Nmap Development mailing list archives
Ncat: Past, Present and Future
From: Kris Katterjohn <katterjohn () gmail com>
Date: Mon, 08 Sep 2008 16:24:00 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, Although it hasn't been talked about on the list for a while, Ncat is still improving and evolving. I've attached a copy of the more-noteworthy changes made so far, since trying to copy them all in here would not have been pretty. And keep in mind that these are just the changes which have ChangeLog entries: to see a full list of the changes made (and there are a lot!) you need to look at the SVN log. I was at Fyodor's DEFCON presentation where he mentioned Ncat, and the audience seemed pretty excited about it. One of the people who came up to me after the Q&A suggested the functionality of the -C/--crlf option that is now available. It was all quite cool :) So now that Nmap 4.75 is out and about, it's time to begin considering merging Ncat in for distribution (but see below on some current problems). This will be through an svn:external like Zenmap, so it will be checked out automatically with /nmap , and Ncat will then be packaged along with Nmap in the Windows installer, OS X installer (thanks to David), RPM and source tarball. I've already created a branch for working on the integration process, and it seems that all is well in the build/install systems (if you happen upon this branch, keep in mind that the /ncat in there is *not* up-to-date as it's not an external, but rather an older copy). Ncat still has its share of problems, however. It is not fully functional on Windows yet (due to many issues..), and an EOF from stdin in client-mode is not handled correctly because I don't currently see a way to handle it through Nsock at the moment. An efficiency problem was also posted before which I haven't deeply looked into yet. So if you can check-out[1] Ncat[2] again, test it out and let me know how it goes, that would be awesome. And if you have any comments on the integration of Ncat into the Nmap distribution, feel free to mention them. Thanks, Kris Katterjohn [1] http://nmap.org/book/install.html#inst-svn [2] svn://svn.insecure.org/ncat -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSMWX7v9K37xXYl36AQIOdBAAk931JwMkiKMoVd+bYcBwGF9yK/KHHWnQ 034ceR0kJ2Xm3+sc2GiRDftr3JAMS6iSQCHtMXoC8lHGzvpxdEGHo48Fr8N+ljic CSEaycSzb5zehiE/MWi5pPb+617XlSS/sdMMz5Z1dYzYqVzBuhViWZCrRQXNcJXY FfTa2kNW01UFPG6QVuC2wptvN40hdselF5nyd0QxIv147pti6b4ysqKHhEOnF+p5 oCimxRcNzO5IpZwJMM8+hu5vzhCdT6Pci7Tvtr21lAPR4kexhM7b3+1+AuRBFK+v wZ0smucJQR8xoaI/YAGHbE1SD6i5K6N0afNeSYLXECFEn7BWwlYno3EftjQKHHxu Z0xoIzyxVkeApgiY54ZflJBsQ+mL2RbFBBNvyzVbho5hKCrt/i8oIoGmj0XPEBXB m3o5Y9xhDH25aIX38VFA3Iqmq99OPfvH/0Y6R3PH0CEQL1/sbOxwh/Td9Kxnvhdy 0B4WE5BZTeVC4vyEcaFwj/cSBbJ/02f9eRHk3kYDKu5yj0uoWt8CgtkO+nLkk29W H40fDtvcEQwYoZVo0XfPRX3esH0zCoxdWdae0GTGhA4kr84sOuV2EXJCBQ5nukLM SRvN7x5VapLhmqUG2jodok5xzv4JotKDVZzf487aBVaPtnRAS3GBAnxEzzRzeaG+ RWBs4MtiYjQ= =jcjh -----END PGP SIGNATURE-----
o Began porting to Windows on Visual C++ Express 2008. Compilation succeeds, but obstacles like the lack of a fork() call and not being able to select() on non-sockets haven't yet fully been overcome. [Kris Katterjohn, Mixter] o Added IPv6 listen support (including --broker). Host access control is not yet supported. [Kris] o Added SSL listen support (including --broker) [Kris] o Fixed SSL and IPv6 connect issues [Mixter] o Added IPv4 host access control to UDP listener and --broker [Kris] o Changed -l to behave like OpenBSD Netcat. Instead of -l specifying the local port number and -s specifying the local address to listen on, -l is a non-option flag and you specify the local address/port like you do a host to connect to in client-mode. [Kris] o Client-mode Ncat now exits upon receipt of EOF from the network side [Kris] o Client-mode Ncat now reads from the network (still via the Nsock library) in a byte-based manner rather than line-based. While being an improvement in its own right, this is especially helpful for the new Telnet negotiation option. [Kris] o Increased the default network data buffer sizes (reading and writing) from a measly 256 bytes to a more respectable 8K for TCP and 128K for UDP. UDP's is this large because a read returns an entire datagram, or discards what's left if there is no room. [Kris] o Added --http-server, which creates a simple forking HTTP proxy server on the listening port (only supports CONNECT). [Kris] o Redesigned --socks4-proxy to take the proxy server as the argument and take the ultimate target host like usual rather than the previously unintuitive specification. This option also now takes the username from --proxy-auth rather than the previous user@host:port syntax. [Kris] o Redesigned --http-proxy to take the proxy server as the argument just like the new --socks4-proxy behavior. Also, the HTTP CONNECT request now uses CRLF for the line-endings instead of just LF. [Kris] o Removed --socks4-server as it was broken, obviously didn't have any support for SOCKS5, and we now have --http-server for a similar purpose. [Kris] o Fixed --proxy-auth which always caused a segmentation fault [Kris] o Moved -t (--idle-timeout) to -i [Kris] o Added -t/--telnet to handle DO/DONT WILL/WONT Telnet negotiations [Kris] o Added -C/--crlf to try to use CRLF for line-endings. This comes in handy when talking to some stringent servers directly from a terminal in one of the many common plain-text protocols which specify CRLF as the required EOL sequence. [Kris] o Added -w/--wait for specifying a connect timeout [Kris] o Added -g and -G for IPv4 loose source routing [Kris] o Added -p to specify a local port to bind to in client-mode [Kris] o Added -n/--nodns to not resolve any hostnames [Mixter] o Added -c/--sh-exec, which is like -e but executes via /bin/sh [Kris] o Made -s actually work in client-mode [Kris] o Changed --recvonly and --sendonly to --recv-only and --send-only [Kris] o Options taking a time (-d, -i, -w) are now more flexible: you can append an "s" for seconds, "m" for minutes or "h" for hours (e.g. 30s) [Kris] o Fixed a bug which could cause Nsock tracing (use of -v one or more times) to print very inaccurate times [Kris] o Removed unused XOR code [Kris] o Added file dependency checking to the Makefile. So now, for instance, if a header file is modified, running make again will recompile all of the files which depend on it. [Kris] o Improved the build system by removing the automake requirement ([Mixter]) and removing unused portions of configure.ac and Makefile.in ([Kris]). Other various build/configure improvements were made as well. o Lots of documentation rewrites/updates, including separating the man page into sections such as "Proxy Options", "Client-Mode Options", etc. [Kris] o Lots of code cleaning up [Kris]
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncat: Past, Present and Future Kris Katterjohn (Sep 08)