PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-10 00:19:02 +00:00
Code Issues Projects Releases Wiki Activity

latest todo updates

Browse Source
This commit is contained in:
fyodor
2012-05-21 22:49:46 +00:00
parent 15f7ad8f3c
commit 7d65a2d801
1 changed files with 20 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
todo/nmap.txt
View File

@@ -1,26 +1,17 @@
TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*-
o Prepare release notes, web page, etc.
o Do private beta release
o Make the release
==Things needed for next STABLE release go ABOVE THIS LINE==
o For many years, the Nmap man page and online documentation has had
an "Inappropriate Usage" section which notes that "Nmap should never
be installed with special privileges (e.g. suid root) for security
reasons". And of course Nmap's official installer would never
install Nmap that way. While one would thinks that would be enough,
we might want to go even further and have Nmap detect when it is run
suid and print a security warning.
o We should add fields to the service submitter
(http://insecure.org/cgi-bin/submit.cgi?new-service) for the
application name and version.
o Migrate web.insecure.org to a RHEL-6 derived distro (probably CENTOS
6, since Linode doesn't currently offer ScientificLinux images).
o Maybe start with svn server, since we've had reports of our
current one giving people unexpected password prompts. There is a
thread about that at http://seclists.org/nmap-dev/2012/q2/17
o UPDATE on this - adding read-only rights (rather than no rights)
to the root of the svn repo seems to have solved this problem.
o Add CPE entries to OS fingerpting DB entries which still lack them
- As of 3/21/12, it seems that we have entries for 2,601 of the 3,572
@@ -212,10 +203,6 @@ o Maybe we should add an analysis or reporting or intelligence (or
different name) for our NSE scripts which don't send any packets, but
simply analyze Nmap's existing data and report when useful.
o We should add fields to the service submitter
(http://insecure.org/cgi-bin/submit.cgi?new-service) for the
application name and version.
o Make sure we update everywhere relevant (e.g. refguide, etc.) to
note the addition in Nmap of the Liblinear library for large linear
classification (http://www.csie.ntu.edu.tw/~cjlin/liblinear/). It
@@ -761,6 +748,20 @@ o random tip database
DONE:
o For many years, the Nmap man page and online documentation has had
an "Inappropriate Usage" section which notes that "Nmap should never
be installed with special privileges (e.g. suid root) for security
reasons". And of course Nmap's official installer would never
install Nmap that way. While one would thinks that would be enough,
we might want to go even further and have Nmap detect when it is run
suid and print a security warning.
o Prepare release notes, web page, etc.
o Do private beta release
o Make the release
o In Nmap XML output, osclass (OS Classification) tags should be
children of osmatch (the human readable OS name line) rather than
having Nmap deduplicate all the osclasses and put them in as