mailing list archives
Re: Hi from Larch Chen
From: David Fifield <david () bamsoftware com>
Date: Mon, 28 Mar 2011 12:36:34 -0700
On Mon, Mar 28, 2011 at 03:21:29AM +0800, Larch Chen wrote:
I am Larch Chen, a student major in computer science of Peking
I intend to apply Nmap's GSoC programs and I have read the tutorials.
I find two subjects most interesting. One is the Vulnerability and
exploitation Script Developer, the other one is Nmap Cloud Scanning
Hello Larch, thank you for writing to introduce yourself. You have
probably seen these already, but just in case here are some links:
I do not know if I understand correctly for these two programs.
The first one is to use the /Lua /catch up the most recently & popular
vulnerabilities, and add the exploit script to the script archive. The
second one is some kind like the current /Nessus/, build up a web server
and clients could visit the server through HTTP/HTTPS to do some
scanning or checking using the server's computing resources.
I think that you understand the projects. To get some background in NSE
you should read http://nmap.org/book/nse.html. Look over the list of
available scripts and libraries at http://nmap.org/nsedoc/. In your
proposal you should demonstrate that you have a good knowledge of
vulnerabilities and exploitation.
For the hosted scanner, you should look at http://nmap.org/rainmap/. You
can even download the source code; I think it will be quite
understandable for someone with web application experience (especially
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/