Nmap Book: Weekend Adopt-A-Chapter program!

I didn't really get around to announcing it yet, but I posted more
than half of the content of my upcoming Nmap book at
http://nmap.org/book/toc.html .  I hope you enjoy it!  And I plan to
release more free online chapters after the book is released.

As for the release, I'm hoping I can release the book at Defcon on
August 8!  The only problem is that is less than a month from now, and
printing + shipping books is kinda slow.  So I need to finish the book
text by Monday.

Sorry for so little notice, but I'm looking for help with a final
review of the book this weekend.  I can't just make quick & easy
changes to book contents once they are printed like I can with web
pages.  I'm trying to review it all myself, but I might not finish and
I may also miss things.  And the open source mantra is that many eyes
make all bugs shallow, after all!  Plus, weekends are a great time to
curl up with a nice book about port scanning!  So this is a call for
volunteers who want to do an in-depth review of a single chapter.  It
is too late to do major restructuring, so the goal is to find typos,
grammar problems, capitalization/spelling inconsistencies, and
especially content issues (errors, out-of-date content, and small
omissions).  Adding a few sentences or small paragraphs is OK.  For
example, I caught a problem yesterday where the book was referencing
the idle scan (-I) feature which no longer exists in Nmap.  So it
helps if the reviewers have excellent English skills and are familiar
with Nmap too.

You can choose from any of the 9 chapters plus the preface available
at:

http://nmap.org/book/toc.html

To claim a chapter, simply send an email to this list noting the
chapter you want to claim.  That way everyone knows which ones have
been claimed and can claim a different chapter for themselves.
Claiming an already-claimed chapter is OK, since more eyes never hurt.
But it is usually best to take an unclaimed one if there still is one
remaining.

Then just read the html chapter carefully and send a report to me or
to the list by 10AM Pacific Standard Time (5PM UTC) on Monday
detailing your suggested changes.  If you suggestions relate to adding
content, try drafting the sentences or paragraphs rather than just
making a vague recommendation.  Otherwise I don't always understand
what you are asking for.

There is still room in the acknowledgements section for people who
help by finding many bugs which are fixed or suggestion useful
improvements :).

It is important that the Monday deadline be met, because I hope to
freeze the book on Monday afternoon and then produce a cover based on
the number of pages in the frozen book.  So I may be able to make typo
fixes after that, but may not be able to make changes which affect the
page count.

If you get done with a report on one chapter early, feel free (and
encouraged) to claim another one.

So who wants to start by adopting a chapter?

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

I'll take the Preface and Chapter 1.

-Anne

On Sat, Jul 12, 2008 at 05:46:39PM -0700, Fyodor wrote:
--
Teacher: Define Sarcasm in five   (\`--/') _ _______ .-r-.
         words or less.            >.~.\ `` ` `,`,`. ,'_'~`.      
Kid:     Yeah, that will be easy. (v_," ; `,-\ ; : ; \/,-~) \          
stripes at tigerlair dot com       `--'_..),-/ ' ' '_.>-' )`.`.__.')
stripes at brickbox dot com       ((,((,__..'~~~~~~((,__..'  `-..-'fL  

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Hi,

Stephen King's Duma Key can wait, I'll do Chapter 9.

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

On Sat, Jul 12, 2008 at 8:46 PM, Fyodor <fyodor@...> wrote:
> As for the release, I'm hoping I can release the book at Defcon on
> August 8!  The only problem is that is less than a month from now, and
> printing + shipping books is kinda slow.  So I need to finish the book
> text by Monday.

I got chapter 8.

Cheers,
Michael

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

On Sun, Jul 13, 2008 at 03:59:50AM +0100, jah wrote:
> Hi,
>
> Stephen King's Duma Key can wait, I'll do Chapter 9.

Thanks Jah, your expertise in this area (Nmap Scripting Engine) will
certainly be helpful!

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

I'll take Zenmap's chapter 12.

Cheers,
Vladimir


Fyodor wrote:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Sounds like a productive way to spend a Sunday morning. I'll grab Chapter 5!

(sorry if I posted this twice, I sent it from the wrong email address
which isn't subscribe, not sure if it'll go through)

Ron

Fyodor wrote:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
> To claim a chapter, simply send an email to this list noting the
> chapter you want to claim.  That way everyone knows which ones have
> been claimed and can claim a different chapter for themselves.
> Claiming an already-claimed chapter is OK, since more eyes never hurt.
> But it is usually best to take an unclaimed one if there still is one
> remaining.

I'll wimp out and take the smaller Ch14.

> Cheers,
> -F
>

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSHpNxP9K37xXYl36AQKlLBAAoi4OZ/Q+uucex0jhSJA9r9/a7faGpX6S
8b/geEluTpQBeMa2xRI/0YPlLXBq00Ihmxs2BH6Dk7tECGC/iME0u7lrEl2jFl34
LqmntiaUvYeuBU0Kkr9sc5lTyrZSpiWUTcD1R+UCnMBGyrrIdg3fMK1kevajf2CV
A1+U2wjEM+gO2p9Pyk1ALFu9qpVcvvz5fVTVMQMODDRq6E5/F102jd0VRFPCcwBn
1IIZmTEQ8dVC7MvIycCjXFzWTmVlI9AyTcStUMmWJssXptvNO3d+veSp4sBlNo5a
WQ+91eDwZLbKy/ZNg9WLyXhZq1NZ9ojTzRe9zGCO94FCVarMT5DQVlIASDemSwoe
M4YAdJAiKaPKvmTG3fNJ7ki7zOCP1VlX6Nb4CG0ktSYG2o68T0dw+72vmverXAOB
o1eCdQ/GKilAtEeNzc0LeCmiQJbC4jxVEmCZpPVsNFoGnIrOodui5ltmut4pah5x
dBFjDxUd41lMOpCPIU4RdaDwJ730ZJiG+l8qI0VEUKIxlDa9p5d+W2Dmh/fJYwhn
0Nvfy5HcvJCZH6LcgDmjDv/Qisad2wfe8nm/+wCnM7eZZibHYHnV/44+cjtJg4A5
lJ/YLUgEmypdQI3RY5dVBW+cWzh/sz4KTbDifvc3GkfGJhfTL6mpHO325eaKy9ah
eWFHoSDx6XY=
=Y8L1
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

I took chapter 5 and so far I have found the following typo from the
quoted text:

"By default, Nmap forges probes to the target from the source port 80 of
the zombie. You can choose a different port by appending a colon and
port number to the zombie name (e.g. |-sI kiosk.adobe.com:113|. The
chosen port must not be filtered from the attacker or the target. A SYN
scan of the zombie should show the port in the |open| or |closed| state."


---> (e.g. |-sI kiosk.adobe.com:113|.

should have been

++++ (e.g. |-sI kiosk.adobe.com:113|).

The closing parenthesis was omitted.



-- ithilgore



Kris Katterjohn wrote:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Hi everyone, I was reading Ch15 and i see this:

0- Description
Where it says "That table lists the port number and protocol, service name,
and state" perhaps is better to say "That table lists the port number,
protocol, service name, and state" without the first 'and'. I know it trys to
reflect nmap output's columns, but it sounds better to me.

1- In "Example 15.1. A representative Nmap scan", nmap command is:
#nmap  -A -T4 scanme.nmap.org playground

In the output we can see that 'playground' resolves to 192.168.0.40. Perhaps
is too silly, but i think is better to give fully functional examples in a
book. Some people will be wondering what 'playground' is. Not because they
don't know how to resolve a host name but because few people reads the entire
output of commands in books.
Some people will even believe I wanted to scan 'scanme.nmap.org'
and 'playground.nmap.org' and that nmap can realize this.

2- In "Example 15.1. A representative Nmap scan", 'scanme.nmap.org' resolves
to 205.217.153.62, but actually it resolves to 64.13.134.52.
Perhaps we can update that example. I know this is silly, but Fyodor said he
is short of time, so I'm attaching a recent scan.

3- In "Target Specification": the same problem "Given that the host
scanme.nmap.org is at the IP address 205.217.153.62, the specification
scanme.nmap.org/16 would scan the 65,536 IP addresses between 205.217.0.0 and
205.217.255.255"
Should be updated to: "Given that the host scanme.nmap.org is at the IP
address 64.13.134.52, the specification scanme.nmap.org/16 would scan the
65,536 IP addresses between 64.13.0.0 and 64.13.255.255"

4- In "Host Discovery" -> "-sP (Ping Scan)" it says "The -sP option sends an
ICMP echo request and a TCP packet to port 80 by default" and i think is
better to say "The -sP option sends an ICMP echo request and a TCP ACK packet
to port 80 by default"

5- In "Host Discovery" -> "-PN (No ping)" it says "This option flag for this
used to be P0 (uses zero)", and i think it should say: "This option flag used
to be -P0 (uses zero)"


this is what i see just for now.

cheers

sebas


El Saturday 12 July 2008 21:46:39 Fyodor escribió:

--
Ing. Sebastián García
http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6

# Nmap 4.68 scan initiated Mon Jul 14 02:44:12 2008 as: nmap -A -T4 -oA scanme.nmap.org scanme.nmap.org
Interesting ports on scanme.nmap.org (64.13.134.52):
Not shown: 1709 filtered ports
PORT    STATE  SERVICE VERSION
22/tcp  open   ssh     OpenSSH 4.3 (protocol 2.0)
25/tcp  closed smtp
53/tcp  open   domain  ISC BIND 9.3.4
70/tcp  closed gopher
80/tcp  open   http    Apache httpd 2.2.2 ((Fedora))
|_ HTML title: Go ahead and ScanMe!
113/tcp closed auth
Device type: general purpose|specialized|media device|storage-misc|VoIP gateway|WAP
Running (JUST GUESSING) : Linux 2.6.X|2.4.X (99%), Infoblox NIOS 4.X (96%), Dream Multimedia Linux 2.6.X (94%), Iomega Linux 2.6.X (94%), Tandberg Linux 2.6.X (93%), FON Linux 2.4.X (92%), Emprex Linux 2.6.X (92%)
Aggressive OS guesses: Linux 2.6.17 - 2.6.21 (99%), Linux 2.6.22 - 2.6.23 (97%), Linux 2.6.23 (97%), Linux 2.6.17 - 2.6.18 (96%), Infoblox NIOS 4.1r5 (96%), Linux 2.6.13 - 2.6.24 (95%), Linux 2.6.18 (Gentoo, x86) (95%), Linux 2.6.9 - 2.6.11 (95%), Linux 2.6.20-1 (Fedora Core 5) (94%), Linux 2.6.9 - 2.6.19 (94%)
No exact OS matches for host (test conditions non-ideal).
Uptime: 11.699 days (since Wed Jul  2 09:58:46 2008)

TRACEROUTE (using port 22/tcp)
HOP RTT    ADDRESS
1   ... 2  no response
3   41.36  192.168.11.89
4   ...
5   21.66  rab-lima1-pc10.prima.net.ar (200.42.50.141)
6   37.62  rbp-lima2-te7-4.prima.net.ar (200.42.52.29)
7   ...
8   20.37  200.51.235.249
9   ...
10  183.45 So7-3-0-0-grtbueba2.red.telefonica-wholesale.net (213.140.36.217)
11  191.79 So3-2-0-0-grtsanem1.red.telefonica-wholesale.net (213.140.43.98)
12  200.31 213.140.43.149
13  340.64 P0-0-grtdaleq2.red.telefonica-wholesale.net (213.140.43.193)
14  218.49 so-1-1-0.mpr4.iah1.us.above.net (64.125.26.134)
15  237.52 so-1-1-0.mpr4.lax9.us.above.net (64.125.25.18)
16  233.16 so-0-1-0.mpr2.sjc2.us.above.net (64.125.26.30)
17  233.50 so-0-1-0.mpr2.sjc2.us.above.net (64.125.26.30)
18  233.63 so-4-0-0.mpr4.pao1.us.above.net (64.125.29.162)
19  234.22 metro0.sv.svcolo.com (208.185.168.173)
20  233.98 scanme.nmap.org (64.13.134.52)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
# Nmap done at Mon Jul 14 02:45:13 2008 -- 1 IP address (1 host up) scanned in 61.518 seconds


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

On Sat, Jul 12, 2008 at 05:46:39PM -0700, Fyodor wrote:
>
> Sorry for so little notice, but I'm looking for help with a final
> review of the book this weekend.  I can't just make quick & easy

Thanks to everyone who has helped so far!  I've updated the book at
http://nmap.org/book/toc.html after integrating more of your
suggestions and some of my own ideas.  I'd especially like to thank
Tyler Reguly, Mark Brewis, Eric Krosnes, Ron Bowes, Vladimir Mitrovic,
Tom Sellers, eldraco, Kris Katterjohn, ithilgore,
tic@..., and Michael Pattrick for making suggestions
which were integrated.  And a big thanks to David Fifield as well,
since he accomplished many technical feats to improve the book in
addition to proofreading.  He also spell-checked the book again too,
and found some errors which crept in recently.

Be sure to download this latest PDF before you start your next edit
session!

The deadline to be sure edits make it into the Defcon release is 10AM
(6.5 hours for now).  But I'll still try to integrate any suggestions
sent after that.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

> The deadline to be sure edits make it into the Defcon release is 10AM
> (6.5 hours for now).  But I'll still try to integrate any suggestions
> sent after that.
>
> Cheers,
> -F

I spotted the following in chapter 2..

Chapter 2. Obtaining, Compiling, Installing, and Removing Nmap
Removing nmap section. Line 2 of the pictured shell commands:

#rm -f bin/nmap bin/nmapfe bin/xnmap

Should the nmapfe reference be in there? Is it being left in for older version removal?
I see that the remove command for zenmap is also included...Thought I'd mention it just in case.

-Aaron



_________________________________________________________________
Use video conversation to talk face-to-face with Windows Live Messenger.
http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_072008

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Huge apologies for missing this:
r8960: Fix a duplicate word: "We designed NSE to to versatile".

Right at the beginning of the chapter too.  Kicking myself.  Again, sorry.

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Don't kick too hard.  That one was my fault and it was probably added
after you reviewed.  Duplicate words are really hard to detect when you
are writing with manual line-wrap!  I was supposed to be making "final
draft" quality changes too...

Thanks for catching it!  Working on this book has really shown me how
poor my prose really is: email != book

Brandon


On Fri, 18 Jul 2008 03:15:36 +0100 or thereabouts jah
<jah@...> wrote:

> Huge apologies for missing this:
> r8960: Fix a duplicate word: "We designed NSE to to versatile".
>
> Right at the beginning of the chapter too.  Kicking myself.  Again,
> sorry.
>
> jah
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiAKbEACgkQqaGPzAsl94IgBQCgjhd6KBEEC//i66jpLpPK7CVl
7QUAnAhKrIRU/k8mr8gO5diECiM3jBvB
=3naD
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

On Fri, Jul 18, 2008 at 05:27:06AM +0000, Brandon Enright wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Don't kick too hard.  That one was my fault and it was probably added
> after you reviewed.  Duplicate words are really hard to detect when you
> are writing with manual line-wrap!  I was supposed to be making "final
> draft" quality changes too...

You don't have to kick yourself either, as it was my fault.  I added
the error in a last minute edit.  Its OK though, as I'm hoping people
will notice the extremely up-to-date content and maybe forgive a
duplicated word or two.  I hope to receive a proof copy from the
printer within the next 24 hours.  As long as it looks good, we should
still be on track for a Defcon pre-release on August 8!

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org