From 62f509aee043e8acbde1aa7908ff1e151d1b3ef5 Mon Sep 17 00:00:00 2001 From: shinnok Date: Fri, 17 Jun 2011 21:04:17 +0000 Subject: [PATCH] Update my todo file. --- todo/shinnok.txt | 92 ++++++++++++++++++++++++++++++------------------ 1 file changed, 57 insertions(+), 35 deletions(-) diff --git a/todo/shinnok.txt b/todo/shinnok.txt index 48120c28a..3236b5d06 100644 --- a/todo/shinnok.txt +++ b/todo/shinnok.txt @@ -1,14 +1,32 @@ In progress: -o Review Marek's ncat_proxy.patch -o E-mail nmap-dev with QtCreator steps for Nmap -o E-mail nmap-dev with GProfiles /ncrack +o --max-conns is broken in latest svn, find out why +o Ncat hangs on ssl -> mostly done, some refactoring left to do + http://seclists.org/nmap-dev/2011/q2/842 +o Review latest revision of Marek's ncat_proxy.patch + http://seclists.org/nmap-dev/2011/q2/573 +o Ncat should close its socket and refuse further connections after the first + one, if invoked without --keep-open. That's what traditional netcat does + too. + http://seclists.org/nmap-dev/2011/q2/944 +o Pending uncompleted SSL handshakes when in --exec* listening mode make + Ncat consume 100% cpu(core/thread). + Possible solutions: + o Timeout ssl handshakes. + o Delay adding the exec output pipes to fselect/WaitForMultipleObjects + until the ssl handshake has been completed. + http://seclists.org/nmap-dev/2011/q2/988 +Pending: +o NMAP reports different service results every so often with the same port. + http://seclists.org/nmap-dev/2011/q2/815 +o Nmap should defer address parsing in arguments until it has read + through all the args. Otherwise you get an error if you use like -S + with an IPv6 address before you put -6 in the command line. You + get a similar problem (on David's IPv6 branch) if you do "-A -6" + (but "-6 -A works properly). -Potentional: - -From todo/nmap.txt: - +Pending (low priority): o Investigate and document how easy it is to drop Ncat.exe by itself on other systems and have it work. We should also look into the dependencies of Nmap and Zenmap. It may be instructive to look at @@ -20,6 +38,19 @@ o Investigate and document how easy it is to drop Ncat.exe by itself and Nping, we may want to improve our Winpcap to load as a DLL without requiring installation. There is a separate TODO item for that. +o E-mail nmap-dev with QtCreator usage steps for Nmap +o E-mail nmap-dev with GProfiles /ncrack + o Create new default username list: + http://seclists.org/nmap-dev/2010/q1/798 + o Could be a SoC Ncrack task, though should prove useful for Nmap + too + o We probably want to support several lists. Like an admin/default + list like "root", "admin", "administrator", "web", "user", "test", + and also a general list which we obtain from spidering from + emails, etc. + +Potential: + o Consider offering a way to link Winpcap DLLs so that they start the service as needed rather than requiring explicitly installing Winpcap and having it start upon system boot. CACE has offered such @@ -30,32 +61,23 @@ o Consider offering a way to link Winpcap DLLs so that they start the build our Winpcap binaries ourselves (including 64-bit). We might even have to sign our drivers for 64-bit Windows. -o Create new default username list: - http://seclists.org/nmap-dev/2010/q1/798 - o Could be a SoC Ncrack task, though should prove useful for Nmap - too - o We probably want to support several lists. Like an admin/default - list like "root", "admin", "administrator", "web", "user", "test", - and also a general list which we obtain from spidering from - emails, etc. - o We should offer partial results when a host - timeouts. I (Fyodor) have been against this in the past, but maybe - the value is sufficient to be worth the maintenance headaches. Many - users have asked for this. If we do implement this, we may want to - only print results for the COMPLETED phases (e.g. host discovery, - port scanning, version detection, traceroute, NSE, etc.) Trying to - print partial results of a port scan or NSE or the like might be a - pain. And if we print some results for a host which timeouts, we - should give a very clear warning that the results for that host are - incomplete. As an example, here is someone who hacked Nmap source - code to achieve this: http://seclists.org/pen-test/2010/Mar/108. - o Another benefit would be that it would allow us to clean - up/regularize the host output code. Right now there are I think - three places where a host's final output can be printed. If, - instead, that code just looked at what information was available and - printed that out only, we could potentially isolate it in just one - place. - o This also might let us provide a feature for skipping the rest of - an Nmap phase which is going too slowly (I think that has its own - Nmap TODO item). + timeouts. I (Fyodor) have been against this in the past, but maybe + the value is sufficient to be worth the maintenance headaches. Many + users have asked for this. If we do implement this, we may want to + only print results for the COMPLETED phases (e.g. host discovery, + port scanning, version detection, traceroute, NSE, etc.) Trying to + print partial results of a port scan or NSE or the like might be a + pain. And if we print some results for a host which timeouts, we + should give a very clear warning that the results for that host are + incomplete. As an example, here is someone who hacked Nmap source + code to achieve this: http://seclists.org/pen-test/2010/Mar/108. + o Another benefit would be that it would allow us to clean + up/regularize the host output code. Right now there are I think + three places where a host's final output can be printed. If, + instead, that code just looked at what information was available and + printed that out only, we could potentially isolate it in just one + place. + o This also might let us provide a feature for skipping the rest of + an Nmap phase which is going too slowly (I think that has its own + Nmap TODO item).