Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: SoC 2007 application

Re: SoC 2007 application

From: Diman Todorov <diman.todorov_at_chello.at>
Date: Mon, 26 Mar 2007 14:04:02 +0200

Hello Duilio,

On 25.03.2007, at 18:34, Duilio Protti wrote:

> Hi, I contact you because of my interest in to be engaged in SoC
> 2007 with
> Nmap as my mentoring organization.
I hope we will be able to make this possible for you.
>
> Currently I'm a student of Computer Science in a University of
> Argentina.
> I'm working mid-time (15 hours a week) for a security firm in my
> city, and
> at the same time I'm writing my final thesis, but I have no
> problems in
> postpone the latter for three months if I have the opportunity to
> participate in SoC 2007.
Are you sure that you will have enough time for the summer of code?
Students are usually expected to work at least 30-45 hours a week
during the 3 SoC months.

> About the project to work in, I have posted some ideas about the NSE
> infrastructure and I have others in mind, like i.e. the standalone NSE
> interpreter, at least for the autotools-related part.
By 'functional programming facilities' I meant things like map,
apply, car, cdr, cons etc. I was thinking that http://lua-users.org/
wiki/ListOperations could be used as a starting point and be extended
to be something like the Prelude in Haskell. Comprehensions are not
exactly a conventional part of the functional programming paradigm ;)

When I said 'debugging methods' I meant some sort of infrastructure
which allows NSE programmers to provide the users of their scripts
with debug output. Currently this is done with the API function
print_debug_unformatted which takes a string and prints it only at
higher verbosity levels. This is not exactly a clean solution. Your
idea with streams sounds interesting but you would have to elaborate
a bit how it would work and what its benefits would be over an
extension upon the existing infrastructure. I am afraid I am not
familiar with ML syntax so I don't understand why your code snippet
is better than doing the same thing in another way. You might want to
propose a syntax you are aiming for. It doesn't have to be final but
it should give a rough idea of how I would use your new debugging
facility in NSE.

And just as a side note, hacking the Lua interpreter coming with NSE
is not desirable. If we stay with the vanilla sources of Lua it is a
lot easier to upgrade to newer Lua versions as they come.
Unfortunately there is no other sufficiently straightforward method
to modify the NSE syntax (yet). This is also the reason why the
bitwise operators in NSE come as a lib and not as operators ;)

cheers
Diman

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Mar 26 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]