diff --git a/docs/TODO b/docs/TODO index 8031444ae..075974d6f 100644 --- a/docs/TODO +++ b/docs/TODO @@ -1,13 +1,13 @@ TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- +===FEATURES FOR NEXT STABLE VERSION GO ABOVE THIS POINT=== + o Get set up for Coverity scan of latest version to see if it catches - any important issues before stable release. [Fyodor] + any important issues before stable release. [Fyodor,David] o Once we go into deep stability freeze mode, create an nmap-exp development branches for changes we plan to integrate after the - stable release. - -===FEATURES FOR NEXT STABLE VERSION GO ABOVE THIS POINT=== + stable release. [Fyodor] o Device categorization improvements o Examine Nmap's device categorization in nmap-os-deb and @@ -27,20 +27,8 @@ o Device categorization improvements [Doug has done some initial work on this. For example, see nmap/docs/device-types.txt] -o Resolve ssh2.lua buffering problems - (http://seclists.org/nmap-dev/2009/q2/0673.html) [Maybe Joao?] - -o Consider the open proxy scripts more carefully - - How should we test whether the proxy attempt was successful? Right - now we look for a google-specific Server header after trying to - reach http://www.google.com through the proxy. Maybe we should let - users specify their own pattern if they specify their own URL. - - Is taking arguments in a table specific to a script a good idea? - The example in the socks-open-proxy nsedoc of "--script-args - openproxy={host=}" is a bit of a mess and I'm not sure the - best way to document that in the script argument list. Note that - this is the standard way we've handled it for some other scripts, - so it's not an open-proxy-script-specific problem. +o [NSE] Resolve ssh2.lua buffering problems + (http://seclists.org/nmap-dev/2009/q2/0673.html) [Joao] o [NSE] Track active sockets in the nsock library binding and don't rely on garbage collection for reallocation. Can probably wait until @@ -76,13 +64,25 @@ o Deadlock identification and correction: deadlocked, or as in the case I observed where whois.nse was locked with itself." +o Consider the open proxy scripts more carefully + - How should we test whether the proxy attempt was successful? Right + now we look for a google-specific Server header after trying to + reach http://www.google.com through the proxy. Maybe we should let + users specify their own pattern if they specify their own URL. + - Is taking arguments in a table specific to a script a good idea? + The example in the socks-open-proxy nsedoc of "--script-args + openproxy={host=}" is a bit of a mess and I'm not sure the + best way to document that in the script argument list. Note that + this is the standard way we've handled it for some other scripts, + so it's not an open-proxy-script-specific problem. + o Consider making it easier to tell whether scripts were specified by name on the command-line (rather than default or by class) so they have the option of providing extra verbosity in that case. For example, see http://seclists.org/nmap-dev/2009/q2/0563.html. We could either provide a special function for scripts to determine that, or we could magically adjust nmap.verbosity() when called by - those scripts. + those scripts. [David] o [Ncat] Maybe --chat should imply -l. And Maybe --broker should too? - OTOH, we might want to extend --chat for connect mode in the @@ -117,6 +117,9 @@ o [Ncat] In verbose mode, I'd like to see clock time and maybe in/out o Change Nsock to give an error if you try to FD_SET a fd larger than FD_SETSIZE. [Brandon] +o Decide what to do about ncat source code headers -- maybe just use + the Nmap ones. + o Change Nsock so that it is able to take advantage of more modern interfaces to dealing with large sockets, rather than just select. Perhaps we should look at poll(), Windows completion ports, and some @@ -205,6 +208,8 @@ o [NSE] We may want to consider a better exception handling method -- Something based on that would be better [than the current system], I think." +o [NSE] Consider HTTP request caching. + o [NSE] http improvements o Spidering library+scripts? How should the spider store the results and make them available to other scripts? How do we limit @@ -221,6 +226,27 @@ o [NSE] http improvements o Consider POST/HEAD support. See http://seclists.org/nmap-dev/2009/q1/0889.html. +o Dependency licensing issues (OpenSSL, Python, GTK+, etc.) + o We should do an audit to ensure that we are in complete compliance for the + licenses of all the software we ship in any of our downloads, as some + licenses have special clauses for things like including their + license/copyright file, mentioning them in our documentation, etc. + And of course we want to credit them properly even where the license + doesn't require it. We should probably make a list of these in our + docs/ directory along with any special information/requirements of + their license. And maybe we should put the current licenses in a + subdir too. In particular, these come to mind: + o libpcre + o lua + o OpenSSL + o libpcap + o GTK+/Glib/ATK/Pango/PyGTK (Win/Mac versions of Zenmap link to + PyGTK) + o SQLite + o Python (Win/Mac versions of Zenmap link to Python) + o X.org libraries (Mac version links to them) + o libdnet + o [NSE] Improve username/password library (the database files themselves). We don't have very good lists at the moment. Maybe work in combination with Ncrack dev. @@ -236,6 +262,12 @@ o [NSE] Would be great if NSE scripts could be made to NOT o [NSE] NFS query script for checking exports, etc.? +o [NSE] Finish (or write new) favicon fingerprinting script. See + http://seclists.org/nmap-dev/2008/q4/0583.html . May need to do + some more scanning and increase the DB size a bit. May or may not + want to later combine this as part of a larger webapp fingerprinting + script. + o [NSE] Web application fingerprinting script. Would be great to be able to take a URL and determine things like "this is Joomla" or "this is Plone" or "Mediawiki" or whatever. Rather than hard code @@ -259,13 +291,7 @@ o [NSE] Figure out a way to support people who want to do script scan, more types of scans--a while back we started allowing it with -sP ping scans due to high demand. -o Finish (or write new) favicon fingerprinting script. See - http://seclists.org/nmap-dev/2008/q4/0583.html . May need to do - some more scanning and increase the DB size a bit. May or may not - want to combine this as part of a larger webapp fingerprinting - script. - -o NSE Security Review +o [NSE] Security Review o Consider what, if any, vulnerabilities or security risks NSE has with respect to buffer overflows, format string bugs, any other maliciously formatted responses from target systems, etc. Maybe