Re: GSoC: Nmap on Android

[David Fifield <david () bamsoftware com>]

On Tue, Apr 06, 2010 at 12:52:37AM -0600, luke jeter wrote:
> Because I'm interested in helping to bring Nmap to Android, I've spent a
> little time contemplating the following question: If I were a network
> security professional, how could Zenmap and my fancy new phone help me do my
> job? Since I'm merely an *aspiring* network security professional I'd like
> to throw the following little fictitious scenario out to the community for
> an assessment of just how accurate it might be:
>
> Cartman is an executive at a local bank branch and considers himself very
> tech-savvy (by bank branch executive standards). He has been personally
> involved in setting up a wireless network at the branch and has also managed
> to sync his phone's contact database with the branch's client list. One of
> Cartman's friends, Kenny, is a local CS grad student who recently helped the
> branch implement a user-authentication system that uses customers' phone's
> NFC capabilities at the teller window (a bit vague and very contrived, I
> know, but the details and usefulness aren't important to the storyline).
>
> I arrive, for whatever reason you'd like, to conduct a network security
> audit of the branch. I pull out my shiny new Nexus One, and tap the Zenmap
> icon. I then tap the 'target' combo box and up pops a list of all of the
> wifi access points and devices within range of my phone's antenna. I scroll
> down and discover a listening Bluetooth device that I can identify as
> Cartman's phone. Because I'm familiar with what's been happening within the
> branch, I've positioned myself at the teller window and can also detect the
> bank's available NFC device. At this point I can select any of the
> discovered targets, or designate my own, and I can select an appropriate
> profile from the corresponding drop-down and proceed to conduct my scans.
>
> Assertions, assumptions, and questions:
> As far as I know, Nmap does not have any wifi, Bluetooth, or NFC detection
> capabilities - please correct me if I'm mistaken. I know there are a number
> of other tools that perform these functions quite well, but after two years
> of working with a 7" netbook screen and a few weeks with an Android device
> I've become a big proponent of all-in-one gui solutions rather than trying
> to switch between applications. Just to confirm, I'm assuming that this type
> of device detection is frequently done when one is also doing Nmap scans?
> More importantly, would it fall within the scope of the Nmap/Zenmap project?

You're right; Nmap doesn't detect wireless networks. I can see the
utility in seeing a list of access points when you start Zenmap. We'd
need more specifics on how this should actually work, because these
wireless things are on a different level than the IP level at which Nmap
usually works. For example, there may be two WAPs with the IP address
192.168.0.1. To scan 192.168.0.1 requires extra information beyond the
IP address, which would probably require a separate step before scanning
proper began.

Giving wireless devices special priority in the Target box makes sense
for end-node devices, but not so much for things like access points. In
the latter case you're probably at least as interested in the hosts
connected to it. So instead of picking a wireless device as a target, it
might be better to allow you to associate with one, and then do a normal
Nmap ping scan for host discovery.

> The next obvious step would be to implement scans for these protocols, and
> again the primary question is whether or not it would fall inline with
> Nmap's goals. Rather than create the discovery and scanning code from
> scratch, would a better implementation alternative be to create Zenmap
> plug-ins? (A Kismet plug-in for Zenmap, for example.)

I guess that's a reasonable implementation. I would prefer not to
restrict any non-graphical functionality only to Zenmap, though.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/