelligence (or o Maybe we should add an analysis or reporting or intelligence (or
different name) for our NSE scripts which don't send any packets, but different name) for our NSE scripts which don't send any packets, but
simply analyze Nmap's existing data and report when useful. simply analyze Nmap's existing data and report when useful.
@@ -410,9 +358,6 @@ o [NSE] Consider a system where scripts can tell if any other scripts
snmp-interfaces could store the discovered table if another script snmp-interfaces could store the discovered table if another script
(such as a mac address geolocator script) depends on it. (such as a mac address geolocator script) depends on it.
o Add parallel IPv6 reverse DNS support (right now we use the system
functions).
o [NSE] Consider whether we need script.db for performance reasons at o [NSE] Consider whether we need script.db for performance reasons at
all or should just read through all the scripts and parse on the fly. all or should just read through all the scripts and parse on the fly.
See: [http://seclists.org/nmap-dev/2009/q2/0221.html] See: [http://seclists.org/nmap-dev/2009/q2/0221.html]
@@ -540,6 +485,7 @@ o Start project to make Nmap a Featured Article on Wikipedia.
o Add Nmap web board/forum o Add Nmap web board/forum
- First step is looking at the available software for this. - First step is looking at the available software for this.
- Nmap subreddit exists: https://www.reddit.com/r/nmap
o [Zenmap] Consider a couple ideas from Norris Carden o [Zenmap] Consider a couple ideas from Norris Carden
(http://seclists.org/nmap-dev/2010/q2/228): (http://seclists.org/nmap-dev/2010/q2/228):
@@ -607,10 +553,6 @@ o Consider rethinking Nmap's -s* syntax for specifing scan types
o Do -p- Internet UDP scans. o Do -p- Internet UDP scans.
o [Ncat] This may sound ridiculous, but I'm starting to think that
Ncat should offer a very simple built-in http server (e.g. for simply
sharing files, etc.) And maybe a simple client too.
o Scanning through proxies o Scanning through proxies
o Nmap should be able to scan through proxy servers, particularly now o Nmap should be able to scan through proxy servers, particularly now
that we have an NSE script for detectiong open proxies and now that that we have an NSE script for detectiong open proxies and now that