Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GSoC idea for ambitious students: making Nmap port-scan behind proxies!

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 4 Mar 2016 13:36:44 -0600
Jacek,

Thanks for the reminder on this important work. It can sometimes be hard to
sell a change to a system that already works well, but I see several
important improvements that Nsock+ultra_scan could bring:

1. Proxy support. As you mentioned, Nsock already handles proxy chains, so
this would be a final piece to allow a complete run of Nmap through a proxy.

2. Unprivileged UDP scanning. Nmap has relied on raw sockets for crafting
UDP scan packets for a long time, but this means that unprivileged users
cannot use -sU. Nsock's API could allow us to add a connect-based UDP scan
mode without a lot of new code.

3. Dynamic timing adjustments for -sV and NSE. One of ultra_scan's
advantages is its advanced congestion avoidance and timing algorithms,
mostly copied from TCP. Your efforts to adapt these systems to the signals
and return codes of Nsock will provide a basis for introducing these
algorithms to other Nsock-based scan engines. Version scan is currently
capped at 40 outstanding probes at -T5 (20 at -T3) with no ability to
adjust up or down.


Dan

On Wed, Mar 2, 2016 at 9:28 AM, Jacek Wielemborek <d33tah () gmail com> wrote:


Hi,

Jacek "d33tah" Wielemborek here - last year I mentored an Nmap GSoC
project related to enhancing Nmap proxy capabilities. My little dream is
to have a reliable way to port scan services using Nmap and thought I'd
reach out to potential GSoC students in hope that one of you could help
us get there :)

Last year I posted a call for testing [1] related to my small patch [2]
that basically replaced all connect() calls with their counterparts that
use Nsock. This - at least in theory - should make it easy to use Nmap's
port scanning engine with proxies since Nsock abstracts away the heavy
lifting associated to making proxy connections.

Unfortunately, even though the patch is just "243 additions and 206
deletions", somehow a bug crept in. To be honest I'm not yet sure what
actually happened - a good starting point would be a David's post about
the false negatives the patch generates [3].

I'd be grateful for getting us closer to have this functionality working
- any new clues are definitely welcome. On my end, I'd be more than
happy to answer any questions on how parts of ultra_scan.cc work
together - given that I once spent entire summer trying to rewrite the
port scanning engine, I believe that I can provide some information.

Cheers,
d33tah

[1] http://seclists.org/nmap-dev/2015/q3/13
[2] https://github.com/d33tah/nmap/commit/306e2c65ab04?diff=split
[3] http://seclists.org/nmap-dev/2015/q3/92



_______________________________________________
Sent through the SOC mailing list
https://nmap.org/mailman/listinfo/soc



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: