Nmap Development mailing list archives
Shinnok's Status Report - #4 of 17
From: Shinnok <admin () shinnok com>
Date: Tue, 24 May 2011 10:42:29 +0300
Hello again, Today GSoC coding period has started officially, thus I'll try my best to be more productive starting today(yes, personal beating). These are my accomplishments from last week and priorities for the current: Accomplishments: * Tried my best at creating a full duplex work flow between git(-svn) and subversion with push and pull from github - failed. Did not fail completely though, but the solutions that I arrived to would have been to complex and a bugger to maintain then to just cope with SVN. I'll use only SVN for the time being. * Managed to get Qt Creator IDE[1] to work with the Nmap project. Syntax highlighting, *real* C/C++ code completion between Nmap libraries, local sources and system libraries(\o/), build, debug, analyze(valgring), scm integration, vim editing mode and lots of other juicy stuff. Will post a blog about how to do that in a generic way with Qt Creator and give Nmap as an example, in case anyone has been looking for a good IDE to work on Nmap. * Read some more code and got more intimate with the Nmap project file/directory structure. Do not like the Windows one. :-) * Although not directly related to Nmap, for a couple of days I've been crawling Google Profiles for all(35+ million) profile Names and enabled Nicknames due to this security overlook[2]. As per the Nmap TODO file section "o Create new default username list:" and [3], I think that we can use the nicknames that I crawled(already got 1 million) as a usernames.txt in Ncrack with some fine graining. Since the nicknames are the Google account profile username, which means Gmail and everything else, I have second thoughts about releasing millions of Gmail addresses over the net. On the other side, Google profiles specifically states this security issue and draws out of any responsibility, when one attempts to set his profile url to profiles.google.com/account_username instead of the default unique id number such as profiles.google.com/u/0/109065285129186838530. As for the names list, I plan to create a couple of dictionaries for usernames and passwords based on the same rules that Ron has applied to the Facebook directory names([4]). Ron? ^^ There's also some interesting statistics to be drawn out of the correlation between names and nicks that people choose, r.astley, rick.astley, rastley, r.roll, rroll, etc.. But I'll leave that for later since the current method I use for crawling, does not keep a direct relation between names and nicknames since not all accounts have the account name profile url enabled and for crawling performance reasons. Priorities: * Respond to David regarding a patch * Decide on something to get started with, just to get in the mood * Publish those blog posts I've been planning to do [1] http://qt.nokia.com/products/developer-tools/ [2] http://www.gstatic.com/s2/sitemaps/profiles-sitemap.xml [3] http://seclists.org/nmap-dev/2010/q1/798 [4] http://www.skullsecurity.org/blog/2010/return-of-the-facebook-snatchers Regards, Shinnok _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Shinnok's Status Report - #4 of 17 Shinnok (May 24)