diff --git a/todo/nmap.txt b/todo/nmap.txt index 89e60f8a2..f38301f83 100644 --- a/todo/nmap.txt +++ b/todo/nmap.txt @@ -1,5 +1,17 @@ TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- +o Now that NSE has more script phases (prerule, postrule, hostrule, + portrule, and versionrule soon to come), the NSEDoc should specify + which phases a script belongs to. + +o [NSE] Maybe we should create a script which checks once a day + whether similar tools (Metasploit, Nessus, OpenVAS, etc.) have any + new modules, and then mails out a list of them with the description + fields. The mail could go to just interested parties, or maybe + nmap-dev. This may help prevent important vulnerabilities from + falling through the cracks. Perhaps we would include new NSEs in + there too, especially if we open it up as a public list. + o [NSE] Review scripts: o Hostmap (Ange Gutek) - http://seclists.org/nmap-dev/2010/q3/60 @@ -10,8 +22,19 @@ o [Zenmap] Show help for individual script arguments in the Help pane, o Process Nmap survey and send out results [Fyodor] +o [Web] Add a page with the Nmap related videos we do have already + +o Post BH/Defcon Nmap videos + +o Write and post 2010 SoC Successes writeup [Fyodor] + o Make new SecTools.Org site with the 2010 survey results. +o Investigate ways to limit Winpcap privileges so that only + administrative users or a certain accounts can sniff. Maybe there + is a solution people use for Wireshark or does it always cause this + issue (allowing any user to sniff the network) when it is installed? + o Create new default username list: [Ithilgore working on this] http://seclists.org/nmap-dev/2010/q1/798 o Could be a SoC Ncrack task, though should prove useful for Nmap @@ -21,6 +44,14 @@ o Create new default username list: [Ithilgore working on this] and also a general list which we obtain from spidering from emails, etc. +o Nping needs to call nsp_delete so that its socket descriptors are + not left behind. + +o Revive the Nmap Public Source License project (need to find an open + source attorney to review it). http://nmap.org/npsl/ + o Also take close look at Mozilla's license modernization project: + http://mpl.mozilla.org/scope/ + o [Zenmap] Consider a memory usage audit. This thread includes a claim that a 4,094 host scan can take up 800MB+ of memory in Zenmap: http://seclists.org/nmap-dev/2010/q1/1127 @@ -36,10 +67,6 @@ o [Zenmap] Consider a memory usage audit. This thread includes a claim hosts/services functionality seemed to work, although it would take a minute or so to switch from say "ftp" port to view "ssh" ports. -o Consider implementing a nsock_pcap_close() function or making - nsp_delete() call pcap_close() when pcap IODs are used. Currently valgrind - warns about a socket descriptor left opened (at least in Nping). - See http://seclists.org/nmap-dev/2010/q3/305. o Do new Nmap release with the stuff merged from SoC students and other new developments. @@ -53,18 +80,6 @@ o [NSE] We should probably enable broadcast scripts to work better by See this thread (only some of the messages involve broadcast support): http://seclists.org/nmap-dev/2010/q3/357 -o Now that NSE has more script phases (prerule, postrule, hostrule, - portrule, and versionrule soon to come), the NSEDoc should specify - which phases a script belongs to. - -o [NSE] Maybe we should create a script which checks once a day - whether similar tools (Metasploit, Nessus, OpenVAS, etc.) have any - new modules, and then mails out a list of them with the description - fields. The mail could go to just interested parties, or maybe - nmap-dev. This may help prevent important vulnerabilities from - falling through the cracks. Perhaps we would include new NSEs in - there too, especially if we open it up as a public list. - o [NSE] Our http-brute should probably support form POST method rather than just GET because some forms require that. @@ -75,8 +90,6 @@ o Since Libdnet files (such as ltmain.sh) are apparently only used by o Upgrade our Windows OpenSSL binaries from version 0.9.8j to the newest version (1.0.0a as of Aug 12, 2010). -o [Web] Add a page with the Nmap related videos we do have already - o Add raw packet IPv6 support, initially for SYN scan o After that can add UDP scan, and sometime OS detection (David did some research on what IPv6 OS detection might require). @@ -109,11 +122,6 @@ o [NSE] Write a couple more MSRPC scripts inspired by sysinternals: o Services (like sysinternals' psservice) [Drazen] -o Investigate ways to limit Winpcap privileges so that only - administrative users or a certain accounts can sniff. Maybe there - is a solution people use for Wireshark or does it always cause this - issue (allowing any user to sniff the network) when it is installed? - o Let Nsock log to stdout, so its messages don't get mixed up with the output stream when Ncat is run with -vvv. http://seclists.org/nmap-dev/2010/q3/113 @@ -165,11 +173,6 @@ o Dependency licensing issues (OpenSSL, Python, GTK+, etc.) o X.org libraries (Mac version links to them) o libdnet -o Revive the Nmap Public Source License project (need to find an open - source attorney to review it). http://nmap.org/npsl/ - o Also take close look at Mozilla's license modernization project: - http://mpl.mozilla.org/scope/ - o [Zenmap] should actually parse and use script results. See http://seclists.org/nmap-dev/2010/q1/1108 @@ -731,6 +734,13 @@ o random tip database DONE: +o Consider implementing a nsock_pcap_close() function or making + nsp_delete() call pcap_close() when pcap IODs are used. Currently valgrind + warns about a socket descriptor left opened (at least in Nping). + See http://seclists.org/nmap-dev/2010/q3/305. + o It turns out that the pcap descriptors are being closed properly, + but Nping isn't calling nsp_delete. + o [NSE] High speed brute force HTTP authentication. Possibly POST and GET/HEAD brute force cracking. [done except for form POST, adding separate TODO item for that]