Re: Newbie contributer to NMAP

[Jacek Wielemborek <d33tah () gmail com>]

28/12/2013 13:09:27 Shamika Dharmasiri <shamikadineshdha () gmail com>:
> Hi All,
> I'm Shamika and I'm an undergraduate of University of Peradeniya Sri
> Lanka.I am a huge fan of NMAP and have used for some security based
> competitions as well.I would like to contribute NMAP as a developer.I'm
> familiar with Java,PHP,.Net(C#),C,python and other basic web developmental
> languages.I'd be glad if I can know what are the things I should follow in
> order to contribute NMAP as a developper.
>
> Thank you
> Shamika
>
>
> Shamika Dharmasiri
> Faculty of Engineering
> University Of Peradeniya

Hi Shamika,

Glad to hear you're interesting in contributing! :) Apparently you already 
took the first step and subscribed to our mailing list. The question you asked 
is actually quite common on our IRC channel (#nmap on irc.freenode.net) and as 
far as I know, there's no official answer. Since I had the same problem a few 
months ago, I figured I'd at least describe my experiences, perhaps you'll like 
my suggestions.

Whoever you ask, you'll probably hear to start small if you have no 
experience. When I decided to try joining the Nmap community, my knowledge of 
C was mostly theoretical and I didn't know the codebase, nor the Nmap 
features. There's a lot to learn. Thus my first suggestion - read the 
documentation first, grab the latest copy of Nmap and try stuff. See what you're 
interested in.

Once you've done that, I'd suggest you to take a look at Nmap's TODO file. You 
can find it here:

https://svn.nmap.org/nmap/todo/nmap.txt

I personally found it very confusing, so I'll give you a hint - somewhere in 
the 1/4 of the file, there's a line that says "DONE:". Unless you're interested 
in Nmap history, you probably don't want to read that as it's a list of stuff 
that was already done.

Nmap maintainers care a lot about the quality of the code, especially its 
security. Keep in mind that if you intend to write a patch, it's unlikely that 
it'll be merged in right away. Expect constructive criticism. You might be 
asked for a test case, an update for the documentation, perhaps some fixes to 
the Windows code if it got broken by the feature you wrote.

Don't get discouraged, though. There are spots where you can write a patch 
that will be easily mergable. There's probably quite a few bugs in the 
programs that are waiting to be spotted and fixed - it usually takes a few 
lines of code to get them right. 

In my case, when I wanted to write something that has a high chance of getting 
accepted, I decided to translate Zenmap, our awesome GUI frontend for Nmap 
scanner, to Polish. It's not like I love translating things, but I knew that 
basically nobody likes that so the work would probably be appreciated. Since 
you are from Sri Lanka, according to Wikipedia there are potentially two 
languages you could prepare the translations to. It should take you about 3-6 
hours and I guarantee you that you'll learn a lot about Nmap in the process.

IMHO by far the greatest way to contribute to Nmap and learn a humongous lot 
about both the project and software development/open source community 
mechanisms is to participate in Google Summer of Code. In case you hadn't 
heard of it, GSoC is an annual stipend, in which students work full time 
remotely on the project they chose. The ones that pass the program (which 
isn't difficult if you actually work) will get a reward of 5500$ for 3 months of 
coding. You will be assigned a mentor and I can gurantee you that Nmap staff is 
very experienced and will help you out in difficult situations and teach you a 
lot. It's a great program and I definitely recommend you to read up on it. If 
you're motivated, you're very likely to get accepted.

The last thing I'd like to point out is that coding and/or translating things 
are not the only ways to participate in Nmap community. Among other things. we 
need discussion, ideas, feedback, testing. There is a lot of subprojects being 
maintained as a part of Nmap (I, for one, mostly contributed to Ncat, Nmap's 
greatly improved netcat clone) and if none of them suits your need, you're 
welcome to start your own one, provided that you comply to the license :) If 
you also know some uncommon server or protocol, you might want to try writing 
an NSE script or a probe that checks for it. The documentation is quite 
detailed and writing NSE scripts is really fun! :)

As for your web development skills, there was once a project of a website that 
allows the user to manage Nmap scans through a website. I don't know the 
details, so you might need to do some research on your own to find it. I think 
it was a GSoC project and it could be written in PHP, but I'm really not sure 
about these.

I could probably go on and on, but I think I'll end there. Should you have any 
further questions, let me know and I'll answer you, most preferably on this 
mailing list, so that other potentially interested newbies might hear the 
answers as well. Keep in mind though that it might sometimes take some time to 
get a reply - from time to time, even a few weeks of delay happen to be 
normal.

So, good luck and see you on the mailing list! I'm looking forward to reading 
your first patch :)

Yours,
Jacek Wielemborek

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/