From 5de02049fc59a18f924416a6689a5daf70c9f7c5 Mon Sep 17 00:00:00 2001 From: fyodor Date: Wed, 12 May 2010 20:09:49 +0000 Subject: [PATCH] From changes from discussion w/David yesterday --- todo/nmap.txt | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/todo/nmap.txt b/todo/nmap.txt index 0dadc7114..1739394c2 100644 --- a/todo/nmap.txt +++ b/todo/nmap.txt @@ -25,8 +25,33 @@ o [NSE] Maybe we should create a class of scripts which only run one discovery, and then let the following phases work on the list it discovers." -o Consider MSRPC ideas from Ron--we might want to add some as TODO - tasks: http://seclists.org/nmap-dev/2010/q2/389 +o [NSE] Write a couple more MSRPC scripts inspired by sysinternals: + o Windows system logs (like sysinternals' psloglist) + o Services (like sysinternals' psservice) + [Drazen] + +o [NSE] Consider using .idl files rather than manually coding all the + MSRPC stuff. The current idea, if we do this, is to have an + application in nmap-private-dev which converts .idl files to LUA + code for nmap/nselib. Consider adapting the pidl utility from Samba. + +o [NSE] MSRPC - Improve domain support all around -- in particular, + let the user give the domain in the format DOMAIN\username or + username@DOMAIN anywhere that usernames are accepted. Suggested + at http://seclists.org/nmap-dev/2010/q2/389 + +o [NSE] Combine similar MSRPC scripts, especially the "get info" + stuff. See this thread on combining + (http://seclists.org/nmap-dev/2010/q1/1023). This was suggested by + Ron at http://seclists.org/nmap-dev/2010/q2/389. + +o [NSE] Reorganize nselib to allow libraries in subdirectories. + Currently, to avoid expanding the number top-level libraries, code + that is only used by one library is built into that library's file, + even if it is logically separate. For example, the mongodb library + contains a BSON-parsing library. Instead, that library could go in + mongodb/bson.lua. The msrpc and smb libraries could potentially be + broken up in this way. o [Zenmap] Investigate getting new OS icon art. See http://seclists.org/nmap-dev/2010/q1/1090 @@ -38,9 +63,6 @@ o [Zenmap] Consider a memory usage audit. This thread includes a claim http://guppy-pe.sourceforge.net/ http://www.pkgcore.org/trac/pkgcore/doc/dev-notes/heapy.rst -o [Ncrack] Use our new password lists (now used by NSE) for Ncrack as - well. Ncrack can probably handle a larger list than NSE uses. - o We should probably enhance scan stats--maybe we can add a full-scan completion time estimate? Some ideas here: http://seclists.org/nmap-dev/2010/q1/1007 @@ -71,9 +93,6 @@ o Nmap should at least print (and maybe scan) all IP addresses for printing all the addresses. Here is a thread on the topic: http://seclists.org/nmap-dev/2010/q2/302 -o Integrate new service detection fingerprint submissions (we have - more than 730 since Dec. 17, 2009. - o Fix bug where multiple targets with the same IP can end up in a hostgroup and cause port scanning and probably OS detection to misbehave. An example is "nmap -F scanme2.nmap.org @@ -546,6 +565,15 @@ o random tip database DONE: +o Integrate new service detection fingerprint submissions (we have + more than 730 since Dec. 17, 2009. + +o [Ncrack] Use our new password lists (now used by NSE) for Ncrack as + well. Ncrack can probably handle a larger list than NSE uses. + +o Consider MSRPC ideas from Ron--we might want to add some as TODO + tasks: http://seclists.org/nmap-dev/2010/q2/389 + o Fix XML inconsistency described at http://seclists.org/nmap-dev/2010/q2/326