-
Notifications
You must be signed in to change notification settings - Fork 333
/
TODO
53 lines (47 loc) · 2.73 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
WARNING: Also try `grep FIXME *.c'
HPING3 TODO.
HPING2 bugs will no longer be handled, the hping2 code inside hping3
is just a compatibility layer that will be dropped once the command
line interface will be reimplemented as an hping script itself.
DONE - split/rapd for IGRP (me)
DONE - add more flags and broadcast address to 'hping iflist'. (me)
DONE - ARS's apd and rapd support for IP and TCP options (me)
- TUN/TAP support -- virtual interface creation, with Tcl channels
- in 'hping recv' a timeout of zero or -1 should be specified using
keyword like 'dontblock' and 'forever', like a number of packets
equal to zero should be specified using the 'all' keyword.
- compression primitives 'hping zip', 'hping unzip'.
- recv should support -nobadsum and -notrunc to don't receive packets
containing layers with the bad checksum or truncated flags set.
- 'hping recvraw' should support a -split option to return the raw data
splitted in layers in a flat TCL list where elements are:
{layer0name binary0 layer1name binary1 ...}
- Ability to specify the outgoing interface regardless of the
destination IP address. (Should be impossible without datalink access)
- 'hping setif ?-promisc? ?-broadcast? ifname'
- 'hping build ?-nocompile? packet' APD->binary
- 'hping describe packet' binary->APD
- IPv6 support in ARS (some still-non-working patch received)
- The hping standard library. that's the real development area
to make the scripting capabilities useful. The library should
contain a reasonable number of functions to make it more handy,
and a number of standard exploits should be rewritten in hping
as examples. Also support for fragmentation, TCP reassembly,
and so on will be useful.
- A short way to invoke scripts in 'path' (/usr/local/lib/hping/*.htcl),
something like: "hping script.htcl". Hping may sense it's an .htlc
file and not a strange-locking domain name ;) and perform a lookup
in the standard library of scripts (~/.hping/*.htcl for example).
- Convert all the raw-socket stuff (used in output) to datalink.
- Implement a scanner, with random nmap and hping features, and also:
FIN scan follwed by a SYN scan, this can be useful
since many admins limit the incoming SYN packets, so the
SYN or connect() scan is too slow, while the FIN scan
show filtered ports as open. We can do a FIN scan, then scan
the ports that appears to be open with SYN. Should
be both fast and accurate.
TODO (about TCL scripting, but for future releases)
- 'hping iflist' should include the link header length (or -1 if it's unknown)
- 'hping recv' and 'recvraw' should have a -layer2 option to return the whole
level 2 frame. The same for 'hping send' and 'hping sendraw'.
- 'hping guesslhs' should run the ipv4 header detection and return the lhs