In progress: o Review Marek's ncat_proxy.patch o E-mail nmap-dev with QtCreator steps for Nmap o E-mail nmap-dev with GProfiles /ncrack Potentional: From todo/nmap.txt: o Investigate and document how easy it is to drop Ncat.exe by itself on other systems and have it work. We should also look into the dependencies of Nmap and Zenmap. It may be instructive to look at "Portable Firefox" (http://portableapps.com/apps/internet/firefox_portable) which is built using open source technology from portableapps.com, or look at "The Network Toolkit" by Cace (http://www.cacetech.com/products/network_toolkit.html). For Nmap and Nping, we may want to improve our Winpcap to load as a DLL without requiring installation. There is a separate TODO item for that. o Consider offering a way to link Winpcap DLLs so that they start the service as needed rather than requiring explicitly installing Winpcap and having it start upon system boot. CACE has offered such a thing for many years as WinPcap Pro (http://www.cacetech.com/products/winpcap_pro.html). If we change WinPcap in this way, we'd presumably want to also change the symbol names as is done in WinPcap Pro. And it would mean that we have to build our Winpcap binaries ourselves (including 64-bit). We might even have to sign our drivers for 64-bit Windows. o Create new default username list: http://seclists.org/nmap-dev/2010/q1/798 o Could be a SoC Ncrack task, though should prove useful for Nmap too o We probably want to support several lists. Like an admin/default list like "root", "admin", "administrator", "web", "user", "test", and also a general list which we obtain from spidering from emails, etc. o We should offer partial results when a host timeouts. I (Fyodor) have been against this in the past, but maybe the value is sufficient to be worth the maintenance headaches. Many users have asked for this. If we do implement this, we may want to only print results for the COMPLETED phases (e.g. host discovery, port scanning, version detection, traceroute, NSE, etc.) Trying to print partial results of a port scan or NSE or the like might be a pain. And if we print some results for a host which timeouts, we should give a very clear warning that the results for that host are incomplete. As an example, here is someone who hacked Nmap source code to achieve this: http://seclists.org/pen-test/2010/Mar/108. o Another benefit would be that it would allow us to clean up/regularize the host output code. Right now there are I think three places where a host's final output can be printed. If, instead, that code just looked at what information was available and printed that out only, we could potentially isolate it in just one place. o This also might let us provide a feature for skipping the rest of an Nmap phase which is going too slowly (I think that has its own Nmap TODO item).