From cb35b7d24867b030fab5efcda8825ebef4cfd9b0 Mon Sep 17 00:00:00 2001 From: fyodor Date: Wed, 6 Jun 2012 23:57:38 +0000 Subject: [PATCH] add a small note --- todo/nmap.txt | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/todo/nmap.txt b/todo/nmap.txt index f83a50bcb..5859ec577 100644 --- a/todo/nmap.txt +++ b/todo/nmap.txt @@ -1,8 +1,12 @@ TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- -o Fix get_srcaddr error happening on Windows XP +o Make Nmap 6.01 release containing (among possibly other little +fixes) + - get_srcaddr fix (when we finish it) + - Zenmap 10.7 hang fix (done in trunk) + - Zenmap crash when filtering hosts (done in trunk) -o Zenmap hang on OS X 10.7 +o Fix get_srcaddr error happening on Windows XP o We should add fields to the service submitter (http://insecure.org/cgi-bin/submit.cgi?new-service) for the @@ -32,8 +36,6 @@ o We should probably redo the Nmap header (e.g. on http://nmap.org) to screenshots and think about which links we really need (some of those pages aren't really updated any more). -o Consider whether we want to make --log-errors the default Nmap behavior - o FEATURE CREEPERS! We have two talented GSoC students for summer 2012. Here are some ideas that they could do, though anyone else is welcome to take a stab at them too: @@ -57,13 +59,17 @@ o FEATURE CREEPERS! We have two talented GSoC students for summer (where related fields are the pairs (p, cpe:), (v, cpe:), (i, cpe:), (o, cpe:)). For example if we have v/$1/ h/$1/ it is a bug. - o Check for e.g. i/French/ without :fr in cpe:/a, and vice versa. o Check a list of common product names that should only appear in p//, not in i//. We still have entries that are like this: p/Foobar 2000 ADSL router/ i/micro_httpd web server/ that should rather be written this way: p/micro_httpd/ i/Foobar 2000 ADSL router/ + o [Done] Check for e.g. i/French/ without :fr in cpe:/a, and vice versa. [Sean and David?] + o Remove Nmap's --log-errors feature and make its behavior the + default. A few notes: + - Nmap should just ignore --log-errors if it sees it + - Remember to remove it from the documentation o Investigate increasing FD_SETSIZE on Windows to allow us to multiplex more sockets. See Henri's email: http://seclists.org/nmap-dev/2012/q1/267 [James and Fyodor?] @@ -158,6 +164,8 @@ o Investigate why http pipelining so often doesn't work in NSE Decreasing max pipelined requests to 1. 100 may a wildly high number of requests to attempt to pipeline. And then something else probably goes wrong after it decides 41 is okay. + - Related: Does caching work with pipeleined requests? We should + make sure it does. o Revive the Nmap Public Source License project (need to find an open source attorney to review it). http://nmap.org/npsl/ @@ -436,8 +444,6 @@ o Move Zenmap man page from nmap/docs/ to nmap/zenmap/docs to match o Consider standardizing names for nping and ncrack man pages as well. [Fyodor] -o [Web] Add a page with the Nmap related videos we do have already - o [NSE] MSRPC - Improve domain support all around -- in particular, let the user give the domain in the format DOMAIN\username or username@DOMAIN anywhere that usernames are accepted. Suggested @@ -773,6 +779,11 @@ o random tip database DONE: +o [Web] Add a page with the Nmap related videos we do have already + - We have a page on Secwiki now: https://secwiki.org/w/Nmap/Presentations + +o Zenmap hang on OS X 10.7 + o For many years, the Nmap man page and online documentation has had an "Inappropriate Usage" section which notes that "Nmap should never be installed with special privileges (e.g. suid root) for security