Re: Google/Nmap SoC 2009 Project Ideas?

[Fyodor <fyodor () insecure org>]

On Tue, Mar 10, 2009 at 01:26:10AM +0200, Toni Ruottu wrote:
> Make use of information provided by Bonjour.
> see http://seclists.org/nmap-dev/2008/q4/0558.html

Interesting idea!  Maybe this would make a good NSE script?  I'm not
very familiar with Bonjour, though I just skimmed the Wikipedia
article.  Can you elaborate more on how such a script might work, and
what the desired output would be?

> Find out local mac address
> see http://seclists.org/nmap-dev/2007/q2/0265.html

As you note in the mail, --iflist includes this information.  If you
want the vendor too, you can grep for the MAC prefix in
nmap-mac-prefixes.  Though really, Nmap is probably not the best tool
for this job.  A command such as "lspci -v" gives out far more
information than Nmap could.  For example, it tells me:

05:0c.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13)
        Subsystem: ASUSTeK Computer Inc. Marvell 88E8001 Gigabit Ethernet Controller (Asus)
        Flags: bus master, 66MHz, medium devsel, latency 32, IRQ 17
        Memory at d4000000 (32-bit, non-prefetchable) [size=16K]
        I/O ports at a000 [size=256]
        Expansion ROM at d5100000 [disabled] [size=128K]
        Capabilities: <access denied>
        Kernel driver in use: skge
        Kernel modules: skge

> Enhance nmap trace route with methods from DisCarte.
> see http://ccr.sigcomm.org/online/files/p303-sherwood.pdf

That looks like an interesting paper, and I've made a note to read it.
But unfortunately I can't do so today.  Can you elaborate more on what
techniques you think would be valuable in enhancing Nmap?

Thanks for your ideas!
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org