Nmap Development mailing list archives
Re: Status Report #15 of 17
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Tue, 04 Aug 2009 05:28:18 +0300
Greetings. Status Report #15 of 17 Accomplishments: * Completed documentation/paper for opensshlib. The latest version can always be found at Ncrack's svn repository under ncrack/docs/openssh-library.txt but copies have also been posted at nmap-dev previously ( http://seclists.org/nmap-dev/2009/q3/0428.html ) and at my site: http://sock-raw.org/papers/openssh_library * Continued writing man-page. Still some things left to write. * Added SSL support through Nsock. This has only been tested for the HTTP basic auth module. * Finally converted every Ncrack's module to use the new Buf class (a generic buffer manipulation class whose code has been derived from OpenSSH's buffer.c) Changes were made for TELNET and FTP modules. * Improved FTP module with ftp_loop_read() handler which can now parse every FTP packet that spans multiple lines and can often be transmitted in separate TCP segments (as was the case with Filezilla that initially sends 3 packets for each banner - speak about verbosity) * Added phpbb password file which contains 500 top cracked passwords from leaked list. This list was assembled by Brandon Enright. * Improved Makefile.in which now installs Ncrack and all associated files in Unix systems using the traditional way of 'make install'. Datafiles (lists and ncrack-services will normally be saved under /usr/local/share/ncrack/ or /usr/share/ncrack/. Essentially this marks the ending of the packaging pending issue. Both Windows and *nix installers are now ready. * Introduced ncrack_fetchfile() function which is based on Nmap's equivalent code and is responsible for fetching the username/password lists and the 'ncrack-services' file by looking at multiple locations. * Improved ServicesTable printing (which is triggered by specifying target listing with --list or -sL and at least 1 level of debugging) using the venerable NmapOutputTable class. * Refined a small part of the output engine concerning the initial and the last header being printed (at the beginning and end of the output). * Wrote some thoughts on the --resume option. http://seclists.org/nmap-dev/2009/q3/0434.html * Sent mail about consistency of Nmap's Windows Makefile with Ncrack's corresponding one: http://seclists.org/nmap-dev/2009/q3/0433.html * Read some code about http form auth module. * Cleaned up and reordered TODO list. * Reopened bug-ticket about the Windows XP SP 3 Firewall issue: http://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=479640 Let's hope that it works out this time and the MS folks will be able to reproduce it now, unlike last time (that was tested on XP SP 2 and which seems not to apply there). * Discussed some feedback related to the SSH module. Thanks jah. Priorities: * Write form-auth module. * Finish manpage. * Assemble optimal default password list. * Discuss with Fyodor about pending issues. Cheers, ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Status Report #15 of 17 Luis M. (Aug 03)
- <Possible follow-ups>
- Status Report #15 of 17 J Marlow (Aug 03)
- Re: Status Report #15 of 17 ithilgore (Aug 03)
- Re: Status Report #15 of 17 Patrick Donnelly (Aug 03)
- Re: Status Report #15 of 17 venkat sanaka (Aug 03)
- Re: Status Report #15 of 17 ithilgore (Aug 03)
- Status Report #15 of 17 Joao Correa (Aug 04)