Nmap Development mailing list archives
Re: Contributing to Nmap development
From: David Fifield <david () bamsoftware com>
Date: Thu, 17 Sep 2009 08:42:45 -0600
On Thu, Sep 17, 2009 at 03:18:26PM +0530, Ravipriya Thushara wrote:
I'm a undergraduate student from University of Moratuwa, Sri Lanka. Im studying in my 3rd academic year (I'm studying a 4 year degree program on Computer Science and Engineering). In this academic year I have to join to an open source project and contribute to it for 12 weeks. I can choose any open source project based on my interest. My instructors will evaluate my work at the end. I'm interested lot in computer and network security and I'm hoping to do my project related on that. So I think Nmap is a great place to join and work with. But I want some help from you to understand the current development status of Nmap and what you are expecting to do. I have considerable amount of knowledge on Computer security and Networking. Also I'm CCNA certified recently. I have being using Nmap for about 6 months. I'm experienced in C/C++ programming too. So please send me some help me with some starting points to start with.
I recommend that you look in the online TODO and try working on something that looks interesting. A lot of the items are long-term or are already being worked on, so here are some I recommend: o [NSE] Add DNS based service discovery script. See http://seclists.org/nmap-dev/2009/q3/0786.html for more of this idea from David. o [NSE] Support routing http requests through proxies. o [NSE] Security Review o Consider what, if any, vulnerabilities or security risks NSE has with respect to buffer overflows, format string bugs, any other maliciously formatted responses from target systems, etc. Maybe address the known risk of malicious scripts too. o Consider that NSE runs scripts as root o Zenmap should perhaps be able to print Nmap output (if not too much of a pain to implement.) o Zenmap script selection interface for deciding which NSE scripts to run. Unfortunately the beginner tasks are mostly not C and C++ tasks, but it is not hard to learn the skills you need to do them. Here are two more from my own TODO list for Ncat, which is written in C. o See if we can make Ncat drop privileges on startup. o SSL connections to an Ncat server hang while certificate verification occurs; you can block other connections by waiting at the certificate description in your browser. Once you've chosen something to do you will write a patch and send it to this same list. When you have specific questions you should also write to this list. When you've decided what you want to do we can show you the proper documentation and the source files you will need to be familiar with. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Contributing to Nmap development Ravipriya Thushara (Sep 17)
- Re: Contributing to Nmap development majek04 (Sep 17)
- Re: Contributing to Nmap development Henri Salo (Sep 17)
- Re: Contributing to Nmap development ithilgore (Sep 17)
- Re: Contributing to Nmap development David Fifield (Sep 17)
- Re: Contributing to Nmap development Ravipriya Thushara (Sep 19)
- Re: Contributing to Nmap development Rob Nicholls (Sep 19)
- Re: Contributing to Nmap development Fyodor (Sep 20)
- Re: Contributing to Nmap development Ravipriya Thushara (Sep 20)
- Re: Contributing to Nmap development Duarte Silva (Sep 20)
- Re: Contributing to Nmap development David Fifield (Sep 21)
- Re: Contributing to Nmap development Ravipriya Thushara (Sep 19)