This README file should be found in svn.nmap.org/nmap-exp/pasca1/

This directory will contain branches and other related files created by
Andrew Farabee (pasca1 on freenode).

###BRANCH DESCRIPTIONS#########################################################
nmap-ncat-proxychains:  This branch adds proxy chaining support to ncat by using
                        nsock's proxychains and the option --proxies.

                        When using `ncat --proxies "" [target]`, we ran into
                        a segfault caused by nsock assuming the specification
                        string is valid if the pointer is non-NULL. For now this
                        is handled by a bit of code in ncat_main.c that checks
                        that the specification is there.

nmap-nsock-proxyauth:   This branch adds proxy authentication to socks4 and http
                        proxies in nsock.  Http digest authentication needs many
                        of the functions defined in ncat, but in order to keep
                        the two programs seperate a new static library must be
                        used.  This will be a bit of work since all the existing
                        http digest code in ncat is dependent on ncat defined
                        functions that are not implemented in nmap.


nmap-nsock-socks4a:     This branch adds socks4a support to nsock's proxychains.
                        It currently uses a bit of a cheat to grab the targetname
                        for connection requests, this should be improved by
                        redefining the socket structure to allow for either
                        hostnames or IP addresses.  Because there is no reliable
                        way to get the name of the next node in the proxychain
                        at the moment, socks4a can only be used to tunnel to the
                        target.

nmap-nsock-socks5:      This branch adds socks5 support to nsock's proxychains.
                        As with the socks4a branch, a new socket structure should
                        be defined which can specify hostnames or IP addresses.
                        Socks5 should support either host specification type.

nmap-ncat-socks4a:      A combination of the branches above.  This also
                        includes overlap such as socks4a proxy authentication.
                        This branch's goal is to completely refactor ncat's
                        --proxy options to nsock's proxychains and add socks4a
                        support to ncat.  Socks5 authentication is currently
                        missing.  The branch currently doesn't compile due
                        to issues with the in progress libhttp that will be
                        used for http digest authentication by nsock and ncat.

temporary-nsock-http-digest:A copy of nmap-ncat-socks4a that handles nsock http
                        digest proxy authentication from nsock/src/proxy_http.c
                        instead of a seperate library.

nmap-nseportscan-socks4a:This branch is a proof of concept for port scanning
                        through socks4 or socks4a proxies (including tor). It
                        uses d33tah's nmap-nseportscan branch as well as a
                        connectscan script for marking ports as open or closed
                        (closed should be treated as closed|filtered since
                        it currently can't determine if the proxy timedout the
                        tunnel attempt).  There is also a bug when using tor
                        that results in port 25 (smtp) being marked as open
                        when it is closed on the target machine, which may be
                        caused by malicious exit nodes.
                        The full description can be read here:
                        http://seclists.org/nmap-dev/2015/q2/317

nmap-nse-socks4a:       The initial nmap socks4a proof of concept. It used the
                        script http-title-hostrule.nse (along with -Pn) to
                        try to grab the http title from a webpage (without
                        first checking if the webpage existed).

issue-147/:             This folder contains 4 NSE vulnerability testing scripts
                        that have been ported to the vulns library.
                        (see https://github.com/nmap/nmap/issues/147)

###MERGING DEPENDENCIES#######################################################
When these branches are prepared for merging, these are the issues that will
have to be considered.

nmap-nsock-proxyauth:   This should be able to be merged on its own, since
                        adding proxy-authentication support to nsock can be
                        self contained.  If nmap-nsock-socks4a is merged
                        then authentication code for these protocols can
                        be found in the branch nmap-ncat-socks4a.
                        TODO: libhttp for http digest authentication.

nmap-nsock-socks5:      This should be able to be merged on its own (see above
                        for considerations regarding proxy authentication).
                        TODO: Socks5 authentication, hostname connections.

nmap-nsock-socks4a:     This should also be able to be merged on its own (see
                        above for considerations regarding proxy authentication)
                        TODO: Hostname connections.

nmap-ncat-proxychains:  If this is merged without any other branches, ncat
                        will not be able to perform proxy-authentication and
                        socks5 will no long be supported. To solve this,
                        nmap-nsock-socks5 and nmap-nsock-proxyauth should be
                        merged along with it.