Nmap Development mailing list archives
CYBERSTAT
From: McLean CIV Timothy D <timothy.d.mclean () usmc mil>
Date: Thu, 1 Mar 2018 18:29:43 +0000
Hello, I am trying to apply Scientific Test and Analysis Techniques (STAT) to penetration testing. I call it CYBERSTAT. Has anyone generated, listed, and tested ALL of the possible ways of using nmap against a target? If so, did these combined tests find more services or open ports compared to the ways most people use nmap? My premise is that "normal" or "unsophisticated" ways of using nmap are finding less open ports and services because defenders are getting better at securing their systems. I want to exercise every nmap capability by using all possible combinations of the software switches that nmap has in order to find the services and ports that are still available to discover, but not "hidden" by defenders because they didn't know nmap "could do that...". By using Combinatorial Testing techniques, a factor covering array (FCA) can be generated that covers more than standard pairwise testing combinations used in software testing. Efficiency of FCA's allow 3-way, 4-way, and 5-way combinations that more thoroughly cover the uses of the software compared to random uses of the same software in fewer test cases. Bombarding a target and being noisy is not a factor for me since we test against VM's of the tactical system and I don't care if I am detected or if I break the VM. The hardest part about generating the combinations is figuring out the constraints of the configurations....which software switches should not be used in a combination with another switches. I can generate the test combinations no problem, but I need nmap experts to help ensure combinations are not generated that do not make sense. Just wondering if this idea has merit and if anyone has tried this before. Thanks for your time. Timothy D McLean Test Engineering Branch MCTSSA PO Box 555171 Camp Pendleton, CA 92055-5171 760-725-0280 (W) 760-717-3068 (C) timothy.d.mclean () usmc mil "The significant problems that we have cannot be solved at the same level of thinking with which we created them." - Albert Einstein CYBERSTAT success is defined as moving from failure to failure with no loss of enthusiasm. Attitude: It is a little thing that makes a big difference...
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- CYBERSTAT McLean CIV Timothy D (Mar 01)