Nmap Development mailing list archives
Re: GSoC idea for ambitious students: making Nmap port-scan behind proxies!
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 4 Mar 2016 13:36:44 -0600
Jacek, Thanks for the reminder on this important work. It can sometimes be hard to sell a change to a system that already works well, but I see several important improvements that Nsock+ultra_scan could bring: 1. Proxy support. As you mentioned, Nsock already handles proxy chains, so this would be a final piece to allow a complete run of Nmap through a proxy. 2. Unprivileged UDP scanning. Nmap has relied on raw sockets for crafting UDP scan packets for a long time, but this means that unprivileged users cannot use -sU. Nsock's API could allow us to add a connect-based UDP scan mode without a lot of new code. 3. Dynamic timing adjustments for -sV and NSE. One of ultra_scan's advantages is its advanced congestion avoidance and timing algorithms, mostly copied from TCP. Your efforts to adapt these systems to the signals and return codes of Nsock will provide a basis for introducing these algorithms to other Nsock-based scan engines. Version scan is currently capped at 40 outstanding probes at -T5 (20 at -T3) with no ability to adjust up or down. Dan On Wed, Mar 2, 2016 at 9:28 AM, Jacek Wielemborek <d33tah () gmail com> wrote:
Hi, Jacek "d33tah" Wielemborek here - last year I mentored an Nmap GSoC project related to enhancing Nmap proxy capabilities. My little dream is to have a reliable way to port scan services using Nmap and thought I'd reach out to potential GSoC students in hope that one of you could help us get there :) Last year I posted a call for testing [1] related to my small patch [2] that basically replaced all connect() calls with their counterparts that use Nsock. This - at least in theory - should make it easy to use Nmap's port scanning engine with proxies since Nsock abstracts away the heavy lifting associated to making proxy connections. Unfortunately, even though the patch is just "243 additions and 206 deletions", somehow a bug crept in. To be honest I'm not yet sure what actually happened - a good starting point would be a David's post about the false negatives the patch generates [3]. I'd be grateful for getting us closer to have this functionality working - any new clues are definitely welcome. On my end, I'd be more than happy to answer any questions on how parts of ultra_scan.cc work together - given that I once spent entire summer trying to rewrite the port scanning engine, I believe that I can provide some information. Cheers, d33tah [1] http://seclists.org/nmap-dev/2015/q3/13 [2] https://github.com/d33tah/nmap/commit/306e2c65ab04?diff=split [3] http://seclists.org/nmap-dev/2015/q3/92 _______________________________________________ Sent through the SOC mailing list https://nmap.org/mailman/listinfo/soc
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSoC idea for ambitious students: making Nmap port-scan behind proxies! Jacek Wielemborek (Mar 02)
- Re: GSoC idea for ambitious students: making Nmap port-scan behind proxies! Daniel Miller (Mar 04)
- Re: GSoC idea for ambitious students: making Nmap port-scan behind proxies! David Fifield (Mar 18)