PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-18 21:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Changes from NSE meeting today

Browse Source
This commit is contained in:
fyodor
2009-07-01 01:27:14 +00:00
parent 0322a7b8e3
commit 8454dcd267
1 changed files with 29 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
docs/TODO
View File

@@ -33,13 +33,8 @@ o Device categorization improvements
[Doug has done some initial work on this. For example, see [Doug has done some initial work on this. For example, see
nmap/docs/device-types.txt] nmap/docs/device-types.txt]
o [NSE] Resolve ssh2.lua buffering problems o Joao is auditing his Lua code to make sure all his variables are
(http://seclists.org/nmap-dev/2009/q2/0673.html) [Joao] local where appropriate. [Joao]
o [NSE] Track active sockets in the nsock library binding and don't
rely on garbage collection for reallocation. Can probably wait until
post-stable release for integration. [Patrick]
- Patrick has a patch and is waiting on dev branch to check it in.
o Consider the open proxy scripts more carefully o Consider the open proxy scripts more carefully
- How should we test whether the proxy attempt was successful? Right - How should we test whether the proxy attempt was successful? Right
@@ -48,25 +43,6 @@ o Consider the open proxy scripts more carefully
users specify their own pattern if they specify their own URL. users specify their own pattern if they specify their own URL.
[ Joao is nearly done, will be checking into dev tree] [ Joao is nearly done, will be checking into dev tree]
o Update scripts which use table args to use pseudo-table format
"name.arg" rather than requiring the user to create a Lua table
themselves. On the lua side, it's not really being stored in a
table, but just an arg named "name.arg". [Joao]
- Look at all our existing scripts which use tables
(dns-zone-transfer, whois, the proxy scripts, etc.) and change as
appropriate. Remember to change the usage throughout the script
and also change the nsedoc script arguments and example usage.
For the existing scripts, try to retain the table version check
for now to avoid breaing backward compatability if possible. Just
add the newer style check as well.
- Is taking arguments in a table specific to a script a good idea?
The example in the socks-open-proxy nsedoc of "--script-args
openproxy={host=<host>}" is a bit of a mess and I'm not sure the
best way to document that in the script argument list. Note that
this is the standard way we've handled it for some other scripts,
so it's not an open-proxy-script-specific problem.
o Consider making it easier to tell whether scripts were specified by o Consider making it easier to tell whether scripts were specified by
name on the command-line (rather than default or by class) so they name on the command-line (rather than default or by class) so they
have the option of providing extra verbosity in that case. For have the option of providing extra verbosity in that case. For
@@ -142,7 +118,6 @@ o [Zenmap] The Search dialogue is helpful for finding a certain scan
might be a find option or some other mechanism rather than being might be a find option or some other mechanism rather than being
part of the Search dialogue proper. part of the Search dialogue proper.
o Scanning through proxies o Scanning through proxies
o Nmap should be able to scan through proxy servers, particularly now o Nmap should be able to scan through proxy servers, particularly now
that we have an NSE script for detectiong open proxies and now that that we have an NSE script for detectiong open proxies and now that
@@ -196,7 +171,7 @@ o [Ncat] Support SCTP now that Nmap does.
o [NSE] Optimize NSE Performance--e.g. measure the current performance and o [NSE] Optimize NSE Performance--e.g. measure the current performance and
see what can be improved in terms of scheduling scan threads, see what can be improved in terms of scheduling scan threads,
determining how many to run concurrently, looking at CPU load items, determining how many to run concurrently, looking at CPU load items,
etc. etc. [David/Patrick]
o [NSE] Consider whether we should include some sort of NSE debugger. Or we o [NSE] Consider whether we should include some sort of NSE debugger. Or we
could include something simpler. For example, some developers (such could include something simpler. For example, some developers (such
@@ -593,6 +568,32 @@ o random tip database
DONE: DONE:
o Update scripts which use table args to use pseudo-table format
"name.arg" rather than requiring the user to create a Lua table
themselves. On the lua side, it's not really being stored in a
table, but just an arg named "name.arg". [Joao]
- Look at all our existing scripts which use tables
(dns-zone-transfer, whois, the proxy scripts, etc.) and change as
appropriate. Remember to change the usage throughout the script
and also change the nsedoc script arguments and example usage.
For the existing scripts, try to retain the table version check
for now to avoid breaing backward compatability if possible. Just
add the newer style check as well.
- Is taking arguments in a table specific to a script a good idea?
The example in the socks-open-proxy nsedoc of "--script-args
openproxy={host=<host>}" is a bit of a mess and I'm not sure the
best way to document that in the script argument list. Note that
this is the standard way we've handled it for some other scripts,
so it's not an open-proxy-script-specific problem.
o [NSE] Track active sockets in the nsock library binding and don't
rely on garbage collection for reallocation. Can probably wait until
post-stable release for integration. [Patrick]
- Patrick has a patch and is waiting on dev branch to check it in.
o [NSE] Resolve ssh2.lua buffering problems
(http://seclists.org/nmap-dev/2009/q2/0673.html) [Joao]
o Decide what to do about ncat source code headers -- maybe just use o Decide what to do about ncat source code headers -- maybe just use
the Nmap ones. [David added the Nmap headers] the Nmap ones. [David added the Nmap headers]