PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-29 10:59:02 +00:00
Code Issues Projects Releases Wiki Activity
Files
fd59f6f8d2d2e84388e166b51a93fb605e704a72
nmap/todo/djalal.txt
djalal ce11504eff Updated my TODO file.
2011-07-15 16:46:12 +00:00

143 lines
4.1 KiB
Plaintext
Raw Blame History

==
GSoC 2011 TASKS:
o Work on my GSoC vulnerability and exploitation script ideas:
https://secwiki.org/w/Nmap/Script_Ideas#Djalal_Harouni
o Review all the "Improve NSE HTTP architecture" proposal suggetions
and comments, and try to include them and update the proposal.
http://seclists.org/nmap-dev/2011/q2/967
o Start a thread on Nmap-dev about users favorite Nmap and NSE commands,
and create a special page for it in the secwiki.org site.
This will also let us to create more scan profiles for Zenmap.
==
1) Nmap Scripting Engine Infrastructure:
o NSE Version Numbering.
http://seclists.org/nmap-dev/2010/q4/693
[Other tasks]
o Propose a better duplicate scanned IPs filtering engine.
2) NSE Scripts:
[Priorities tasks]
o NFS/RPC features:
- add NFS READLINK support to let nfs-ls show symbolic files.
o Review NSE scripts and libs, and fixing bugs:
- Document all the new NFS procedures.
[Other tasks]
o NFS/RPC features:
- Add more authentication support: Unix authentication.
- NFSv4 support.
- Add recursion support to nfs-ls.nse
==
MAYBE:
o Create a new rule "versionrule" which will be used by version
category scripts.
http://seclists.org/nmap-dev/2010/q3/551
o NSE debugger.
o Add more NSE control for long running scripts: one option will be a
boolean expression filter (like: tcpdump) which will change NSE scripts
arguments or behaviour according to previous results, this will be
really useful for big networks. Another option will be a generic NSE
(Lua) script with an easy and readable code that includes expressions or
filters selection to let us change NSE arguments according to previous
results.
Note: this option will be useful on big networks. however for the moment
this is a simple idea and it needs further discussion on the nmap-dev.
o Privileges dropping for NSE scripts [nmap TODO list].
o NSE security review [nmap TODO list].
o Fixing bugs.
- NSE not honoring the source port flag when doing version scan.
http://seclists.org/nmap-dev/2010/q2/576
David said that it will not be easy to support setting the source port
http://seclists.org/nmap-dev/2010/q3/331
==
DONE:
1) Nmap Scripting Engine Infrastructure:
o Submitted the "Improve NSE HTTP architecture" proposal
http://seclists.org/nmap-dev/2011/q2/967
o Make NSE scripts able to retrieve the interface network
information.
o LuaFileSystem directory iterator [1] port.
[1] http://keplerproject.github.com/luafilesystem/
o New class of scripts which use two new script rules:
- Script Pre-scanning and Script Post-scanning rules: "prerule" and
"postrule". Documented these new phases.
- Update scripts to use these new rules:
dns-zone-transfer now uses "prerule" and "portrule".
o Update other parts of Nmap book to show the new Script scan phases.
o Fixing bugs:
- NSE not honoring the Exclude directive bug fixed and committed
as r18467.
o Let NSE "prerule", "portrule" and "hostrule" scripts to add new
discoverd targets to Nmap.
o Update scripting.xml to show the new script scan phases.
2) NSE Scripts:
o smtp-vuln-cve2011-1764 script to check Exim DKIM Format String
vulnerability (CVE-2011-1764).
o Updated and Improved ftp-vsftpd-backdoor to detect the vsFTPd backdoor
(CVE-2011-2523).
o ftp-vuln-cve2010-4221.nse script to check the ProFTPD Telnet IAC stack
overflow (CVE-2010-4221).
o smtp-vuln-cve2010-4344 script to check and exploit Exim SMTP Server:
heap overflow (CVE-2010-4344) and privileges escalation (CVE-2010-4345)
o SMTP library.
o Rewritten SMTP scripts to use the smtp library:
- smtp-commands
- smtp-open-relay
- smtp-enum-users
o smtp-vuln-cve2011-1720 script to check for CVE-2011-1720
o broadcast-avahi-dos script to check for CVE-2011-1002
o NFS/RPC features:
- New script: nfs-ls which combines nfs-dirlist and nfs-acls and try to
emulates some features of the old "ls" unix tool. The script support
NFSv2 and NFSv3.
- Readapted the RPC and NFS library code with a new re-design with new
high level functions.
- Added NFS procedures support:
NFSv2: LOOKUP
NFSv3: FSSTAT, FSINFO, READDIRPLUS, PATHCONF, ACCESS, LOOKUP
Reference in New Issue View Git Blame Copy Permalink