Changes from chat w/David

todo/nmap.txt

@@ -1,5 +1,17 @@
 TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*-
 
+o Now that NSE has more script phases (prerule, postrule, hostrule,
+  portrule, and versionrule soon to come), the NSEDoc should specify
+  which phases a script belongs to.
+
+o [NSE] Maybe we should create a script which checks once a day
+  whether similar tools (Metasploit, Nessus, OpenVAS, etc.) have any
+  new modules, and then mails out a list of them with the description
+  fields.  The mail could go to just interested parties, or maybe
+  nmap-dev.  This may help prevent important vulnerabilities from
+  falling through the cracks.  Perhaps we would include new NSEs in
+  there too, especially if we open it up as a public list.
+
 o [NSE] Review scripts:
    o Hostmap (Ange Gutek) - http://seclists.org/nmap-dev/2010/q3/60
 
@@ -10,8 +22,19 @@ o [Zenmap] Show help for individual script arguments in the Help pane,
 
 o Process Nmap survey and send out results [Fyodor]
 
+o [Web] Add a page with the Nmap related videos we do have already
+
+o Post BH/Defcon Nmap videos
+
+o Write and post 2010 SoC Successes writeup [Fyodor]
+
 o Make new SecTools.Org site with the 2010 survey results.
 
+o Investigate ways to limit Winpcap privileges so that only
+  administrative users or a certain accounts can sniff.  Maybe there
+  is a solution people use for Wireshark or does it always cause this
+  issue (allowing any user to sniff the network) when it is installed?
+
 o Create new default username list: [Ithilgore working on this]
   http://seclists.org/nmap-dev/2010/q1/798
   o Could be a SoC Ncrack task, though should prove useful for Nmap
@@ -21,6 +44,14 @@ o Create new default username list: [Ithilgore working on this]
     and also a general list which we obtain from spidering from
     emails, etc.
 
+o Nping needs to call nsp_delete so that its socket descriptors are
+  not left behind.
+
+o Revive the Nmap Public Source License project (need to find an open
+  source attorney to review it).  http://nmap.org/npsl/
+  o Also take close look at Mozilla's license modernization project:
+    http://mpl.mozilla.org/scope/
+
 o [Zenmap] Consider a memory usage audit. This thread includes a claim
   that a 4,094 host scan can take up 800MB+ of memory in Zenmap:
   http://seclists.org/nmap-dev/2010/q1/1127
@@ -36,10 +67,6 @@ o [Zenmap] Consider a memory usage audit. This thread includes a claim
   hosts/services functionality seemed to work, although it would take
   a minute or so to switch from say "ftp" port to view "ssh" ports.
 
-o Consider implementing a nsock_pcap_close() function or making
-  nsp_delete() call pcap_close() when pcap IODs are used. Currently valgrind
-  warns about a socket descriptor left opened (at least in Nping).
-  See http://seclists.org/nmap-dev/2010/q3/305.
 
 o Do new Nmap release with the stuff merged from SoC students and
   other new developments.
@@ -53,18 +80,6 @@ o [NSE] We should probably enable broadcast scripts to work better by
   See this thread (only some of the messages involve broadcast
   support): http://seclists.org/nmap-dev/2010/q3/357
 
-o Now that NSE has more script phases (prerule, postrule, hostrule,
-  portrule, and versionrule soon to come), the NSEDoc should specify
-  which phases a script belongs to.
-
-o [NSE] Maybe we should create a script which checks once a day
-  whether similar tools (Metasploit, Nessus, OpenVAS, etc.) have any
-  new modules, and then mails out a list of them with the description
-  fields.  The mail could go to just interested parties, or maybe
-  nmap-dev.  This may help prevent important vulnerabilities from
-  falling through the cracks.  Perhaps we would include new NSEs in
-  there too, especially if we open it up as a public list.
-
 o [NSE] Our http-brute should probably support form POST method rather
   than just GET because some forms require that.
 
@@ -75,8 +90,6 @@ o Since Libdnet files (such as ltmain.sh) are apparently only used by
 o Upgrade our Windows OpenSSL binaries from version 0.9.8j to the
   newest version (1.0.0a as of Aug 12, 2010).
 
-o [Web] Add a page with the Nmap related videos we do have already
-
 o Add raw packet IPv6 support, initially for SYN scan
  o After that can add UDP scan, and sometime OS detection (David did
    some research on what IPv6 OS detection might require).
@@ -109,11 +122,6 @@ o [NSE] Write a couple more MSRPC scripts inspired by sysinternals:
   o Services (like sysinternals' psservice)
   [Drazen]
 
-o Investigate ways to limit Winpcap privileges so that only
-  administrative users or a certain accounts can sniff.  Maybe there
-  is a solution people use for Wireshark or does it always cause this
-  issue (allowing any user to sniff the network) when it is installed?
-
 o Let Nsock log to stdout, so its messages don't get mixed up with the
   output stream when Ncat is run with -vvv.
   http://seclists.org/nmap-dev/2010/q3/113
@@ -165,11 +173,6 @@ o Dependency licensing issues (OpenSSL, Python, GTK+, etc.)
  o X.org libraries (Mac version links to them)
  o libdnet
 
-o Revive the Nmap Public Source License project (need to find an open
-  source attorney to review it).  http://nmap.org/npsl/
-  o Also take close look at Mozilla's license modernization project:
-    http://mpl.mozilla.org/scope/
-
 o [Zenmap] should actually parse and use script results. See
   http://seclists.org/nmap-dev/2010/q1/1108
 
@@ -731,6 +734,13 @@ o random tip database
 
 DONE:
 
+o Consider implementing a nsock_pcap_close() function or making
+  nsp_delete() call pcap_close() when pcap IODs are used. Currently valgrind
+  warns about a socket descriptor left opened (at least in Nping).
+  See http://seclists.org/nmap-dev/2010/q3/305.
+  o It turns out that the pcap descriptors are being closed properly,
+    but Nping isn't calling nsp_delete.
+
 o [NSE] High speed brute force HTTP authentication.  Possibly POST and
    GET/HEAD brute force cracking. [done except for form POST, adding
    separate TODO item for that]