Re: GSoC'10

[Fyodor <fyodor () insecure org>]

On Sat, Mar 27, 2010 at 08:49:14AM -0400, Walt Scrivens wrote:
> Just based on observations of Apple's behavior, I would have to say
> that they would never approve nmap for the iPhone.  I hope I'm wrong,
> but they seem to avoid anything that might disclose any network
> information. Some time ago, I was helping Pavel Ahafonau
> (http://www.paully.com) to debug his network utilities which Apple has
> allowed, but they are very limited in their capability compared to
> nmap.  That leaves only jailbreak as your option.

This is an important concern to raise, and also a key reason I own an
N900 rather than an iPhone, but I don't think we need to dismiss the
idea of Nmap in the iPhone App Store.  At least not without strong
evidence that Apple really would ban it.  After all, some similar apps
are available.  For example:

NetDetective by Three Jacks Software
"In addition to essential tools for the networking professional
 (including Trace Route, WhoIs, and Ping) NetDetective gives users the
 ability to audit intranet connectivity. Using low level techniques
 common to NMap and other powerful network auditing tools, NetDetective
 will expose open TCP ports, UDP ports, and UPnP/Bonjour services
 running anywhere on your network."
http://itunes.apple.com/us/app/netdetective/id362243292

I imagine that we might have to compile without NSE, as I'm guessing
that being able to execute arbitrary scripts would break Apple's
"security model".  And I'm skeptical about whether we'd be able to get
raw packet scans/sniffing, so it might have to work the way Nmap does
when you don't have root access (e.g. connect scans).

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/