Re: Hi from Larch Chen

[David Fifield <david () bamsoftware com>]

On Mon, Mar 28, 2011 at 03:21:29AM +0800, Larch Chen wrote:
> I am Larch Chen, a student major in computer science of Peking
> University, China.
> I intend to apply Nmap's GSoC programs and I have read the tutorials.
> I find two subjects most interesting. One is the Vulnerability and
> exploitation Script Developer, the other one is Nmap Cloud Scanning
> Platform.

Hello Larch, thank you for writing to introduce yourself. You have
probably seen these already, but just in case here are some links:
        http://www.google-melange.com/gsoc/org/google/gsoc2011/nmap
        http://nmap.org/soc/
        http://nmap.org/soc/GeneralRequirements.html
        http://nmap.org/soc/apply.html

> I do not know if I understand correctly for these two programs.
> The first one is to use the /Lua /catch up the most recently & popular
> vulnerabilities, and add the exploit script to the script archive. The
> second one is some kind like the current /Nessus/, build up a web server
> and clients could visit the server through HTTP/HTTPS to do some
> scanning or checking using the server's computing resources.

I think that you understand the projects. To get some background in NSE
you should read http://nmap.org/book/nse.html. Look over the list of
available scripts and libraries at http://nmap.org/nsedoc/. In your
proposal you should demonstrate that you have a good knowledge of
vulnerabilities and exploitation.

For the hosted scanner, you should look at http://nmap.org/rainmap/. You
can even download the source code; I think it will be quite
understandable for someone with web application experience (especially
Django).

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/