Nmap源代码

TODO $Id: TODO 11866 2009-01-24 23:10:05Z fyodor $ -*-text-*- o Create CHANGELOG o Make stable release candidate branch o Make at least one more test release from the candidate branch o Write and send GSoC 2011 results email o Prepare release notes, web page, etc. o Make the release ==Things needed for next STABLE release go ABOVE THIS LINE== o We should probably remove the intl.dll mv command from zenmap/install_scripts/windows/copy_and_compile.bat for the reasons described at http://seclists.org/nmap-dev/2012/q1/430. o [NSE] host.os should not just be a list of strings which can contain human-readible strings and/or CPE info. It should probably be list of host.os tables which can contain: host.os[].name <-- human readible name host.os[].class[].vendor host.os[].class[].osfamily host.os[].class[].osgen host.os[].class[].devicetype host.os[].class[].cpe[] <-- array of cpe:/ strings So host.os[1].class[1].cpe[1] is the first CPE entry for the first classification of the first OS match for the target system. The host.os entry docs/scripting.xml would have to be updated too. o [NPING] Nping should probably give you an error or warning when you do: "nmap -p80 google.com" since it is ignoring the port specifier. The user probably wants to add --tcp. o [NPING] At least on my (Fyodor) system, I get errors like "READ-PCAP killed: Resource temporarily unavailable" with some commands. Example: # nping --tcp -p80 -c1 scanme.nmap.org Starting Nping 0.5.61TEST4 ( http://nmap.org/nping ) at 2012-02-16 17:52 PST SENT (0.3307s) TCP 192.168.0.5:42005 > 74.207.244.221:80 S ttl=64 id=23109 iplen=40 seq=1015357225 win=1480 RCVD (0.3524s) TCP 74.207.244.221:80 > 192.168.0.5:42005 SA ttl=51 id=0 iplen=44 seq=3197025741 win=14600 <mss 1460> nping_event_handler(): READ-PCAP killed: Resource temporarily unavailable nping_event_handler(): TIMER killed: Resource temporarily unavailable [...] o Migrate web.insecure.org to a RHEL-6 derived distro (probably CENTOS 6, since Linode doesn't currently offer ScientificLinux images). o Solve "spurious closed port detection" issue discovered by David: http://seclists.org/nmap-dev/2012/q1/62 o Revive the Nmap Public Source License project (need to find an open source attorney to review it). http://nmap.org/npsl/ o Also take close look at Mozilla's license modernization project: http://mpl.mozilla.org/scope/ o Nmap Network Scanning, 2nd Edition work [placeholder] o Update more web content in real time (or near real-time, or at least on an automated basis rather than requiring manual checkin and update). In particular: o NSEDoc generation o SVN dir (http://nmap.org/svn/) should be removed and a redirect added to https svn server. o Maybe Nmap book building o Maybe the generated files in nmap.org/data/ o ssl-google-cert-catalog should not require that the user specify ssl-cert in order to run. Instead, they should probably both call a library which obtains the certificate (and caches it so that it doesn't happen twice if both scripts are run). In general, we want to avoid having any scripts tell the user "this script only works if you specify this other script too". If we really find we need that functionality, we should add a "strong dependencies" feature so that scripts can tell Nmap what other scripts they require. o Investigate increasing FD_SETSIZE on Windows to allow us to multiplex more sockets. See Henri's email: http://seclists.org/nmap-dev/2012/q1/267 o Investigate ways to limit Winpcap privileges so that only administrative users or a certain accounts can sniff. Maybe there is a solution people use for Wireshark or does it always cause this issue (allowing any user to sniff the network) when it is installed? - CACE says they will add a feature to do this. See this thread: http://seclists.org/nmap-dev/2010/q3/826 o Clean up the Nmap repo to remove some bloat we've allowed to creep in. Should do a more thorough search, but for now here are two obvious candidates: - /nmap/mswin32 should be moved outside of /nmap so that people just wanting to review Nmap source code or compile on UNIX don't get saddled with this. Of course we'll then have to update the Windows build config/scripts and also the Windows build instructions in install chapter to match the change. This may also enable us to check in GTK, Glib, etc. so that building on Windows doesn't require installing so many other packages first. - [done] Remove the 5MB of XSL in nping/docs/xsl o Maybe we should add an analysis or reporting or intelligence (or different name) for our NSE scripts which don't send any packets, but simply analyze Nmap's existing data and report when useful. o We should add fields to the service submitter (http://insecure.org/cgi-bin/submit.cgi?new-service) for the application name and version. o Make sure we update everywhere relevant (e.g. refguide, etc.) to note the addition in Nmap of the Liblinear library for large linear classification (http://www.csie.ntu.edu.tw/~cjlin/liblinear/). It uses a three-clause BSD license: http://www.csie.ntu.edu.tw/~cjlin/liblinear/COPYRIGHT - David has added it to 3rd-party-licenses.txt o Change the interface of nmap.send_ip to take an explicit destination address. It currently extracts the destination from the packet buffer, which does not have enough information to reconstruct link-local addresses. See r26621 for a similar change that was made to Nmap internals. o Install some sort of svnview webapp for svn.nmap.org which is wrapped in Insecure chrome, allows people to click link for direct file download, probably shows revision history and allows users to see older versions, etc. o Process Nmap survey and send out results [Fyodor] o Add many more CPE entries to OS and version detection databases o Move advanced IPv6 host discovery features from NSE into core Nmap. We'll probably add the functionality of targets-ipv6-multicast-invalid-dst, targets-ipv6-multicast-echo, and maybe targets-ipv6-multicast-slaac. - The idea is that Nmap does them automatically if it gets a large target specification and sees that it is local so can be multicast pinged. o We should document Ron's sample script (http://nmap.org/svn/docs/sample-script.nse) in docs/scripting.xml so that new script writers know about it. o Review NSE-based port scanning and RST idle scan. http://seclists.org/nmap-dev/2011/q2/307. o [UPDATER] Create a way to send an error message to the user (e.g. "your account has expired" or "updates denied due to overuse--please wait 24 hours before trying again", or "account suspended due to abuse")? David: I've seen svn errors like this: svn: Repository moved temporarily to 'http://www.metasploit.com/svn/framework3/trunk/modules'; please relocate so maybe there is a standard way to do it. o [UPDATER] Create webapp for account creation (can be deferred until later) o [UPDATER] Release to community, probably starting with a small test group of people. o [UPDATER] When it runs, it should give user more status about what happened. Maybe it could give the number of new/updated files and mention what directory it put them in (e.g. /home/fyodor/.nmap/updates/5.61TEST4). And if there are no updates available, it should say so. o Raw scans from Mac OS X seems not to retrieve the MAC address or do ARP ping, except when scanning the router on an interface. For example, scanning 192.168.0.1-5 sends ARP pings to 192.168.0.1, but the normal four-probe combination to the other addresses. The "MAC address:" line appears in the output for .1 but not for the others. o To avoid Nmap memory usage bloat, find a way for NSE scripts to store information about a host which expires after Nmap is done scanning that host (e.g. when the hostgroup containing that host is fini