Nmap Development mailing list archives
Re: Ideas for nmap development
From: David Fifield <david () bamsoftware com>
Date: Wed, 6 Apr 2011 11:41:51 -0700
On Sun, Apr 03, 2011 at 11:51:18PM +0530, Manik Jindal wrote:
I am a student of IITH pursuing B.Tech (2nd yr., CSE). I got the following ideas: 1. *Detect vulnerabilities and attack* nmap can detect applications along with their versions, binded with ports. If it also tells about the possible attacks, it will be a more better tool. Attacking option can also be embeded, which requires only a script for each attck. *How to implement* ** 1. Query CVE database with application name and version, which tells almost all the possible vulnerabilities. 2. List all of them. 3. Ask for an attack. 4. Choose script(if already present in nmap-attack database, may available on nmap server or local machine) or asks for script file. 5. Attack, by running script.
Hello, thanks for writing. If you haven't seen them yet, please see http://www.google-melange.com/gsoc/org/google/gsoc2011/nmap http://nmap.org/soc/ http://nmap.org/soc/GeneralRequirements.html http://nmap.org/soc/apply.html Have you looked at Marc Ruef's vulscan script? It matches service versions against a vulnerability database. What would you do differently? How will you overcome the challen http://seclists.org/nmap-dev/2010/q2/527 http://seclists.org/nmap-dev/2010/q2/752 http://www.scip.ch/?labs.20100603
2. *nmap for Mobile platforms* In todays life mobiles have a special character. It will be better to have nmap for mobiles. It will give portability to nmap users. Users can scan networks during travelling, and even at those places where laptops are not handy to use. And it will be useful at public places where obviously an hacker do not want to show results to any one. Its better to develop nmap for Android platform, coz of market statistics.
Have you seen the Android build put together by Vlatko Kosturjak? What would you add to this? http://seclists.org/nmap-dev/2011/q1/546 David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ideas for nmap development Manik Jindal (Apr 03)
- Re: Ideas for nmap development Toni Ruottu (Apr 03)
- Re: Ideas for nmap development Toni Ruottu (Apr 16)
- Re: Ideas for nmap development David Fifield (Apr 06)
- Re: Ideas for nmap development Manik Jindal (Apr 07)
- Re: Ideas for nmap development Toni Ruottu (Apr 03)