mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 04:31:29 +00:00
151 lines
6.1 KiB
Plaintext
151 lines
6.1 KiB
Plaintext
In progress:
|
|
============
|
|
|
|
o We should offer partial results when a host
|
|
timeouts. I (Fyodor) have been against this in the past, but maybe
|
|
the value is sufficient to be worth the maintenance headaches. Many
|
|
users have asked for this. If we do implement this, we may want to
|
|
only print results for the COMPLETED phases (e.g. host discovery,
|
|
port scanning, version detection, traceroute, NSE, etc.) Trying to
|
|
print partial results of a port scan or NSE or the like might be a
|
|
pain. And if we print some results for a host which timeouts, we
|
|
should give a very clear warning that the results for that host are
|
|
incomplete. As an example, here is someone who hacked Nmap source
|
|
code to achieve this: http://seclists.org/pen-test/2010/Mar/108.
|
|
o Another benefit would be that it would allow us to clean
|
|
up/regularize the host output code. Right now there are I think
|
|
three places where a host's final output can be printed. If,
|
|
instead, that code just looked at what information was available and
|
|
printed that out only, we could potentially isolate it in just one
|
|
place.
|
|
o This also might let us provide a feature for skipping the rest of
|
|
an Nmap phase which is going too slowly (I think that has its own
|
|
Nmap TODO item).
|
|
|
|
Hanging(waiting for further input, etc..):
|
|
==========================================
|
|
|
|
o Nmap *poor's man* test suite by expanding on what I already have in
|
|
/nmap-exp/shinnok/nmap-test-script.
|
|
|
|
o NMAP reports different service results every so often with the same port.
|
|
http://seclists.org/nmap-dev/2011/q2/815
|
|
|
|
o Review latest revision of Marek's ncat_proxy.patch - DONE
|
|
http://seclists.org/nmap-dev/2011/q2/573
|
|
o Commit approval pending
|
|
|
|
Pending:
|
|
========
|
|
|
|
Pending (low priority):
|
|
=======================
|
|
|
|
o E-mail nmap-dev with GProfiles /ncrack
|
|
o Create new default username list:
|
|
http://seclists.org/nmap-dev/2010/q1/798
|
|
o Could be a SoC Ncrack task, though should prove useful for Nmap
|
|
too
|
|
o We probably want to support several lists. Like an admin/default
|
|
list like "root", "admin", "administrator", "web", "user", "test",
|
|
and also a general list which we obtain from spidering from
|
|
emails, etc.
|
|
|
|
Potential:
|
|
==========
|
|
|
|
COMPLETED:
|
|
==========
|
|
|
|
o Add a --append-output option to ncat. [DONE - r25737]
|
|
|
|
o libpcre/pcre.h - is cleared upon make distclean thus leaving the SVN
|
|
working directory dirty
|
|
http://seclists.org/nmap-dev/2011/q2/708
|
|
|
|
o De-duplicate code by unifying ncat_broker.c and ncat_listen.c code paths,
|
|
either as a single file in ncat_listen.c or merge duplicate code in
|
|
ncat_listen.c and keep only broker specific code in ncat_broker.c(it it's a
|
|
lot of code, otherwise ncat_listen.c would do just fine).
|
|
|
|
o Nmap should defer address parsing in arguments until it has read
|
|
through all the args. Otherwise you get an error if you use like -S
|
|
with an IPv6 address before you put -6 in the command line. You
|
|
get a similar problem (on David's IPv6 branch) if you do "-A -6"
|
|
(but "-6 -A works properly).
|
|
|
|
o Delve into Lua and NSE and try to write some scripts to get the hang
|
|
of it and gain a better understanding of the NSE engine in Nmap.
|
|
o Written two NSE scripts, http-reverse-ip and http-google-email that
|
|
can be found in /nmap-exp/shinnok/nse.
|
|
|
|
o E-mail nmap-dev with QtCreator usage steps for Nmap
|
|
|
|
--
|
|
o Ncat hangs on ssl -> REFACTORING
|
|
some refactoring left to be done to reduce code duplication
|
|
http://seclists.org/nmap-dev/2011/q2/842
|
|
o Commit current switch/ifdef refactoring patch.
|
|
o Research code deduplication even further.
|
|
|
|
o Ncat chat (at least in ssl mode) no longer gives the banner greeting
|
|
when I connect. This worked in r23918, but not in r24185, which is
|
|
the one running on chat.nmap.org as of 6/20/11. Verify by running
|
|
"ncat --ssl -v chat.nmap.org"
|
|
|
|
o Pending uncompleted SSL handshakes when in --exec* listening mode make
|
|
Ncat consume 100% cpu(core/thread).
|
|
Possible solutions:
|
|
o Listen on the union of the two sets in ncat_listen.c composed of the
|
|
current set and a secondary one, ssl_pending which should include the
|
|
pending ssl hanshake sockets.
|
|
o Timeout ssl handshakes.
|
|
o Delay adding the exec output pipes to fselect/WaitForMultipleObjects
|
|
until the ssl handshake has been completed.
|
|
http://seclists.org/nmap-dev/2011/q2/988
|
|
---
|
|
|
|
o Fix ncat.xml(the input for the man page) examples section. - David came up
|
|
with the final right fix on this one.
|
|
|
|
o Ncat should close its socket and refuse further connections after the first
|
|
one, if invoked without --keep-open. That's what traditional netcat does
|
|
too. - DONE [r24197]
|
|
http://seclists.org/nmap-dev/2011/q2/944
|
|
o Add TEST in ncat-test.pl - DONE [r24373]
|
|
|
|
o Closing Zenmap without stopping the scan first will leave nmap running in
|
|
the process list on Windows. [r24308]
|
|
[Actually, Zenmap was unable to kill the nmap scan processes at all on
|
|
Windows]
|
|
|
|
o Zenmap should wait for the return exit code of the nmap scanning subprocess
|
|
upon killing it(canceled scan), otherwise the subprocesses will enter a
|
|
defunct(zombie) state.[r24235]
|
|
|
|
o Fix build_icmp_raw and build_igmp_raw filling the packet data payload
|
|
with zeroes instead of the supplied random data, when nmap is invoked
|
|
with --data-length.[r24127]
|
|
|
|
o Investigate and document how easy it is to drop Ncat.exe by itself
|
|
on other systems and have it work. [r24242]
|
|
http://seclists.org/nmap-dev/2011/q2/1090
|
|
|
|
o We should also look into the dependencies of Nmap and Zenmap.
|
|
It may be instructive to look at "Portable Firefox"
|
|
(http://portableapps.com/apps/internet/firefox_portable) which is
|
|
built using open source technology from portableapps.com, or look at
|
|
"The Network Toolkit" by Cace
|
|
(http://www.cacetech.com/products/network_toolkit.html).
|
|
|
|
o --max-conns is broken in latest svn -> fixed in r24130, other two
|
|
bugs discovered:
|
|
o --max-conns 0 kills ncat with a glibc assertion error on calloc with
|
|
zero as nmemb(??) at:
|
|
init_fdlist(&broadcast_fdlist, o.conn_limit);
|
|
o When killing the first initiated connection on --max-conns > 1 Ncat:
|
|
Ncat: Program bug: fd (5) not on list. QUITTING.
|
|
[DONE]The previous two bugs were introduced in r24130, they are now fixed
|
|
in r24193.
|
|
|