Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GSoC: Nmap on Android

From: Duarte Silva <duartejcsilva () gmail com>
Date: Tue, 6 Apr 2010 09:49:25 +0100
Sorry, too late on the response. I didn't notice that some of the
points have already been addressed.

On Tue, Apr 6, 2010 at 9:47 AM, Duarte Silva <duartejcsilva () gmail com> wrote:

Hi,

Since I'm getting pretty acquainted with the Android platform in my
job, I think I can shed a light on this issue. The main development in
Android is made in Java. The GUI is designed by editing XML files with
a specific schema. So porting the Zenmap GUI is really porting it all
(Zenmap is Python if I'm not mistaken).

Even though the main development of Android is based on Java, there is
the possibility of developing in native code. I don't know which level
of freedom one has with the Android NDK (never had the need to use it)
but if the existing code of nmap could be compiled and executed based
on the NDK, it would be a big plus (reinventing the wheel, no thanks,
especially when talking of nmap).

I'm thinking that this isn't a fairly linear thing do to. Taking into
accounts the environmental needs of nmap.

Regards,
Duarte

On Tue, Apr 6, 2010 at 7:52 AM, luke jeter <luke.jeter () gmail com> wrote:

Because I'm interested in helping to bring Nmap to Android, I've spent a
little time contemplating the following question: If I were a network
security professional, how could Zenmap and my fancy new phone help me do my
job? Since I'm merely an *aspiring* network security professional I'd like
to throw the following little fictitious scenario out to the community for
an assessment of just how accurate it might be:

Cartman is an executive at a local bank branch and considers himself very
tech-savvy (by bank branch executive standards). He has been personally
involved in setting up a wireless network at the branch and has also managed
to sync his phone's contact database with the branch's client list. One of
Cartman's friends, Kenny, is a local CS grad student who recently helped the
branch implement a user-authentication system that uses customers' phone's
NFC capabilities at the teller window (a bit vague and very contrived, I
know, but the details and usefulness aren't important to the storyline).

I arrive, for whatever reason you'd like, to conduct a network security
audit of the branch. I pull out my shiny new Nexus One, and tap the Zenmap
icon. I then tap the 'target' combo box and up pops a list of all of the
wifi access points and devices within range of my phone's antenna. I scroll
down and discover a listening Bluetooth device that I can identify as
Cartman's phone. Because I'm familiar with what's been happening within the
branch, I've positioned myself at the teller window and can also detect the
bank's available NFC device. At this point I can select any of the
discovered targets, or designate my own, and I can select an appropriate
profile from the corresponding drop-down and proceed to conduct my scans.

Assertions, assumptions, and questions:
As far as I know, Nmap does not have any wifi, Bluetooth, or NFC detection
capabilities - please correct me if I'm mistaken. I know there are a number
of other tools that perform these functions quite well, but after two years
of working with a 7" netbook screen and a few weeks with an Android device
I've become a big proponent of all-in-one gui solutions rather than trying
to switch between applications. Just to confirm, I'm assuming that this type
of device detection is frequently done when one is also doing Nmap scans?
More importantly, would it fall within the scope of the Nmap/Zenmap project?

The next obvious step would be to implement scans for these protocols, and
again the primary question is whether or not it would fall inline with
Nmap's goals. Rather than create the discovery and scanning code from
scratch, would a better implementation alternative be to create Zenmap
plug-ins? (A Kismet plug-in for Zenmap, for example.)

Thanks, in advance, for any feeedback - I'm looking forward to learning just
how far off my fantasy world is from reality!

luke

On Sun, Mar 28, 2010 at 3:43 PM, David Fifield <david () bamsoftware com>wrote:


On Fri, Mar 26, 2010 at 11:21:53PM -0600, luke jeter wrote:

My thought is that if a second layout (or two or three) will be done to
improve how things are displayed on such a relatively small screen, why

not

spend the same amount of time creating a new gui using the tools provided

by

the Android SDK. There are probably other features that would be nice to
have on a handheld device that I don't think already exist in Zenmap,

such

as a list of reachable wireless networks, which could also be written

into

an Android-specific interface.


Thanks for the notes on Android. If there are useful features that
Zenmap is missing, there's no reason to add them only to a new mobile
interface. Desktop users should get them too. And going the other way,
if Zenmap's interface poses problems for small screens, it's better to
redesign the interface and get rid of excess crud on the desktop too,
not just in a mobile interface that's going to require separate
maintenance.

There's nothing sacred about the Zenmap interface. It's already changed
a lot. I'd love to see a proposal that shows how we can get rid of the
left Hosts/Services column--not an effective use of space in my
opinion--and present that information in line with the other scan
results, while retaining the ability to select a single host or service.
I may be mistaken, but I think the Filter Hosts function can do
everything the left sidebar can do, just not in as discoverable a
fashion.

David Fifield


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: