TODO: * We may also need to increase the maximum number of half-open connections in Windows: see http://half-open.com/home_en.htm - We could do this by asking the user during Ncrack setup if he wants to update the system's imposed limit - if he doesn't want to accept the change, then he will possibly suffer a performance degradation. * Refine core engine. * Await reply from Microsoft for Windows Firewall RFC deviation: http://seclists.org/nmap-dev/2009/q2/0774.html http://seclists.org/nmap-dev/2009/q2/0780.html https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=470990 * Test more thoroughly the windows version of ncrack. * Handle the case where ftp tells us that it accepts anonymous login only so that we don't waste time cracking it. * Test buffering cases for all modules, when for example we need to search for certain patterns but the pattern is split in 2 separate packets due to a small window. * If a connection times out continuously for 1 service and the rest of the services need to poll for new events through nsock_loop, the fact that ncrack_connection_end calls ncrack_probes again won't let that happen So for many errors of 1 connection perhaps just toss service into a special list so that we can move on for the time being. * Implement Service timeout, where the user imposes a certain timeout after which the service is marked as finished regardless of the progress so far. * Complete output engine. * Refine interactive Status Report. * Complete dynamic timing engine * Code ssh module * Possibly adapt Nmap license headers to Ncrack specifically. * For future reference on modules like http: consider saving state information like the http parsing that needs to be done only 1 time per host inside the service, so that future connections can refer to that instead of having to redo that work. That will add probably add to the speed. * For -vv verbose mode, possibly save the banner for each service and show it at the end. Also we can show a sample session, showing the special patterns used in the authentication steps. These may also prove useful for user submissions of new exotic patterns for modules, like telnet, that need them. ============================== DONE ========================================== * Test telnet module, thoroughly * Port Ncrack to Windows * Complete ncrack callback handlers documentation. * Appended Nmap license headers to each ncrack file. * Handle case when connection limit is more than the total passwords/usernames in list * Implement on-the-fly 'Status Report' within interactive Ncrack output. * Code output.cc and -oN option. * Implement interactive Ncrack output. * Implement queueing mechanism for ServiceGroup lists. * Studied SSH RFCs.