Nmap Development mailing list archives
Re: GSoC: Nmap on Android
From: David Fifield <david () bamsoftware com>
Date: Thu, 8 Apr 2010 10:46:50 -0600
On Tue, Apr 06, 2010 at 12:52:37AM -0600, luke jeter wrote:
Because I'm interested in helping to bring Nmap to Android, I've spent a little time contemplating the following question: If I were a network security professional, how could Zenmap and my fancy new phone help me do my job? Since I'm merely an *aspiring* network security professional I'd like to throw the following little fictitious scenario out to the community for an assessment of just how accurate it might be: Cartman is an executive at a local bank branch and considers himself very tech-savvy (by bank branch executive standards). He has been personally involved in setting up a wireless network at the branch and has also managed to sync his phone's contact database with the branch's client list. One of Cartman's friends, Kenny, is a local CS grad student who recently helped the branch implement a user-authentication system that uses customers' phone's NFC capabilities at the teller window (a bit vague and very contrived, I know, but the details and usefulness aren't important to the storyline). I arrive, for whatever reason you'd like, to conduct a network security audit of the branch. I pull out my shiny new Nexus One, and tap the Zenmap icon. I then tap the 'target' combo box and up pops a list of all of the wifi access points and devices within range of my phone's antenna. I scroll down and discover a listening Bluetooth device that I can identify as Cartman's phone. Because I'm familiar with what's been happening within the branch, I've positioned myself at the teller window and can also detect the bank's available NFC device. At this point I can select any of the discovered targets, or designate my own, and I can select an appropriate profile from the corresponding drop-down and proceed to conduct my scans. Assertions, assumptions, and questions: As far as I know, Nmap does not have any wifi, Bluetooth, or NFC detection capabilities - please correct me if I'm mistaken. I know there are a number of other tools that perform these functions quite well, but after two years of working with a 7" netbook screen and a few weeks with an Android device I've become a big proponent of all-in-one gui solutions rather than trying to switch between applications. Just to confirm, I'm assuming that this type of device detection is frequently done when one is also doing Nmap scans? More importantly, would it fall within the scope of the Nmap/Zenmap project?
You're right; Nmap doesn't detect wireless networks. I can see the utility in seeing a list of access points when you start Zenmap. We'd need more specifics on how this should actually work, because these wireless things are on a different level than the IP level at which Nmap usually works. For example, there may be two WAPs with the IP address 192.168.0.1. To scan 192.168.0.1 requires extra information beyond the IP address, which would probably require a separate step before scanning proper began. Giving wireless devices special priority in the Target box makes sense for end-node devices, but not so much for things like access points. In the latter case you're probably at least as interested in the hosts connected to it. So instead of picking a wireless device as a target, it might be better to allow you to associate with one, and then do a normal Nmap ping scan for host discovery.
The next obvious step would be to implement scans for these protocols, and again the primary question is whether or not it would fall inline with Nmap's goals. Rather than create the discovery and scanning code from scratch, would a better implementation alternative be to create Zenmap plug-ins? (A Kismet plug-in for Zenmap, for example.)
I guess that's a reasonable implementation. I would prefer not to restrict any non-graphical functionality only to Zenmap, though. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: GSoC: Nmap on Android luke jeter (Apr 05)
- Message not available
- Fwd: GSoC: Nmap on Android Duarte Silva (Apr 06)
- Re: GSoC: Nmap on Android Duarte Silva (Apr 06)
- Fwd: GSoC: Nmap on Android Duarte Silva (Apr 06)
- Message not available
- Re: GSoC: Nmap on Android David Fifield (Apr 08)
- Re: GSoC: Nmap on Android DePriest, Jason R. (Apr 19)