Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

My GSoc project Idea

From: "Anirudh Sharma" <anirudhsharma.crypto () gmail com>
Date: Sat, 22 Mar 2008 18:25:57 +0530
Hello Nmap team,
Here is my proposal for a summer project that could be done for Nmap GSoc.

The idea actually comes from the fact that nowadays a lot users use Apple
Iphone/Windows Mobile phones with WiFi connectivity-- *this can potentially
be used as a vulnerability reporting tool. *
A lot of Wireless Admins leave their AccessPoints open to connections due to
lack of knowledge-and hence their networks remain vulnerable to attacks like
packet sniffing/bandwidth usage etc). This generally happens due to the
admins lack of concern for security..

A few months back i found a wireless AP of a leading Indian cellular network
near my apartment, my laptop could connect
to it automatically.
- access to the internet was wide open.
- packets could be easily sniffed using Cain and ettercap. Plaintext
passwords could be intercepted without much effort.
- other vulnerable ports could be discovered using nmap scans.

So my idea is- to create a nmap plugin for wireless devices (smartphones and
laptops),that would automatically scan the networks
in range using nmap ,discover vulnerabilities and respond to the admin with
the log files so that the vulnerabilities could be fixed.

In short-
1. the plugin/tool on the WiFi enabled device would start scanning the open
APs in range
2. the discovered vulnerabilities will be stored in a simple log file, that
would automatically be mailed(sent via some method) to the network admin,
also a copy of this could be sent to network security research organizations
(ofcourse the privacy would be an issue here)

Please let me know if this project is fit to be entertained as an
application for GSoc Nmap.
Also suggest some improvements that could be done so as to make the above
idea better ;-)


cheers,

-anirudh sharma

PS: Shall i discuss about the project ideas on nmap-dev () insecure com or
soc () insecure org mailing list.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: