--- F R E N D Z of martian --- The results of a survey of hackers using nmap (an excellent security tool for portscanning and more). Interestingly, porting nmap to windoze was highlighted extremely negatively... the hats were scared of script kiddies abusing "winmap" Nice comparison of dark hats and white hats - average age of dark hats was 26, of white hats was 30. Maturity, eh? luvonya martian and thanks again for all the cool birthday messages. I even got a beer. Nobody sent me any crack yet. (http://www.virtualcrack.com/) ----- Original Message ----- From: Fyodor <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 06, 2000 10:09 AM Subject: Nmap Survey Results > > > Hello everyone, > > I want to thank the 1,222 people on this list who took the time to > take the Nmap users survey! The numbers will help greatly in > determining future plans and priorities for the project. > > I'm also glad to report that almost 600 comments or improvement ideas > were listed! It took an hour to read through them all, but they > contained many useful ideas and insights. > > I stuffed all the results into a database, and ran some queries that you > guys might find interesting. You can send me comments about the survey or > this writeup at [EMAIL PROTECTED] . Here are the commented results, > divided into sections (raw results are at the end): > > > [ IMPROVEMENT REQUESTS ] > > One of the most important uses of the survey was to find out what new > features people are interested in. I listed about 17 features and > asked users to rate the importance of each. Then I calculated a > weighted average. "Extraordinarily Cool" counts as 2, "Somewhat > Useful" counts as 1, "A BAD thing" is -2, and Neutral and No Comment > are 0. > > One result I was glad to see was that "Integrated MP3 player" was dead > last (score: -1.065). That was a test question. If that had been > popular, I would have thrown away all survey results :). > > Interestingly, the top request was to make Nmap faster. This is > always a priority for me and I have several plans in that department. > > Just barely below "faster" was "Scripting or module support for > application-level probing/vuln testing". I agree that this would be > VERY cool. But want it to be very powerful, very fast, and easy to > write/read/maintain the test modules/scripts. I am still > brainstorming on a good API for this. Ideas? Doing this right is a > huge undertaking, so don't expect this anytime soon. > > Third place was a .nmaprc for storing default scan types, timing, > favorite decoys, etc. This is coming and is definitely long overdue. > > The only two features that received a net negative response (other > than the MP3 joke) were Win95/98 port and Windows NT port. This is > somewhat biased, since the people who wan't to run Nmap but can't due > to lack of a real operating system are unlikely to join the list. The > WinNT port (score: -0.198) was much better received than 95/98 > (-0.615). The objection to a Windows version was a little surprising, > since 62% of the survey respondants did so from a Windows browser > (according to User-Agent). The most common reason, according to the > comments, was a fear that script kiddies would abuse the hell out of > "Winmap". > > Here is the raw list of features and their scores in decreasing order. > For more response details, see the full report at the end of this > mail. > > Faster (speed optimizations) (SCORE: 1.188) > Scripting or module support for application-level probing/vuln testing (SCORE: 1.126) > .Nmaprc for storing default scan types, timing, favorite decoys, etc (SCORE: 1.105) > Output to Database option (-oD) (SCORE: 1.098) > Traceroute support (SCORE: 1.043) > libnmap.so C library for pinging/port scanning/os detection (SCORE: 1.018) > Distributed scanning support (SCORE: 0.960) > Output to HTML option (-oH) (SCORE: 0.899) > IP.ID Scanning (SCORE: 0.836) > Input via domain name (using zone XFER) (-iZ) (SCORE: 0.761) > SOCKS Proxy bounce scanning (SCORE: 0.696) > Improved X Window front end (SCORE: 0.556) > PalmOS Port (SCORE: 0.354) > Solaris Binaries in package format (SCORE: 0.283) > Windows NT/2000 port (SCORE: -0.198) > Windows 95/98 port (SCORE: -0.615) > Integrated MP3 Player (SCORE: -1.065) > > > [ PROGRAMMING ] > > This list (or at least survey respondants) are predominantly > programmers. 70% know C. Here are the languages they have used: > C -- 69.9% > Shell Scripting -- 63.3% > Perl -- 59.8% > Other -- 54.5% > C++ -- 48.1% > TCL -- 19.0% > Python -- 11.8% > Lisp -- 11.7% > Scheme -- 6.7% > > > [ GENDER ISSUES ] > > The gender imbalance is much worse than I expected. I knew there > would be more males than females. Perhaps even 70% to 30% or 80%/20%. > Nope. The survey counted 1136 males and 15 females. Thats only 1% of > respondants. No wonder introducing myself as the author of Nmap has > never helped me impress girls :). Does anyone have ideas on how to > improve this imbalance? Perhaps we could start an outreach program at > the local mall. Or maybe I could change NmapFE to have a flowery > background :). > > The gender imbalance is much worse than I expected. I knew there > would be more males than females. Perhaps even 70% to 30% or 80%/20%. > Nope. The survey counted 1136 males and 15 females. Thats only 1% of > respondants. No wonder I've never been able to impress girls by > saying I am the author of Nmap :). Does anyone have ideas on how to > improve this imbalance? Perhaps we could start an outreach program at > the local mall. Or maybe I could change NmapFE to have a flowery > background :). > > This could also be a cultural issue. In the US at least, boys growing > up are encouraged to aggressively venture out, explore and portscan > their surrounding networks. While women have traditionally been > ushered into a role centered around maintaining and tending to their > own hosts. > > Sorry. I'm going to stop joking now before I offend people and cause > the number of females to drop even lower :). > > Also, I don't think all 15 were really female. For example, I > question the femininity of the "woman" coming in from a cable modem on > nf.net (if I'm wrong, let me know and I'll apologize). > > [ FAVORITE TOOLS ] > > I think this has the potential to be very useful. Hopefully it will > expose some of the great but less-well-known security tools out > there. Unfortunately I haven't analyzed the results yet. > > [ CONFERENCES ] > > Here are the conferences list members attend. I forgot to include > some European conferences like HEU/HIP/CCC . Sorry for being so US > Centric. Anyway, here are the total results: > > DEFCON -- 24.1% > Sans -- 20.8% > USENIX -- 13.2% > Blackhat Briefings -- 9.9% > Hope/Beyond Hope/H2K -- 6.0% > Toorcon -- 2.0% > > I think one of the most striking points about these results is that > H2K is looking pretty obscure. Considering it is only a month from > now, I think the 2600 crew really needs to start getting the word > out. I don't even see a speaker list up at h2k.net, and the deadline > for reasonably priced airfair is coming soon. I realize those guys > have been very busy with the (extremely important) DeCSS case (see > insecure.org for info), but it would be a shamre for this con to be > neglected. I went to Beyond Hope a couple years ago and had a great > time. > > > [ GEOGRAPHY ] > > > 5% of the respondants said they live here in the San Francisco Bay > Area. Maybe we should have a get together/party. I vote for JWZ's > soon to be opened DNA Loung Club (dnalounge.com), the CoffeeNet > Internet Cafe (coffeenet.com), or Bondage A-Go-Go > (http://www.bondage-a-go-go.com/). If you know of other cool SF > hacker hangouts, let me know ( [EMAIL PROTECTED] ). > > [ PREFERRED OS ] > > What OS do people use to perform most of their scanning? Here is how > you guys answered: > > linux 79.0% (965) > solaris 7.4% ( 90) > freebsd 4.8% ( 59) > openbsd 3.9% ( 48) > unanswered 2.5% ( 31) > other 0.9% ( 11) > aix 0.6% ( 7) > netbsd 0.4% ( 5) > irix 0.3% ( 4) > hp-ux 0.1% ( 1) > > > [ PROPOGANDA ] > > Of the "nmap propaganda" items (T-Shirts, stickers, etc), Panties were > the least popular. 40% of the females wanted them, but that is only 6 > people :). 143 guys asked for paintes. I hope this is for their > girlfriends and not themselves. Sorry JP@AntiOnline -- you aren't > eligible! Some people wanted to know whether the panties were edible > and/or scented :). > > T-Shirts were very popular (55% interested). If anyone > has good design ideas or can do art, please drop me a line :). If > your design is chosen you'll be famous :), and get a free T-Shirt. > > > [ HAT COLOR ] > > In case anyone tries to ban Nmap, we should note that the largest > group of users were white hats (43.6%). Next came gray hats (31.4%). > Only 1 in 10 admitted to being black hats (10.8%). 14.1% did not > answer. > > It is interesting to compare the answers of White hats vs. Dark hats > (Black or Gray) to see how they differ. > > Dark hats seem to use Nmap more frequently -- 36.7% of them use it > every day, compared to 24.9% of whitehats. Uh oh :). > > Dark hats seem to prefer the Free/Open Source operating systems. > Their percentage use of Linux, FreeBSD, and OpenBSD were all higher. > The Solaris percentage was significantly lower ( 5.4% vs 10.4%). > > > Requested features differed a bit. The top 3 for white hats were > scripting, .nmaprc, and output to database. For blackahts, the top > two were speed optimizations, and scripting. #3 was a tie between > libnmap.so and output to database. > > Conference preferences also differ: > > The top three conferences for dark hats are: > Defcon -- 33.2% > SANS -- 17.9% > Black Hat Briefings -- 14.0% > SANS -- 14.4% > > White hats seem to prefer: > SANS -- 26% > Defcon -- 19% > USENIX -- 16.4% > > Dark hats were slightly more likely to know each programming language > except LISP and Shell Script. > > Dark hats were younger (avg age 26) than whitehats (avg age 30). The > average for the whole survey was 28. > > [ FULL SURVEY RESULTS ] > > So you are still reading and want even more info? Did you care about > one of the questions I didn't discuss? Well Here are the > full results of each question (except age, which I was too lazy to > deal with, and the favorite tools, which I haven't analyzed yet). > > > I use Nmap at least ... (1222 answers; 5 distinct) > week 45.3% (554) > day 30.0% (366) > month 16.7% (204) > less 6.2% ( 76) > unanswered 1.8% ( 22) > > > My use of Nmap is ... (1220 answers; 5 distinct) > both 49.3% (602) > job 27.7% (338) > personal 19.5% (238) > unanswered 1.9% ( 23) > neither 1.6% ( 19) > > > OS I run Nmap on most frequently ... (1221 answers; 10 distinct) > linux 79.0% (965) > solaris 7.4% ( 90) > freebsd 4.8% ( 59) > openbsd 3.9% ( 48) > unanswered 2.5% ( 31) > other 0.9% ( 11) > aix 0.6% ( 7) > netbsd 0.4% ( 5) > irix 0.3% ( 4) > hp-ux 0.1% ( 1) > > > Platform I run Nmap on most frequently ... (1219 answers; 8 distinct) > X86 86.1% (1049) > SPARC 7.5% ( 91) > unanswered 3.0% ( 37) > Other 1.4% ( 17) > PowerPC 0.9% ( 11) > Alpha 0.8% ( 10) > MIPS 0.2% ( 3) > DragonBall 0.1% ( 1) > > > Do you have a working C++ compiler ... (1221 answers; 4 distinct) > Yes 74.9% (914) > C++ Sucks! 13.9% (170) > No 8.5% (104) > unanswered 2.7% ( 33) > > > Proposed Feature Opinions: > > SOCKS Proxy bounce scanning (SCORE: 0.696; 1218 answers; 5 distinct) > Somewhat useful 37.3% (454) > Neutral 22.7% (276) > No Comment 22.4% (273) > Extraordinarily cool 16.9% (206) > A BAD thing 0.7% ( 9) > > > IP.ID Scanning (SCORE: 0.836; 1220 answers; 5 distinct) > Somewhat useful 35.6% (434) > Extraordinarily cool 24.3% (296) > No Comment 22.4% (273) > Neutral 17.5% (214) > A BAD thing 0.2% ( 3) > > > Traceroute support (SCORE: 1.043; 1220 answers; 5 distinct) > Somewhat useful 42.8% (522) > Extraordinarily cool 33.2% (405) > Neutral 14.1% (172) > No Comment 7.5% ( 91) > A BAD thing 2.5% ( 30) > > > Integrated MP3 Player (SCORE: -1.065; 1218 answers; 5 distinct) > A BAD thing 63.8% (777) > No Comment 13.8% (168) > Neutral 10.3% (126) > Extraordinarily cool 9.0% (110) > Somewhat useful 3.0% ( 37) > > > Output to Database option (-oD) (SCORE: 1.098; 1218 answers; 5 distinct) > Somewhat useful 40.1% (489) > Extraordinarily cool 37.0% (451) > Neutral 14.1% (172) > No Comment 6.5% ( 79) > A BAD thing 2.2% ( 27) > > > Output to HTML option (-oH) (SCORE: 0.899; 1214 answers; 5 distinct) > Somewhat useful 38.0% (461) > Extraordinarily cool 31.0% (376) > Neutral 19.9% (242) > No Comment 6.1% ( 74) > A BAD thing 5.0% ( 61) > > > Distributed scanning support (SCORE: 0.960; 1212 answers; 5 distinct) > Extraordinarily cool 40.7% (493) > Somewhat useful 27.4% (332) > Neutral 18.0% (218) > No Comment 7.6% ( 92) > A BAD thing 6.4% ( 77) > > > Input via domain name (using zone XFER) (-iZ) (SCORE: 0.761; 1220 answers; 5 distinct) > Somewhat useful 39.8% (486) > Extraordinarily cool 21.1% (257) > No Comment 18.4% (224) > Neutral 17.8% (217) > A BAD thing 3.0% ( 36) > > > Windows NT/2000 port (SCORE: -0.198; 1220 answers; 5 distinct) > A BAD thing 34.8% (424) > Neutral 20.7% (252) > Somewhat useful 19.0% (232) > Extraordinarily cool 15.3% (187) > No Comment 10.2% (125) > > > Windows 95/98 port (SCORE: -0.615; 1218 answers; 5 distinct) > A BAD thing 47.0% (572) > Neutral 20.4% (248) > Somewhat useful 12.7% (155) > No Comment 10.1% (123) > Extraordinarily cool 9.9% (120) > > > PalmOS Port (SCORE: 0.354; 1189 answers; 5 distinct) > Neutral 30.4% (362) > Extraordinarily cool 22.3% (265) > Somewhat useful 18.3% (217) > No Comment 15.3% (182) > A BAD thing 13.7% (163) > > > Faster (speed optimizations) (SCORE: 1.188; 1220 answers; 5 distinct) > Extraordinarily cool 42.5% (519) > Somewhat useful 34.5% (421) > Neutral 16.2% (198) > No Comment 6.3% ( 77) > A BAD thing 0.4% ( 5) > > > Solaris Binaries in package format (SCORE: 0.283; 1205 answers; 5 distinct) > Neutral 44.6% (538) > No Comment 25.0% (301) > Somewhat useful 15.9% (191) > Extraordinarily cool 10.4% (125) > A BAD thing 4.1% ( 50) > > > Scripting or module support for application-level probing/vuln testing (SCORE: 1.126; 1219 answers; 5 distinct) > Extraordinarily cool 41.9% (511) > Somewhat useful 32.4% (395) > Neutral 12.0% (146) > No Comment 11.9% (145) > A BAD thing 1.8% ( 22) > > > Improved X Window front end (SCORE: 0.556; 1219 answers; 5 distinct) > Neutral 37.8% (461) > Somewhat useful 28.7% (350) > Extraordinarily cool 18.9% (230) > No Comment 9.2% (112) > A BAD thing 5.4% ( 66) > > > .Nmaprc for storing default scan types, timing, favorite decoys, etc (SCORE: 1.105; 1142 answers; 5 distinct) > Somewhat useful 43.6% (498) > Extraordinarily cool 35.6% (406) > Neutral 11.1% (127) > No Comment 7.6% ( 87) > A BAD thing 2.1% ( 24) > > > libnmap.so C library for pinging/port scanning/os detection (SCORE: 1.018; 1138 answers; 5 distinct) > Somewhat useful 35.9% (409) > Extraordinarily cool 34.3% (390) > Neutral 15.0% (171) > No Comment 13.4% (153) > A BAD thing 1.3% ( 15) > > > Conference choices: > > I generally attend/plan to attend DEFCON (1222 answers; 2 distinct) > No 75.9% (927) > Yes 24.1% (295) > > > I generally attend/plan to attend BLACKHAT BRIEFINGS (1222 answers; 2 distinct) > No 90.1% (1101) > Yes 9.9% ( 121) > > > I generally attend/plan to attend HOPE/BEYOND HOPE/H2K (1222 answers; 2 distinct) > No 94.0% (1149) > Yes 6.0% ( 73) > > > I generally attend/plan to attend TOORCON (1222 answers; 2 distinct) > No 98.0% (1198) > Yes 2.0% ( 24) > > > I generally attend/plan to attend USENIX (1222 answers; 2 distinct) > No 86.8% (1061) > Yes 13.2% ( 161) > > > I generally attend/plan to attend SANS (1222 answers; 2 distinct) > No 79.2% (968) > Yes 20.8% (254) > > > Propaganda choices: > > I might be interested in purchasing T-SHIRTS (1222 answers; 2 distinct) > No 54.6% (667) > Yes 45.4% (555) > > > I might be interested in purchasing PANTIES (1222 answers; 2 distinct) > No 87.8% (1073) > Yes 12.2% ( 149) > > > I might be interested in purchasing STICKERS (1222 answers; 2 distinct) > No 79.8% (975) > Yes 20.2% (247) > > > I might be interested in purchasing SCANNING SERVICE (1222 answers; 2 distinct) > No 85.8% (1048) > Yes 14.2% ( 174) > > > Misc. > > Gender (1220 answers; 3 distinct) > Male 93.1% (1136) > unanswered 5.7% ( 69) > Female 1.2% ( 15) > > > Hat Color (1218 answers; 4 distinct) > white 43.6% (531) > gray 31.4% (383) > unanswered 14.1% (172) > black 10.8% (132) > > > Live in San Francisco? (1215 answers; 3 distinct) > No 88.3% (1073) > unanswered 6.7% ( 81) > Yes 5.0% ( 61) > > > Read the man page? (1213 answers; 5 distinct) > Yes -- And I thought it was quite useful 69.0% (837) > Yes -- But it was unclear/needs improvement 11.0% (134) > No -- I have not had a chance 9.2% (111) > No Comment 8.6% (104) > No -- What the hell is a man page? 2.2% ( 27) > > > Programming language choices: > > I have programmed in C (1222 answers; 2 distinct) > Yes 69.9% (854) > No 30.1% (368) > > > I have programmed in C++ (1222 answers; 2 distinct) > No 51.9% (634) > Yes 48.1% (588) > > > I have programmed in Perl (1222 answers; 2 distinct) > Yes 59.8% (731) > No 40.2% (491) > > > I have programmed in Shell Script (1222 answers; 2 distinct) > Yes 63.3% (774) > No 36.7% (448) > > > I have programmed in TCL (1222 answers; 2 distinct) > No 81.0% (990) > Yes 19.0% (232) > > > I have programmed in Lisp (1222 answers; 2 distinct) > No 88.3% (1079) > Yes 11.7% ( 143) > > > I have programmed in Scheme (1222 answers; 2 distinct) > No 93.3% (1140) > Yes 6.7% ( 82) > > > I have programmed in Python (1222 answers; 2 distinct) > No 88.2% (1078) > Yes 11.8% ( 144) > > > I have programmed in Other (1222 answers; 2 distinct) > Yes 54.5% (666) > No 45.5% (556) > > > > -------------------------------------------------- > For help using this (nmap-hackers) mailing list, send a blank email to > [EMAIL PROTECTED] . List run by ezmlm-idx (www.ezmlm.org). -- Sent to you via the frendz list at marsbard.com The archive is at http://www.mail-archive.com/frendz@marsbard.com/
