TODO File for NetRecon ----------------------- - Add an option to resolve IP addresses to DNS and/or hostnames We don't want to do this by default unless the target-spec is a name because of the possible overhead - In active scans add an intelligent port guess for ping and the initial scan of a host (up/down) instead of port 1. This will help get around firewalls and network problems. Note it should be done prior to port looping so some ports may be repeated. This would be good for 1.79 - In all scan functions add a fuzzy guess OS by port function. This means the active scans will need to keep data about ports somewhere for processing after a scan run. This would be good for 1.79 - Targeted scanners might be a good idea to get around some of the wait times that the generic active scanner imparts. Webscanners would be the first most obvious type. As an alternative a perl or python wrapper that simply calls out 'netrecon scan port N' might make more sense. This would be good for 1.80 - A dual mode passive/connect scan would be good to super validate if a system actually has a port open. In this sense we wait for for port to be identified as a possible real service then try a tcpconnect on it. Should be able to evade IDS better than connect scan but not as good as a full on passive. This would be good for 1.80 - The tcpdumper could probably use a few more features. Have to be very careful here to avoid bloat. - There exist many places where there is still code duplication, naming conventions could be better to help explain where they are used and why (similar to the pcap_FOO convention) and likely some procedures could be improved. - Prudently investigate tools like dnet and nmap to see if there is anything they do that might be of interest to netrecon. See above warning about bloat. - It has been reqwuested that passive (and probably active and the future dual mode) have an easily parsable format for tools like sql-loader. Look into this or write wrappers to fix up the output. Perl and/or sed/awk would be ideal for these. - When doing active scans, have the default to be to print nothing if a host cannot be seen and some other option (VV?) to print possible reasons why a host is not showing up.