Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: GSoC 2011: NSE Script Development
From: David Fifield <david () bamsoftware com>
Date: Thu, 24 Mar 2011 12:37:27 -0700

On Wed, Mar 23, 2011 at 05:48:04PM +0100, Gorjan Petrovski wrote:
Hello Nmap developers,

My name is Gorjan Petrovski and I've been eagerly waiting for GSoC
this year, hoping to cut my skills on the Nmap project. I'm a 4-th
year student of Computer Systems Engineering, with only 2 exams and my
thesis to go, so I'll be available and ready to do full-time work this
summer.

I have a general knowledge of networking protocols, plenty of C/C++
experience, some of it using sockets. I have also made several python
scripts for personal use and I'm quite familiar with bash scripting.
I've also done some (little) tampering with exploits, mostly local
ones (shellcode).

I'm really interested in doing research with vulnerabilities and
exploits. I've already gotten myself familiar with Nmap and the NSE
functionality through Fyodor's book and against a couple of local
virtual machinesĀ and I'm currently learning Lua while testing and
reading some existing scripts.

Any suggestions on how to proceed futher, am I on the right path?
Ideas for a beginner's script that would be useful?
Are there any especially important scripts to write?
For the development of vulnerability and exploits NSE scripts, would
there be an emphasis on new exploits, or old and popular ones which
haven't yet made it to NSE?

Hi Gorjan, thanks for writing. You are on the right path so far. If you
haven't yet, read the pages
        http://www.google-melange.com/gsoc/org/home/google/gsoc2011/nmap
        http://nmap.org/soc/
        http://nmap.org/soc/GeneralRequirements.html
        http://nmap.org/soc/apply.html

Some script ideas are at https://secwiki.org/w/Nmap/Script_Ideas. For a
gentle beginner's introduction, you might try reimplementing
http-date.nse: http://nmap.org/nsedoc/scripts/http-date.

We want to focus on new important vulnerabilities, less on historical
vulnerabilities.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]