About
-----

This is a README for the nmap-exp/d33tah directory. The directory contains
branches started by Jacek "d33tah" Wielemborek and the goal of this document
is to document all the branches ever started here, with their current status
and contents.

I created this file to make a bit of "table of contents" for my branches and
document the most important things about them:

1. Goal of the branch
2. Origin of the branch (for diff-ing purposes)
3. The status of the branch
4. (optional) any features you might find useful that got dropped

This may also serve as a tombstone for the code I wrote, but didn't fit into
the original projects for various reasons ;)

Current branches
----------------

nmap-nsock-ultrascan
====================

*Goal*: instead of rewriting the scan engine from scratch as in
nmap-nsock-scan, the goal is to replace select() with nsock_loop() and make
and interpret connections using ncat_connect_tcp.

*Origin*: forked off the trunk in r34759.

*Status*: in development. As of r34776, most functionality seems to work, but
a congestion control bug makes Nmap speed up so much that we're getting false
negatives, so it's not yet usable.
See here: http://seclists.org/nmap-dev/2015/q3/92

nmap-docker-builds
==================

*Goal*: automate testing of Nmap build process on various distributions using
Docker.

*Origin*: this is not a fork of trunk.

*Status*: in development.

nmap-nseportscan
================

*Goal*: experiment with Henri's idea of NSE port scanning.

*Origin*: forked off the trunk in r32915.

*Status*: wrote a few patches, stopped development after realising how
many problems are related to this (rewriting congestion control, determining
whether script needs root, rewriting the API to support groups etc). pasca1
did some more experiments on this branch combined with SOCKS extensions.

nmap-portscan-tests
===================

*Goal*: create a simple environment for testing Nmap's port scanning engine.

*Origin*: this is not a fork of trunk.

*Status*: usable. Contains scripts that can be used for graphing congestion
control and triggering various CC conditions on VMs. The VM generation code
makes no sense though.

nmap-nsock-scan
===============

*Goal*: create the first prototype of Nmap's scanning engine that uses Nsock
library instead of POSIX connect(). See here:
http://seclists.org/nmap-dev/2014/q2/10

*Origin*: forked off the trunk in r32620.

*Status*: bugged. Congestion control doesn't work properly (speeds up too
much) and if you add proxy support, you will see a segmentation fault, which
is most likely related to a stack overflow caused by wrong architecture of
the code.

ncat-test-py
============

*Goal*: rewrite ncat-test.pl to Python, adding a way to run the tests in
parallel

*Origin*: forked off the trunk in r32584.

*Status*: waiting for some feedback on the mailing list. See here:
http://seclists.org/nmap-dev/2014/q1/1

ncat-colors
===========

*Goal*: add the --color feature that would color the Ncat network input.

*Origin*: forked off the trunk in r32355.

*Status*: stalled, cannot remember why (Windows support?). Related thread:
http://seclists.org/nmap-dev/2013/q3/593

luaexec-lookup
==============

*Goal*: Add support for the installation of --lua-exec scripts from source tree
into the OS directories and searching for scripts in the installation
directory, in addition to the current working directory.

*Origin*: forked off the trunk in r32293.

*Status*: I can't remember anymore, but could need some testing and review.
Dropped because of the end of GSoC and the general lack of interest.

ncat-sa-take2
=============

*Goal*: Get connect-mode and listen-mode recv() and send() working well.
ncat-lua-callbacks turned out to grow way too big to be merged and we need a
smaller branch (or branches) that provide less functionality, but more stable.

*Origin*: forked off the trunk in r32180.

*Status*: Related GSoC ended before the project completion - this is big
enough for a separate GSoC.

ncat-lua-callbacks
==================

*Goal*: explore the Lua callbacks mechanism. The current goal is to introduce
read/write callbacks, perhaps accept/connect as well later on. Due to the
Ncat's architecture, I'll limit myself to TCP/SCTP listen mode, optionally with
SSL.

*Origin*: forked off the trunk in r31778.

*Status*: Not merged in because of its size. Continued in ncat-sa-take2

Deleted branches
----------------

ncat-lua-select
===============

*Goal*: add io.select that works on io.ncatin and io.stdin both on POSIX and
Windows systems. Planned for merging.

*Origin*: forked off ncat-env-ncatins in 31697.

*Status*: removed in r32287 - the --lua-exec ncatins extensions got rejected in
favor of upcoming socket abstractions feature. One commit got merged in though,
namely r31702 in r31710 (fselect Windows bug).

ncat-env-ncatins
================

*Goal*: add two new environment variables to the --*-exec child processes:
NCAT_INPUT_FD and NCAT_OUTPUT_FD, which will allow scripts to interact with
Ncat's standard input and output while the script's stdin/stdout will still
interact with the connection. Also, expose a Lua interface to make use of these
two streams. Planned for merging.

*Origin*: forked off the trunk in 31520.

*Status*: removed in r32287 - the --lua-exec ncatins extensions got rejected in
favor of upcoming socket abstractions feature.

lua-exec-examples
=================

*Goal*: do some experimenting on --lua-exec features. Originally started
because I came up with an idea of a Lua HTTP server, but wasn't sure it belongs
to the trunk.

*Origin*: forked off the trunk in r31450

*Status*: in development. One commit from it, namely r31481, got already merged
into the trunk in r31497 (binary stdout fix for Windows).

### httpd.lua directory listing ###

There's one feature you might be interested in that got removed
in the development process because it was too fragile. It's httpd.lua's
directory listing code that got reverted in r31505. This worked by spawning
"ls" command (also worked on Windows: it was "cmd /C dir" there) with a proper
argument and parsing its output. It could also detect if we typed in a
directory into the URI without the trailing slash, using a dirty
platform-specific hacks for Windows and Linux (Linux - 'directory/' will open
with fopen, but file won't, Windows - we get "permission denied" when we
attempt to open a directory). Note though that this got rejected for a reason;
it's fragile and insecure, written for fun mostly.

### DNS server ###

This branch also featured a tiny DNS server. It got rejected because of
maintenance concerns - it definitely needed much more work to become usable.
It could handle basic DNS type A requests, replying according to a hardcoded
table of records. It couldn't do recursive requests. Related discussion can
be found here:

http://seclists.org/nmap-dev/2013/q3/182

ncat-lua-with
=============

*Goal*: add --with command-line switch. "ncat -l --with rot13" basically meant
"ncat --lua-extensions --lua-exec scripts/rot13.lua". I also added the concept
of script stacking here, along with argument passing, like:
`ncat --with rot13,shift=3 -l`

*Origin*: forked off ncat-lua-script in r31318

*Status*: removed in r32287 - the --lua-exec ncatins extensions got rejected in
favor of upcoming socket abstractions feature.

ncat-lua-script
===============

*Goal*: introduce --lua-extensions switch, that added io.ncatin variable
and the general concept of ncatins. It also served as a testbed for other
features (namely, io.eof and getenv() Lua stuff) until r31245, when the
goal of branch became more strictly defined.

*Origin*: forked off ncat-lua branch in r31181.

*Status*: removed in r32287 - the --lua-exec ncatins extensions got rejected in
favor of upcoming socket abstractions feature.

***NOTES:***: prior to r31285, this branch had a potentially intersting
feature: something like --keep-open for UDP. It requires pthread, though and
is not exactly secure (one client spoofing multiple UDP source addreses could
successfully run DOS attack on the service).

ncat-env-conninfo
=================

*Goal*: introduce some basic environment variables for --sh-exec, --exec and
--lua-exec variables - at the moment this includes info about source and target
addresses and port numbers, along with the protocol name. Planned for merging.

*Origin*: forked off the trunk in r31368.

*Status*: merged into the trunk in r31517.

keepopen-bug
============

*Goal*: this is a branch I created to solve a problem with with
--lua-extensions STDIN propagation to all ncatins while using -l -k switches.
I also added a testing program for Python.

*Origin*: introduced in r31251 as a current fork of ncat-lua-script.

*Status*: merged back into ncat-lua-script in r31285.

ncat-lua-inlines
================

*Goal*: do some experimenting with inline Lua code inside of the C routines.
Originally not meant for merging, so I wasn't really careful about quality of
code.

*Origin*: created in r31008 as a copy of trunk at that moment.

*Status*: removed in r31250 as a failed experiment. The code has segfaults all
over the place and introduces no usable stuff (demos show rot13/base64
encoding/decoding done transparently, with memory leaks).

ncat-lua
========

*Goal*: This was the first of the series of branches related to Google
Summer of Code 2013 project "Bringing Lua to Ncat". This branch was meant for
the --lua-exec feature, which basically worked as --sh-exec "lua $@".

*Origin*: The branch was created in r30922 from trunk.

*Status*: merged in r31211, deleted from this directory in r31247.