| 557 | | <h1>Support other Network Scanners</h1> |
| 558 | | There are network scanners all arround, and as a project searching for the needs of our users, |
| 559 | | we intend to support as much alternatives as we can. Nmap is great, and it is the Umit's main network scanner. |
| 560 | | Still, we can provide meanings for users to run other existing network scanners and watch the results with Umit, |
| 561 | | allowing user to use the results against all the features we currently provide.<br> |
| 562 | | |
| 563 | | By suggesting this, we don't necessarily suggest that we're adding more dependencies. We plan |
| 564 | | to keep Umit with no more and no less dependencies that it currently have. How? Nmap is still the main scanner, |
| 565 | | as I said, and we'll develop suppport for other scanners without making them a requirement to run Umit. If you |
| 566 | | have one of the supported scans installed and working in your host, Umit will recognize it and provide you |
| 567 | | meanings to use the scanner if you want to.<br> |
| 568 | | |
| 569 | | Also, we don't plan to re-create the whole parsing system. The goal is to have the support to other scanners, |
| 570 | | using our current pasing scheme.<br> There is a list of network scanners that we would love to support:<br> |
| 571 | | |
| 572 | | <ul> |
| 573 | | <li>amap</li> |
| 574 | | <li>arping</li> |
| 575 | | <li>arpscan</li> |
| 576 | | <li>bile</li> |
| 577 | | <li>nbtscan</li> |
| 578 | | <li>netenum</li> |
| 579 | | <li>scanrand</li> |
| 580 | | <li>sinfp</li> |
| 581 | | <li>txdns</li> |
| 582 | | <li>unicornscan</li> |
| 583 | | </ul> |
| 584 | | <br> |
| 585 | | |
| 586 | | This project will need interaction with the preferences window project. Stay tunned to |
| 587 | | this detail.<br> |
| 588 | | <br> |
| 589 | | <hr> |
| 590 | | |
| 591 | | <h1>Preferences Window</h1> |
| 592 | | <br> As Umit grows up, we need to let user decide how it is going to work. Currently, we don't |
| 593 | | have a centralized preferences window that lets user control the main behaviors of Umit. We have chose until |
| 594 | | now, to use pre-defined patterns prior to let user decide how is it going to be. It is not our goal to make |
| 595 | | Umit highly customized, nor to force users to go always our ways. As a applicant to this proposal, you've got |
| 596 | | to study how Umit works and propose with sense what do you plan to provide at the preferences window. We |
| 597 | | already defined the stuffs that it must have, but you can suggest something more, and we'll evaluate your |
| 598 | | proposal on that.<br> |
| 599 | | <br> |
| 600 | | Some topics:<br> |
| 601 | | |
| 602 | | <ul> |
| 603 | | <li>Colors (for highlight on several parts of the app)</li> |
| 604 | | <li>Fonts</li> |
| 605 | | <li>Multi-Scanners support, and a way to define where are the other scanner user would like to use (related to the project 'Support other Network Scanners')</li> |
| 606 | | <li>Windows items expose - GUI ( Umit Interface Editor )</li> |
| 607 | | <li>Proxy Config</li> |
| 608 | | <li>Tabs</li> |
| 609 | | <li>Centralize other configuration stuffs</li> |
| 610 | | </ul> |
| 611 | | <br> |
| 612 | | This project envolves setting a better way to get/set configurations, and change the way |
| 613 | | configurations are saved, if necessary. Another thing we need is having a central configuration file with |
| 614 | | the pre-set definitions, and a personal file (at user's home directory) with the customization to those |
| 615 | | settings user has made.<br> |
| 616 | | <br> |
| 617 | | <hr> |
| 618 | | |
| 619 | | <h1>Bluetooth Scanner</h1> |
| 620 | | We intend to support scanning of bluetooth devices. This can be really useful when we're |
| 621 | | testing integration of bluetooth devices. This project: http://d3vscan.sourceforge.net already have some |
| 622 | | work on this, but we need to take these scans to a higher level, integrating it to the Umit interface and adapting |
| 623 | | the current interface for bluetooth scanning results.<br> |
| | 531 | <h1>Bluetooth Sniffer</h1> |
| | 532 | We intend to support sniffing of bluetooth devices. This can be really useful when we're |
| | 533 | testing integration of bluetooth devices.<br> |
| 629 | | |
| 630 | | <h1>Network Inventory</h1> |
| 631 | | <p>We need to keep the effort on Network Inventory, focusing on its usability and creating new |
| 632 | | functionalities that could help users to closely keep track of their hosts.</p> |
| 633 | | |
| 634 | | <h3 class='Subheading'>Improve UI</h3> |
| 635 | | <p> |
| 636 | | Right now I consider its interface pretty dull. It is hard |
| 637 | | to imagine expanding current Network Inventory without |
| 638 | | defining a better UI. How to place different informations |
| 639 | | there in a good way ? How to display things ? What to do |
| 640 | | with current interface ? These would be some interesting |
| 641 | | questions to be answered. |
| 642 | | </p> |
| 643 | | |
| 644 | | <h3 class='Subheading'>CACIC</h3> |
| 645 | | <p> |
| 646 | | We're studying the possibility of integrating CACIC (a Brazilian government open source software, distributed under the GPL) to the |
| 647 | | Network Inventory, increasing the power of the inventory management and control. More at: http://www.softwarepublico.gov.br/dotlrn/clubs/cacic/one-community?page_num=0 |
| 648 | | </p> |
| 649 | | <hr> |
| 650 | | |
| 651 | | <h1>Umit Database</h1> |
| 652 | | <h3 class='Subheading'>Clean-up</h3> |
| 653 | | <p>This new-generation database was developed in conjunction with |
| 654 | | UMIT Network Inventory and is a fundamental piece for |
| 655 | | Network Inventory. It needs a clean-up, really.</p> |
| 656 | | |
| 657 | | <h3 class='Subheading'>Merge with UMIT</h3> |
| 658 | | <p>This could be merged with UMIT. It would take some work, first |
| 659 | | UMIT should be adapted to work with it, this includes changing |
| 660 | | how it saves, loads and searches scans mainly. Doing this merge |
| 661 | | brings some benefits, like, a smaller database overall, |
| 662 | | easier to search in scans, and eliminates \"duplicate\" code in |
| 663 | | relation to the database that UMIT currently uses.</p> |
| 664 | | <hr> |
| 665 | | |
| 666 | | <h1>UmitMapper new features</h1> |
| 667 | | <p> |
| 668 | | UmitMapper is a tool for visualization of the network mapped with Nmap. It is a |
| 669 | | work made for Umit in the Google Summer of Code 2007. At now just some part of |
| 670 | | this work are integrated in a Umit branch. The developer of the UmitMapper |
| 671 | | release a version based only in his work called RadialNet[0]. Until this work is |
| 672 | | not totally integrated in Umit you can get the last version of RadialNet and see |
| 673 | | what you can propose to make it better. |
| 674 | | </p> |
| 675 | | <p> |
| 676 | | Some topics that can be explored: |
| 677 | | </p> |
| 678 | | <ol> |
| 679 | | <li>How represent graphically the existence of services in hosts. |
| 680 | | </li><li>Which others visualization techniques can be used to make visualization |
| 681 | | better. |
| 682 | | </li><li>What more kind of information can be expressed by the map. |
| 683 | | </li></ol> |
| 684 | | |
| 685 | | <p> |
| 686 | | </p><div class='tip'> |
| 687 | | Look around for other network visualization tools[1,2] and see what they have, and |
| 688 | | what they don't have. |
| 689 | | </div> |
| 690 | | <p></p> |
| 691 | | <p> |
| 692 | | <b>References</b> |
| 693 | | |
| 694 | | </p> |
| 695 | | <ul> |
| 696 | | <li>[0] <a href='http://www.dca.ufrn.br/%7Ejoaomedeiros/radialnet/'>http://www.dca.ufrn.br/~joaomedeiros/radialnet/</a></li> |
| 697 | | <li>[1] <a href='http://networkviz.sourceforge.net/'>http://networkviz.sourceforge.net/</a></li> |
| 698 | | <li>[2] <a href='http://linkanalysis.wlv.ac.uk/'>http://linkanalysis.wlv.ac.uk/</a></li> |
| 699 | | </ul> |
| 700 | | <br> |
| 701 | | <hr> |
| 702 | | |
| 703 | | <h1>Interface Editor</h1> |
| 704 | | The last year project called Umit Interface Editor has achieved its main goal, which was providing |
| 705 | | and easier way to let users customize the profile and wizard windows. This year, we have a lot of effort to put on it, |
| 706 | | improving its usability, and allowing plugin creators to easily attach their plugins to the Umit interface. Now its time |
| 707 | | to increase Interface Editor capabilities, improve its usability and make it more stable.<br> |
| 708 | | <br> |
| 709 | | <hr> |
| 710 | | |
| 711 | | <h1>Nmap OS fingerprint database system</h1> |
| 712 | | <p> The Nmap OS fingerprint database is a set of signatures which represents many |
| 713 | | TCP/IP stack implementations of operating systems. How this system works is not |
| 714 | | easy to understand, but Nmap always has a good documentation of your features. |
| 715 | | In this case the student that wish apply this idea must be familiar with the |
| 716 | | Nmap OS detect documentation[0]. |
| 717 | | </p> |
| 718 | | <p> |
| 719 | | Two main problems will be attacked here: |
| 720 | | </p> |
| 721 | | <ol><li>Nmap OS fingerprint system fails in some cases[1], but this is not because |
| 722 | | the database data, this happen because the design of the fingerprint |
| 723 | | matching algorithm. So, using a selective OS matching algorithm with the |
| 724 | | <i>nmap-os-db</i> file it's possible solve these problems without changes in |
| 725 | | Nmap code base. |
| 726 | | |
| 727 | | </li><li>Nmap results of its OS fingerprint system only can analysed from user |
| 728 | | statically. It'll interesting if users can choose the signature fields and |
| 729 | | algorithm to use when perform OS matching. |
| 730 | | </li></ol> |
| 731 | | |
| 732 | | <p> |
| 733 | | </p><div class='tip'> |
| 734 | | The choice of the OS matching algorithm depends on the format of the input, in |
| 735 | | this case a signature from <i>nmap-os-db</i> file. If you want to convert this |
| 736 | | alphanumeric data into numeric values you will amplify the possibilities of OS |
| 737 | | matching algorithm that can be used.<br><br></div> |
| 738 | | |
| 739 | | <p> |
| 740 | | <b>References</b> |
| 741 | | </p> |
| 742 | | <ul> |
| 743 | | <li>[0] <span class='link-external'><a href='http://nmap.org/osdetect/'>http://nmap.org/osdetect/</a></span></li> |
| 744 | | <li>[1] <span class='link-external'><a href='http://www.phocean.net/?p=14'>http://www.phocean.net/?p=14</a></span></li> |
| 745 | | </ul> |
| 746 | | <br> |
| 747 | | <hr> |
| 748 | | |
| 749 | | <h1>Packet manipulation user interface</h1><br><p> |
| 750 | | Packet manipulation is a task of create specific network packets. At now this |
| 751 | | task is done using libraries and programming. This idea is based on the create |
| 752 | | of a user interface that give to the user the chance to do this task quickly in |
| 753 | | a user friendly interface. A good candidate to be used as backend is Scapy[0]. |
| 754 | | </p> |
| 755 | | |
| 756 | | <p> Beyond the manipulation of packet (include payload charge) will be useful a |
| 757 | | interface to monitor the answers of target. The user interface must be able of |
| 758 | | save packet and set of packets configurations to future use. This data can be |
| 759 | | saved in a relational database or in XML files. |
| 760 | | </p> |
| 761 | | |
| 762 | | <p> May be isn't clear the importance tools like this but packet manipulation is the |
| 763 | | way to do some complex tasks in network administration and penetration tests. |
| 764 | | Tasks like honeyd detection[1] and complex OS fingerprinting are done using |
| 765 | | packet manipulation (e.g. some systems don't answers ICMP request if the orig |
| 766 | | address is an broadcast or multicast address). |
| 767 | | </p> |
| 768 | | |
| 769 | | <p> |
| 770 | | </p><div class='tip'> |
| 771 | | The gdnet[2] is a good example of a graphical packet creation tool.<br><br></div> |
| 772 | | |
| 773 | | <p> |
| 774 | | <b>References</b> |
| 775 | | </p> |
| 776 | | <ul><li>[0] <span class='link-external'><a href='http://www.secdev.org/projects/scapy/'>http://www.secdev.org/projects/scapy/</a></span> |
| 777 | | </li><li>[1] <span class='link-external'><a href='http://www.merit.edu/networkresearch/papers/pdf/2006/MTR-2006-01.pdf'>http://www.merit.edu/networkresearch/papers/pdf/2006/MTR-2006-01.pdf</a></span> |
| 778 | | </li><li>[2] <span class='link-external'><a href='http://jon.oberheide.org/projects/gdnet/'>http://jon.oberheide.org/projects/gdnet/</a></span></li></ul><br> |
| 779 | | <hr> |
| 780 | | |
| 781 | | <h1>Vulnerabilities database system</h1><br><p> |
| 782 | | The Umit classification for vulnerability score of hosts is based only on the |
| 783 | | number of ports that Nmap found. This can be improved using each port |
| 784 | | information like its <i>service</i> and <i>version</i>. To do this task is interesting |
| 785 | | create a relational database SQLite[0] compatible and an API to easily access |
| 786 | | database information (e.g. functions that return a vulnerabilities set give an |
| 787 | | service and version). Not just the services can be search in database but the |
| 788 | | operating system detected by Nmap too. Good database candidates are the National |
| 789 | | Vulnerability Database[1] and The Open Source Vulnerability Database[2]. |
| 790 | | </p> |
| 791 | | <p> |
| 792 | | |
| 793 | | Beyond the database application interface would be good if the tool proposed has |
| 794 | | a user interface that give to the user the option of search for vulnerabilities |
| 795 | | and view them with a friendly form. |
| 796 | | </p> |
| 797 | | <p> |
| 798 | | </p><div class='tip'> |
| 799 | | Look around some vulnerability search engines to see what they have, and what |
| 800 | | they don't have.<br><br></div> |
| 801 | | |
| 802 | | <p> |
| 803 | | <b>References</b> |
| 804 | | </p> |
| 805 | | <ul><li>[0] <span class='link-external'><a href='http://www.sqlite.org/'>http://www.sqlite.org/</a></span> |
| 806 | | </li><li>[1] <span class='link-external'><a href=http://nvd.nist.gov/'>http://nvd.nist.gov/</a></span> |
| 807 | | |
| 808 | | </li><li>[2] <span class='link-external'><a href='http://osvdb.org/'>http://osvdb.org/</a></span></li></ul><br><hr> |
