Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Socat
From: Andreas Ericsson <ae () op5 se>
Date: Thu, 16 Jun 2005 20:17:54 +0200

MadHat wrote:
On Jun 16, 2005, at 6:06 AM, Andreas Ericsson wrote:

Max wrote:

A Windows version of this sort of tool is *mandatory* since it is  
often
used as a backdoor/tunnel on a vulnerable machine. And what OS is  
more
vulnerable than any other ? Hence this mandatory requirement :-)

Bah! The kids that needs a netcat-like program to backdoor a system
aren't really worthy of owning it in the first place. Spending quality
coding time so that juvenile idiots (the kind that have a hard time
grasping the meaning of the switch() statement) have a means of  
quickly
doing something non-constructive and possibly illegal is not my  
idea of fun.


That is like saying I won't make a hammer because it might be used to  
bash someone's head in.

More like sitting in a wheelchair and building surfboards for no-one in 
particular.

 It's just a tool.
Also, note the smiley at the end of his statement, usually used to  
denote a bit of fun or sometimes sarcasm.


I saw that as belonging to the "What os is more vulnerable...." part of it.

Yes, there are other implementations os netcat out there.  I think  
Fyodor's idea is to possibly expand nmap to be a set of tools,  
instead of just one tool.  So instead of installed 3 or 4 packages to  
do all your scanning and testing, you install one.  Maybe similar  
interfaces (CLI options) and all the same quality.


Oh, so it'd be like inventing the wheel when you've already started on 
rocket science then? I'd just love to see nping, ncat, nawk, ngrep (oh 
wait, that last one exists), nperl, nls (another acronym for that, I 
suppose), ncut, nvim, ndate, ndd, nsed and a dozen other tools. Never 
mind that it wouldn't be logical to use either one of them. Since it can 
be done, it should be done.

Something worth while would be write a testing engine for 
vulnerabilities to serially try various exploits on a wide range of 
hosts. The exploits could be distributed in much the same way as the OS 
fingerprint file is today. That would be nmap'ish as well, since it 
would definitely be usefule for the whitehats while being close to 
invaluable for those nocturnal fellas out there as well.

Remember this is also for the Summer of Code. This may not bee added,  
may not be maintained after the end of the summer and may not even be  
finished.  I think it sounds interesting none the less.


True. Student projects tend to lean somewhat toward intellectual 
masturbation. Let's just hope they don't get carried away with their own 
cleverness.



M () x



Martin Maèok wrote:



On Wed, Jun 15, 2005 at 12:36:32AM -0700, Fyodor wrote:



Netcat has been totally unmaintained for about a decade, and I  
think
Nmap users would benefit from a tool similar to hping2 that is more
oriented toward their needs.



I'm still happy with hping2 (ok, lets forget about the patches we  
had
to apply to it ;-) *except* its poor ICMP support (sing is better  
here).

Anyway, your proposal for Netcat enhancement almost exactly fits
Socat. Have you heard of it? Wonderful tool (and GPL) ...

http://www.dest-unreach.org/socat/

Martin Maèok
ICT Security Consultant




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Lead Developer


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev






_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Lead Developer


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]