Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

CYBERSTAT

From: McLean CIV Timothy D <timothy.d.mclean () usmc mil>
Date: Thu, 1 Mar 2018 18:29:43 +0000
Hello,

I am trying to apply Scientific Test and Analysis Techniques (STAT) to
penetration testing.  I call it CYBERSTAT.

Has anyone generated, listed, and tested ALL of the possible ways of using
nmap against a target?  If so, did these combined tests find more services
or open ports compared to the ways most people use nmap?  

My premise is that "normal" or "unsophisticated" ways of using nmap are
finding less open ports and services because defenders are getting better at
securing their systems.  I want to exercise every nmap capability by using
all possible combinations of the software switches that nmap has in order to
find the services and ports that are still available to discover,  but not
"hidden" by defenders because they didn't know nmap "could do that...".

By using Combinatorial Testing techniques, a factor covering array (FCA) can
be generated that covers more than standard pairwise testing combinations
used in software testing.  Efficiency of FCA's allow 3-way, 4-way, and 5-way
combinations that more thoroughly cover the uses of the software compared to
random uses of the same software in fewer test cases.

Bombarding a target and being noisy is not a factor for me since we test
against VM's of the tactical system and I don't care if I am detected or if
I break the VM.

The hardest part about generating the combinations is figuring out the
constraints of the configurations....which software switches should not be
used in a combination with another switches.   I can generate the test
combinations no problem, but I need nmap experts to help ensure combinations
are not generated that do not make sense.  

Just wondering if this idea has merit and if anyone has tried this before.

Thanks for your time.

Timothy D McLean
Test Engineering Branch 
MCTSSA
PO Box 555171
Camp Pendleton, CA 92055-5171
760-725-0280 (W)
760-717-3068 (C)
timothy.d.mclean () usmc mil

"The significant problems that we have cannot be solved
 at the same level of thinking with which we created them." 
- Albert Einstein

CYBERSTAT success is defined as moving from failure to failure with no loss
of enthusiasm.

Attitude:  It is a little thing that makes a big difference...

Attachment: smime.p7s
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: