diff --git a/todo/done.txt b/todo/done.txt index 16e8c77ad..3d4121a65 100644 --- a/todo/done.txt +++ b/todo/done.txt @@ -1,5 +1,16 @@ DONE: +o Investigate how we're ending up with OS fingerprints in nmap-os-db + with attribute names like W0 and W8 when according to the docs they + are only supposed to be W1 - W6 (and plain W). + http://nmap.org/book/osdetect-methods.html#osdetect-w. See also + http://seclists.org/nmap-dev/2013/q4/68. Need to determine how + these are getting into the file (from Nmap itself or our + integration/merge tools) and fix that then remove them from the + file. + +o Integrate latest IPv4 OS detection submissions and corrections + o We should improve the Windows build process for Ndiff, since it works differently now that it is modularized. To build the Nmap 6.45 release, we (as a temporary hack, not in SVN): diff --git a/todo/nmap.txt b/todo/nmap.txt index 682b8c4bf..4d0712e6c 100644 --- a/todo/nmap.txt +++ b/todo/nmap.txt @@ -1,5 +1,62 @@ TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- +o Finish the version detection submission integration + +o Make sure the new version detection sigs have appropriate CPE’s. + +o Integrate latest IPv6 OS detection submissions and corrections + +o Our "make uninstall" should uninstall ndiff if it was installed too. +  We should probably do it in pretty much the same way we handle +  Zenmap (configure.ac, Makefile.in, and ndiff/setup.pl) + +o Make Windows 8.1 VM with VS 2013 and do more testing of Nmap compilation/running + +o Make and test build on a newer OS X than 10.6 (10.10 was recently released) + +o The XML version of Nmap lists and describes the six port states + recognized by Nmap near the top of the "Port Scanning Basics" + section.  That can be seen in the HTML rendering at + http://nmap.org/book/man-port-scanning-basics.html.  But in the man + page (nroff) rendering, the list is missing and it just gives the + title: "The six port states recognized by Nmap".  UPDATE: Now the + descriptions for each state appear in the man page, but the headings + ("open", etc.) are missing. We should figure out + why, and fix it. + +o Update OpenSSL library to 1.0.1j + +o Audit ncat's ssl algorithm and ciphersuite choices + +o Do a test/beta release (more, if necessary) + +o Make sure people have tested on Mac OS 10.10 + +o Do CHANGELOG for new release[Fyodor] + +o Web updates for new release + +o Build and post new release + +==Items we need to finish before next big release go above this line== + +o Work on Nmap on Mobile devices, particularly Android. Would be + great to get it in Google Play store, for example. An official + version with a workable GUI. For now, people have to do manual work + and it isn't as well tested either: + https://secwiki.org/w/Nmap/Android . If this is successful, we could + consider iOS. + +o Nmap performance work. Particularly with --min-rate. + +o Consider re-architecting Nmap to have more of a scanning pipeline +approach rather than fixed sets of hosts which start and finish one +phase and then move into the next in parallel. This could potentially +allow us to add hosts one by one to a phase as other hosts finish that +phase and, ideally, the phases could run in parallel too. + +o Nmap Network Scanning, 2nd Edition work [placeholder] + o Organize nselib into a hierarchy. A library "dirname/filename.lua" can be required as "dirname.filename". We would need to ensure the installers (Makefile, OS X, Windows, RPM) can handle this. See @@ -15,6 +72,16 @@ o We should work to reduce Zenmap's memory consumption. We used to in memory and a possible fix seems to be to use a file based paging system. +o Consider making a version of Nmap for Apple's official Mac App + Store. A particular concern with the downloadable Mac version of + Nmap is that Apple's new "Mountain Lion" release may require users + to jump through hoops to install unsigned non-app-store content per + their "Gatekeeper" "feature". Though maybe signing the app will be + enough. There may also be an issue with the "Sandboxing" + requirement for App Store apps starting June 2012. Will Nmap be + able to request all the permissions it needs? Ignoring the + technical challenges for the moment, what will users prefer? + o Do a roll up on (state, TTL) pair instead of just state so that TTL info is not lost when doing roll up on port states. See thread at http://seclists.org/nmap-dev/2014/q3/93 @@ -43,29 +110,13 @@ o Augment the configure script to list unmet dependencies. Currently, configure features that are/are-not available would be nice at the end of the script, so folks can see that they've e.g. missed the OpenSSL dependency. -o Integrate latest IPv4 OS detection submissions and corrections - -o Integrate latest IPv6 OS detection submissions and corrections - o Integrate latest version detection submissions and corrections -o Our "make uninstall" should uninstall ndiff if it was installed too. - We should probably do it in pretty much the same way we handle - Zenmap (configure.ac, Makefile.in, and ndiff/setup.pl) - o Look into moving our Mac building/testing system into a virtual machine or leased server sort of environment so that multiple Nmap developers can access it and nobody has to keep a stack of Mac Minis in their closet. -o The XML version of Nmap lists and describes the six port states - recognized by Nmap near the top of the "Port Scanning Basics" - section. That can be seen in the HTML rendering at - http://nmap.org/book/man-port-scanning-basics.html. But in the man - page (nroff) rendering, the list is missing and it just gives the - title: "The six port states recognized by Nmap". We should figure out - why, and fix it. - o INFRASTRUCTURE: Upgrade seclists to use Mailman 3, which apparently has many improvements. @@ -108,13 +159,6 @@ o Make CONCURRENCY_LIMIT in nse_main.lua at least the min-parallelism. Otherwise NSE is limited to 1000 socket-using threads even if you've requested more. -o Work on Nmap on Mobile devices, particularly Android. Would be - great to get it in Google Play store, for example. An official - version with a workable GUI. For now, people have to do manual work - and it isn't as well tested either: - https://secwiki.org/w/Nmap/Android . If this is successful, we could - consider iOS. - o INFRASTRUCTURE: Add IPv6 support to secwiki - We probably just have to designate a new IPv6 address for it and add it to Apache config. @@ -125,22 +169,12 @@ o INFRASTRUCTURE: Consider updating our svn-mailer.py (and conf file) currently using one from subversion-1.4.2/tools/hook-scripts/mailer/mailer.py. -o Investigate how we're ending up with OS fingerprints in nmap-os-db - with attribute names like W0 and W8 when according to the docs they - are only supposed to be W1 - W6 (and plain W). - http://nmap.org/book/osdetect-methods.html#osdetect-w. See also - http://seclists.org/nmap-dev/2013/q4/68. Need to determine how - these are getting into the file (from Nmap itself or our - integration/merge tools) and fix that then remove them from the - file. - o Consider a two-stage model for IPv6 subnet/pattern support o Right now you can try to scan a /64, for example, and Nmap will try to iterate through them all (and of course never complete). So perhaps Nmap should first look at a specification and decide if it should use other techniques like multicast discovery instead. - o Move advanced IPv6 host discovery features from NSE into core Nmap. We'll probably add the functionality of targets-ipv6-multicast-invalid-dst, targets-ipv6-multicast-echo, and @@ -165,30 +199,27 @@ o Consider a continuous integration system for automating tests of various hardware/software for testing) and projects like Buildbot, Travis, Hudson, Jenkins, etc. -o Some things that GSoC 2014 student Sriharsha is or is likely to soon - be working on: - o Setting up his dev environment, getting Nmap compiling on Linux + - Win. - o Implement some improvements to dns-ip6-arpa.nse, as describe at - http://seclists.org/nmap-dev/2012/q2/45. - - Also consider a move to "fire and forget" logic. Just blast out - the queries that we know we have to make, and then read any replies - that may happen to come back. (but still try not to introduce - inaccuracy (missed hosts) by flooding the network. - o We should fix service detection so it can handle 0-byte captures - without crashing. - See http://seclists.org/nmap-dev/2014/q2/105 - o Fix a segmentation fault in Ncat when scanned with the SSL NSE - scripts. I was able to reproduce this on 2013-09-27 with latest SVN - by running: +o Implement some improvements to dns-ip6-arpa.nse, as describe at + http://seclists.org/nmap-dev/2012/q2/45. + - Also consider a move to "fire and forget" logic. Just blast out + the queries that we know we have to make, and then read any replies + that may happen to come back. (but still try not to introduce + inaccuracy (missed hosts) by flooding the network. + +o We should fix service detection so it can handle 0-byte captures + without crashing. + See http://seclists.org/nmap-dev/2014/q2/105 + +o Fix a segmentation fault in Ncat when scanned with the SSL NSE + scripts. I was able to reproduce this on 2013-09-27 with latest SVN + by running: Ncat: ncat -v -k --ssl -l localhost Nmap: ./nmap --script-trace --script '+ssl*' localhost -p 31337 - This was initially reported by Timo Juhani Lindfors on the Debian - bug tracker: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724580 - Henri notes: "I traced the latter back to openssl and opened a + This was initially reported by Timo Juhani Lindfors on the Debian + bug tracker: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724580 + Henri notes: "I traced the latter back to openssl and opened a ticket there, which never got any reply... https://rt.openssl.org/Ticket/Display.html?id=2885&user=guest&pass=guest" - o Our http library should allow the client to specify a max size in advance and should probably enforce some sort of maximum by default (unless turned off by the script). That way sites can't DoS Nmap by @@ -213,8 +244,6 @@ o We should probably redo the Nmap header (e.g. on http://nmap.org) to screenshots and think about which links we really need (some of those pages aren't really updated any more). -o Nmap Network Scanning, 2nd Edition work [placeholder] - o Investigate ways to limit Winpcap privileges so that only administrative users or a certain accounts can sniff. Maybe there is a solution people use for Wireshark or does it always cause this @@ -248,9 +277,6 @@ o Test a hierarchical classifier for IPv6 OS detection. Our classifier suspect playing it by ear will be sufficient. Talk to David for more of his thinking on this topic. -o Test Ncat's TLS hostname validation using the TLSPretense tool. - https://www.isecpartners.com/news-events/news/2012/october/the-lurking-menace-of-broken-tls-validation.aspx - o [INFRASTRUCTURE] Improve our main web server http configuration to better handle high load situations and DoS attacks. As part of this, we may have to raise the max client limits. But then there is @@ -266,12 +292,6 @@ o Investigate WinPcap support for NDIS 6. I'm not sure what Windows releases support NDIS 6 or what the backward compatability is like. -o Consider re-architecting Nmap to have more of a scanning pipeline -approach rather than fixed sets of hosts which start and finish one -phase and then move into the next in parallel. This could potentially -allow us to add hosts one by one to a phase as other hosts finish that -phase and, ideally, the phases could run in parallel too. - o NSE WORK (note that this is mostly infrastructure because script ideas are generally put on the script ideas page instead: https://secwiki.org/w/Nmap_Script_Ideas) @@ -283,16 +303,6 @@ o Revive the Nmap Public Source License project (need to find an open o Also take close look at Mozilla's license modernization project: http://mpl.mozilla.org/scope/ -o Consider making a version of Nmap for Apple's official Mac App - Store. A particular concern with the downloadable Mac version of - Nmap is that Apple's new "Mountain Lion" release may require users - to jump through hoops to install unsigned non-app-store content per - their "Gatekeeper" "feature". Though maybe signing the app will be - enough. There may also be an issue with the "Sandboxing" - requirement for App Store apps starting June 2012. Will Nmap be - able to request all the permissions it needs? Ignoring the - technical challenges for the moment, what will users prefer? - o Migrate web.insecure.org to a RHEL-6 derived distro (probably CENTOS 6, since Linode doesn't currently offer ScientificLinux images). o Actually, if we can wait until "second half of 2013", we might be @@ -483,7 +493,6 @@ o Improve Nsock proxies system - Nping could potentially use it as well (could be useful for measuring latency and reliability of a given proxy chain, for example). - - Add proxy support to connect() scan. This would mean moving connect scan to nsock. @@ -792,9 +801,6 @@ o Nmaprc-related - Create a system to store Nmap defaults/preferences o Maybe let you define "scan profiles" like is done with Zenmap. There would then be a command-line option to select the profile used. -o Search for nmap on google news, on google web, and add appropriate - links to press page and the like. - o Get new Zenmap logo o consider putting back on top-right of command constructor wizard (there used to be umit logo there).