Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Ideas for nmap development
From: Manik Jindal <manikjindal () gmail com>
Date: Thu, 7 Apr 2011 12:13:03 +0530

I thought just to initiate these project and also I was not aware of these
existing projects.

On Thu, Apr 7, 2011 at 12:11 AM, David Fifield <david () bamsoftware com>wrote:

On Sun, Apr 03, 2011 at 11:51:18PM +0530, Manik Jindal wrote:
I am a student of IITH pursuing B.Tech (2nd yr., CSE).
I got the following ideas:

1. *Detect vulnerabilities and attack*
   nmap can detect applications along with their versions, binded with
ports.
   If it also tells about the possible attacks, it will be a more better
tool.
   Attacking option can also be embeded, which requires only a script for
each attck.

   *How to implement*
**

   1. Query CVE database with application name and version, which tells
   almost all the possible vulnerabilities.
   2. List all of them.
   3. Ask for an attack.
   4. Choose script(if already present in nmap-attack database, may
   available on nmap server or local machine) or asks for script file.
   5. Attack, by running script.

Hello, thanks for writing. If you haven't seen them yet, please see
       http://www.google-melange.com/gsoc/org/google/gsoc2011/nmap
       http://nmap.org/soc/
       http://nmap.org/soc/GeneralRequirements.html
       http://nmap.org/soc/apply.html

Have you looked at Marc Ruef's vulscan script? It matches service
versions against a vulnerability database. What would you do
differently? How will you overcome the challen

http://seclists.org/nmap-dev/2010/q2/527
http://seclists.org/nmap-dev/2010/q2/752
http://www.scip.ch/?labs.20100603

2. *nmap for Mobile platforms*

   In todays life mobiles have a special character. It will be better to
have nmap for mobiles.
   It will give portability to nmap users.

   Users can scan networks during travelling, and even at those places
where
laptops are not handy to use. And it will be useful at public places
where
obviously an hacker do not want to show results to any one.

   Its better to develop nmap for Android platform, coz of market
statistics.

Have you seen the Android build put together by Vlatko Kosturjak? What
would you add to this?

http://seclists.org/nmap-dev/2011/q1/546

David Fifield




-- 
Manik Jindal
CSE 2nd Year,
IIT Hyderabad
India.
+91 94933 29820
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]