mailing list archives
From: MadHat <madhat () unspecific com>
Date: Thu, 16 Jun 2005 14:03:47 -0500
On Jun 16, 2005, at 1:17 PM, Andreas Ericsson wrote:
On Jun 16, 2005, at 6:06 AM, Andreas Ericsson wrote:
A Windows version of this sort of tool is *mandatory* since it is
used as a backdoor/tunnel on a vulnerable machine. And what OS is
vulnerable than any other ? Hence this mandatory requirement :-)
Bah! The kids that needs a netcat-like program to backdoor a system
aren't really worthy of owning it in the first place. Spending
coding time so that juvenile idiots (the kind that have a hard time
grasping the meaning of the switch() statement) have a means of
doing something non-constructive and possibly illegal is not my
idea of fun.
That is like saying I won't make a hammer because it might be used to
bash someone's head in.
More like sitting in a wheelchair and building surfboards for no-
I don't understand. But what ever...
Yes, there are other implementations os netcat out there. I think
Fyodor's idea is to possibly expand nmap to be a set of tools,
instead of just one tool. So instead of installed 3 or 4 packages to
do all your scanning and testing, you install one. Maybe similar
interfaces (CLI options) and all the same quality.
Oh, so it'd be like inventing the wheel when you've already started on
rocket science then? I'd just love to see nping, ncat, nawk, ngrep (oh
wait, that last one exists), nperl, nls (another acronym for that, I
suppose), ncut, nvim, ndate, ndd, nsed and a dozen other tools. Never
mind that it wouldn't be logical to use either one of them. Since
be done, it should be done.
Anyway, these are specific 2 tools being discussed that are commonly
used (often in conjunction with nmap) when doing network
reconnoissance. I didn't think it was that big of a deal. Maybe
netcat is not a good idea because there is a version that is well
maintained and well designed. Maybe it can be done better? I'm not
sure, I have not looked at socat yet. I still use the original one
because it does what I need. hping is not well maintained and the UI
is kind of kludgy. I can see where taking the ideas of hping (and
maybe netcat) and reworking it from the ground up with a new
interface and new ideas could work out well for performance and
I don't see it as reinventing the wheel, but improving upon it.
Something worth while would be write a testing engine for
vulnerabilities to serially try various exploits on a wide range of
hosts. The exploits could be distributed in much the same way as
fingerprint file is today. That would be nmap'ish as well, since it
would definitely be usefule for the whitehats while being close to
invaluable for those nocturnal fellas out there as well.
So put together specs and propose it.
Remember this is also for the Summer of Code. This may not bee added,
may not be maintained after the end of the summer and may not even be
finished. I think it sounds interesting none the less.
True. Student projects tend to lean somewhat toward intellectual
masturbation. Let's just hope they don't get carried away with
I think the projects are being directed by the groups they are
working for and not working free of any supervision, but I am not sure.
MadHat (at) Unspecific.com, C²ISSP
E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
Sent through the nmap-dev mailing list
Re: What would we want in a new Netcat/Hping? Chuck (Jun 15)
Re: What would we want in a new Netcat/Hping? Martin Mačok (Jun 16)
Re: Socat Martin Mačok (Jun 17)
- Re: What would we want in a new Netcat/Hping?, (continued)