From 78b440b9784b7165ad3d7788c60599e07b4259a5 Mon Sep 17 00:00:00 2001 From: fyodor Date: Wed, 3 Feb 2010 00:53:53 +0000 Subject: [PATCH] Update from weekly chat w/David --- docs/TODO | 78 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 47 insertions(+), 31 deletions(-) diff --git a/docs/TODO b/docs/TODO index 9deb777ea..06083d5f7 100644 --- a/docs/TODO +++ b/docs/TODO @@ -1,14 +1,13 @@ TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- -o Make Nmap 5.21 bugfix-only release -o [NSE] Document Patrick's worker thread patch in scripting.xml (see - http://seclists.org/nmap-dev/2009/q4/294, - http://nmap.org/nsedoc/lib/stdnse.html#new_thread, - http://nmap.org/nsedoc/lib/nmap.html#condvar) [Patrick] -o [NSE] Look at new DB2 script by Tom - Sellers. http://seclists.org/nmap-dev/2009/q4/659 +o Deal with AV false positive issue RE nmap_services.exe: + - For now, David is going to apply Ron's patch which removes this, + but David will make it print output in verbose mode rather than + debug and maybe make it a little less verbose. LT plan is for Ron + to encrypt it with OpenSSL. + o [NSE] Consider the http-methods script from Bernd Stroessenreuther. http://seclists.org/nmap-dev/2010/q1/76 @@ -21,9 +20,6 @@ o [NSE] Consider SNMP scripts from Patrik Karlsson. http://seclists.org/nmap-dev/2010/q1/174 http://seclists.org/nmap-dev/2010/q1/178 -o [NSE] Consider MongoDB scripts and libraries from Martin Holst Swende. - http://seclists.org/nmap-dev/2010/q1/177 - o Make the nmap.header.tmpl wording a little more generic so it more clearly applies to Ncat, Zenmap, Nping, etc. Then use templatereplace.pl to apply those changes to the code. [Fyodor] @@ -45,6 +41,8 @@ o We should document an official way to compile/test refguide.xml so things. o Add Nmap web board. + +o Consider integrating Nping. o Create Nmap wiki @@ -53,30 +51,11 @@ o Do -p- Internet UDP scans. o Test Jay Fink's UDP payload prototype. http://seclists.org/nmap-dev/2010/q1/168 -o [Ncat] Test, review, and (if appropriate) merge Venkat's HTTP Digest - proxy authentication patch. See - http://seclists.org/nmap-dev/2009/q3/773. [David] - o Web site HTML improvements - Maybe start with nmap.org. - Find and fix HTML validation problems, bad links. I'm not sure what tool is best for this. - - Update to use CSS, at least for header bars - - Also, if it is easy to give the header bars rounded corners, - we should probably do so. But if it is hard, it isn't - important enough to matter. - - The Nmap.Org navigation table should have a background and more - subtle lines, like we use for our calendars now. - Insecure.Org could use a bit of work. On the front page: - - The first item (table) in featured news has slightly more - left/right margin than the later ones on Firefox 3.5.6, and with - IE8 it doesn't extend as far when you make the page really wide. - Plus the images on the right are problematic (extend through the - border below them) when you make the window too wide on IE8. - Having a slight margin on the left/right of entries would - actually be a bit nice. And it would be nice if it only took a - simple tag or two, controlled by CSS rather than pasting in a - whole table with font tags and the like for each entry. - Then do the same with seclists.org, insecure.org, sectools.org - The icon on the top-left of the screen should be for (and link to) the root URL of current site. e.g. seclists.org, @@ -88,8 +67,6 @@ o [Ncat] This may sound ridiculous, but I'm starting to think that o Start project to make Nmap a Featured Article on Wikipedia. -o Consider integrating Nping. - o Dependency licensing issues (OpenSSL, Python, GTK+, etc.) o We should do an audit to ensure that we are in complete compliance for the licenses of all the software we ship in any of our downloads, as some @@ -111,6 +88,11 @@ o Dependency licensing issues (OpenSSL, Python, GTK+, etc.) o X.org libraries (Mac version links to them) o libdnet +o Seclists.org should be fixed so that it doesn't strip quoted text + for its summaries from the IP list because that list consists almost + entirely of forwarded material which is being stripped. Look at the + summaries at http://seclists.org/interesting-people/. + o Scanning through proxies o Nmap should be able to scan through proxy servers, particularly now that we have an NSE script for detectiong open proxies and now that @@ -553,6 +535,40 @@ o random tip database DONE: +o Web site improvements + - Update to use CSS, at least for header bars + - Also, if it is easy to give the header bars rounded corners, + we should probably do so. But if it is hard, it isn't + important enough to matter. + - The Nmap.Org navigation table should have a background and more + subtle lines, like we use for our calendars now. + - The first item (table) in featured news has slightly more + left/right margin than the later ones on Firefox 3.5.6, and with + IE8 it doesn't extend as far when you make the page really wide. + Plus the images on the right are problematic (extend through the + border below them) when you make the window too wide on IE8. + Having a slight margin on the left/right of entries would + actually be a bit nice. And it would be nice if it only took a + simple tag or two, controlled by CSS rather than pasting in a + whole table with font tags and the like for each entry. + +o [Ncat] Test, review, and (if appropriate) merge Venkat's HTTP Digest + proxy authentication patch. See + http://seclists.org/nmap-dev/2009/q3/773. [David] + +o [NSE] Look at new DB2 script by Tom + Sellers. http://seclists.org/nmap-dev/2009/q4/659 + +o [NSE] Consider MongoDB scripts and libraries from Martin Holst Swende. + http://seclists.org/nmap-dev/2010/q1/177 + +o [NSE] Document Patrick's worker thread patch in scripting.xml (see + http://seclists.org/nmap-dev/2009/q4/294, + http://nmap.org/nsedoc/lib/stdnse.html#new_thread, + http://nmap.org/nsedoc/lib/nmap.html#condvar) [Patrick] + +o Make Nmap 5.21 bugfix-only release + o [NSE] Consider afp-showmount script from Patrik Karlsson. http://seclists.org/nmap-dev/2010/q1/97 [merged to trunk]