mirror of
https://github.com/nmap/nmap.git
synced 2026-01-20 05:09:02 +00:00
Changes from chat w/David
This commit is contained in:
fyodor
78
docs/TODO
78
docs/TODO
@@ -1,13 +1,13 @@
|
||||
TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*-
|
||||
|
||||
===FEATURES FOR NEXT STABLE VERSION GO ABOVE THIS POINT===
|
||||
|
||||
o Get set up for Coverity scan of latest version to see if it catches
|
||||
any important issues before stable release. [Fyodor]
|
||||
any important issues before stable release. [Fyodor,David]
|
||||
|
||||
o Once we go into deep stability freeze mode, create an nmap-exp
|
||||
development branches for changes we plan to integrate after the
|
||||
stable release.
|
||||
|
||||
===FEATURES FOR NEXT STABLE VERSION GO ABOVE THIS POINT===
|
||||
stable release. [Fyodor]
|
||||
|
||||
o Device categorization improvements
|
||||
o Examine Nmap's device categorization in nmap-os-deb and
|
||||
@@ -27,20 +27,8 @@ o Device categorization improvements
|
||||
[Doug has done some initial work on this. For example, see
|
||||
nmap/docs/device-types.txt]
|
||||
|
||||
o Resolve ssh2.lua buffering problems
|
||||
(http://seclists.org/nmap-dev/2009/q2/0673.html) [Maybe Joao?]
|
||||
|
||||
o Consider the open proxy scripts more carefully
|
||||
- How should we test whether the proxy attempt was successful? Right
|
||||
now we look for a google-specific Server header after trying to
|
||||
reach http://www.google.com through the proxy. Maybe we should let
|
||||
users specify their own pattern if they specify their own URL.
|
||||
- Is taking arguments in a table specific to a script a good idea?
|
||||
The example in the socks-open-proxy nsedoc of "--script-args
|
||||
openproxy={host=<host>}" is a bit of a mess and I'm not sure the
|
||||
best way to document that in the script argument list. Note that
|
||||
this is the standard way we've handled it for some other scripts,
|
||||
so it's not an open-proxy-script-specific problem.
|
||||
o [NSE] Resolve ssh2.lua buffering problems
|
||||
(http://seclists.org/nmap-dev/2009/q2/0673.html) [Joao]
|
||||
|
||||
o [NSE] Track active sockets in the nsock library binding and don't
|
||||
rely on garbage collection for reallocation. Can probably wait until
|
||||
@@ -76,13 +64,25 @@ o Deadlock identification and correction:
|
||||
deadlocked, or as in the case I observed where whois.nse was locked
|
||||
with itself."
|
||||
|
||||
o Consider the open proxy scripts more carefully
|
||||
- How should we test whether the proxy attempt was successful? Right
|
||||
now we look for a google-specific Server header after trying to
|
||||
reach http://www.google.com through the proxy. Maybe we should let
|
||||
users specify their own pattern if they specify their own URL.
|
||||
- Is taking arguments in a table specific to a script a good idea?
|
||||
The example in the socks-open-proxy nsedoc of "--script-args
|
||||
openproxy={host=<host>}" is a bit of a mess and I'm not sure the
|
||||
best way to document that in the script argument list. Note that
|
||||
this is the standard way we've handled it for some other scripts,
|
||||
so it's not an open-proxy-script-specific problem.
|
||||
|
||||
o Consider making it easier to tell whether scripts were specified by
|
||||
name on the command-line (rather than default or by class) so they
|
||||
have the option of providing extra verbosity in that case. For
|
||||
example, see http://seclists.org/nmap-dev/2009/q2/0563.html. We
|
||||
could either provide a special function for scripts to determine
|
||||
that, or we could magically adjust nmap.verbosity() when called by
|
||||
those scripts.
|
||||
those scripts. [David]
|
||||
|
||||
o [Ncat] Maybe --chat should imply -l. And Maybe --broker should too?
|
||||
- OTOH, we might want to extend --chat for connect mode in the
|
||||
@@ -117,6 +117,9 @@ o [Ncat] In verbose mode, I'd like to see clock time and maybe in/out
|
||||
o Change Nsock to give an error if you try to FD_SET a fd larger than
|
||||
FD_SETSIZE. [Brandon]
|
||||
|
||||
o Decide what to do about ncat source code headers -- maybe just use
|
||||
the Nmap ones.
|
||||
|
||||
o Change Nsock so that it is able to take advantage of more modern
|
||||
interfaces to dealing with large sockets, rather than just select.
|
||||
Perhaps we should look at poll(), Windows completion ports, and some
|
||||
@@ -205,6 +208,8 @@ o [NSE] We may want to consider a better exception handling method --
|
||||
Something based on that would be better [than the current system], I
|
||||
think."
|
||||
|
||||
o [NSE] Consider HTTP request caching.
|
||||
|
||||
o [NSE] http improvements
|
||||
o Spidering library+scripts? How should the spider store the results
|
||||
and make them available to other scripts? How do we limit
|
||||
@@ -221,6 +226,27 @@ o [NSE] http improvements
|
||||
o Consider POST/HEAD support. See
|
||||
http://seclists.org/nmap-dev/2009/q1/0889.html.
|
||||
|
||||
o Dependency licensing issues (OpenSSL, Python, GTK+, etc.)
|
||||
o We should do an audit to ensure that we are in complete compliance for the
|
||||
licenses of all the software we ship in any of our downloads, as some
|
||||
licenses have special clauses for things like including their
|
||||
license/copyright file, mentioning them in our documentation, etc.
|
||||
And of course we want to credit them properly even where the license
|
||||
doesn't require it. We should probably make a list of these in our
|
||||
docs/ directory along with any special information/requirements of
|
||||
their license. And maybe we should put the current licenses in a
|
||||
subdir too. In particular, these come to mind:
|
||||
o libpcre
|
||||
o lua
|
||||
o OpenSSL
|
||||
o libpcap
|
||||
o GTK+/Glib/ATK/Pango/PyGTK (Win/Mac versions of Zenmap link to
|
||||
PyGTK)
|
||||
o SQLite
|
||||
o Python (Win/Mac versions of Zenmap link to Python)
|
||||
o X.org libraries (Mac version links to them)
|
||||
o libdnet
|
||||
|
||||
o [NSE] Improve username/password library (the database files
|
||||
themselves). We don't have very good lists at the moment. Maybe
|
||||
work in combination with Ncrack dev.
|
||||
@@ -236,6 +262,12 @@ o [NSE] Would be great if NSE scripts could be made to NOT
|
||||
|
||||
o [NSE] NFS query script for checking exports, etc.?
|
||||
|
||||
o [NSE] Finish (or write new) favicon fingerprinting script. See
|
||||
http://seclists.org/nmap-dev/2008/q4/0583.html . May need to do
|
||||
some more scanning and increase the DB size a bit. May or may not
|
||||
want to later combine this as part of a larger webapp fingerprinting
|
||||
script.
|
||||
|
||||
o [NSE] Web application fingerprinting script. Would be great to be
|
||||
able to take a URL and determine things like "this is Joomla" or
|
||||
"this is Plone" or "Mediawiki" or whatever. Rather than hard code
|
||||
@@ -259,13 +291,7 @@ o [NSE] Figure out a way to support people who want to do script scan,
|
||||
more types of scans--a while back we started allowing it with -sP
|
||||
ping scans due to high demand.
|
||||
|
||||
o Finish (or write new) favicon fingerprinting script. See
|
||||
http://seclists.org/nmap-dev/2008/q4/0583.html . May need to do
|
||||
some more scanning and increase the DB size a bit. May or may not
|
||||
want to combine this as part of a larger webapp fingerprinting
|
||||
script.
|
||||
|
||||
o NSE Security Review
|
||||
o [NSE] Security Review
|
||||
o Consider what, if any, vulnerabilities or security risks NSE has
|
||||
with respect to buffer overflows, format string bugs, any other
|
||||
maliciously formatted responses from target systems, etc. Maybe
|
||||
|
||||
Reference in New Issue
Block a user