Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Some work for a beginner
From: Alok Upadhyay <alok0412 () gmail com>
Date: Sun, 12 Feb 2012 18:57:37 +0530

Thanks for that warm welcome David! But I have been scouring through
the source only to end up taking a lot of time understanding the
system altogether. Doesn't this project have any graphical tools like
UML diagrams, Architecture diagrams etc. which can greatly reduce the
getting-to-know-time, in my case particularly.
Or if not, can you please suggest me some way of better understanding
the different parts of the source.

Thanks,
Alok

On Mon, Feb 6, 2012 at 1:20 PM, David Fifield <david () bamsoftware com> wrote:
On Mon, Feb 06, 2012 at 12:33:39PM +0530, Alok Upadhyay wrote:
Hi There,


I am a new to the nmap-dev list and also to the world of open source
development. I am really interested in working under the nmap's hood.

I was looking for some easy headway into the development side by
trying to solve a bug etc., but wasn't quite able to figure out stuff.
I am good in programming using Java, Python and C. And I have some
experience in socket programming as well.

Something helpful to me personally would be to add new checks to
sv-tidy.py, the script that checks for errors in the nmap-service-probes
database. it may seem like a small thing but it has already found tons
of bugs.

There are some notes about sv-tidy.py in
https://svn.nmap.org/nmap/todo/nmap.txt, but here's a more up-to-date
list of what I need:

* Add a mode where it prints out all the d// device types. I want to
 pipe this through "sort | uniq -c" to easily check for typos.
* Add a CPE parser, and make sure that cpe:// fields are proper CPE
 URLs. This mainly means checking that the first component is "a", "h",
 or "o". There is some information about CPE here:
 http://nmap.org/book/output-formats-cpe.html.
* Check for human language names that aren't reflected in the CPE, and
 vice versa. For example, i/French/ without cpe:/...:fr/ or vice versa.
 You only need to look at the i// and cpe:// fields for this.
* Check that substituted variables are used in the appropriate place in
 CPE. If we have h/$1/ and cpe:/a:apache:http_server:$1/, it's a bug,
 because there's no reason for a host name to appear in the version
 part of a CPE URL.
* Similarly, warn if e.g. v/$1/ is present but $1 is not used in any
 CPE.

If you want to try these, please send a patch for each small piece that
you do. A big patch doing all the above would be too much, and anyway
some of the above might cause you to want to consult with me on design.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]