Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Some work for a beginner
From: Alok Upadhyay <alok0412 () gmail com>
Date: Sun, 12 Feb 2012 18:57:37 +0530

Thanks for that warm welcome David! But I have been scouring through
the source only to end up taking a lot of time understanding the
system altogether. Doesn't this project have any graphical tools like
UML diagrams, Architecture diagrams etc. which can greatly reduce the
getting-to-know-time, in my case particularly.
Or if not, can you please suggest me some way of better understanding
the different parts of the source.


On Mon, Feb 6, 2012 at 1:20 PM, David Fifield <david () bamsoftware com> wrote:
On Mon, Feb 06, 2012 at 12:33:39PM +0530, Alok Upadhyay wrote:
Hi There,

I am a new to the nmap-dev list and also to the world of open source
development. I am really interested in working under the nmap's hood.

I was looking for some easy headway into the development side by
trying to solve a bug etc., but wasn't quite able to figure out stuff.
I am good in programming using Java, Python and C. And I have some
experience in socket programming as well.

Something helpful to me personally would be to add new checks to
sv-tidy.py, the script that checks for errors in the nmap-service-probes
database. it may seem like a small thing but it has already found tons
of bugs.

There are some notes about sv-tidy.py in
https://svn.nmap.org/nmap/todo/nmap.txt, but here's a more up-to-date
list of what I need:

* Add a mode where it prints out all the d// device types. I want to
 pipe this through "sort | uniq -c" to easily check for typos.
* Add a CPE parser, and make sure that cpe:// fields are proper CPE
 URLs. This mainly means checking that the first component is "a", "h",
 or "o". There is some information about CPE here:
* Check for human language names that aren't reflected in the CPE, and
 vice versa. For example, i/French/ without cpe:/...:fr/ or vice versa.
 You only need to look at the i// and cpe:// fields for this.
* Check that substituted variables are used in the appropriate place in
 CPE. If we have h/$1/ and cpe:/a:apache:http_server:$1/, it's a bug,
 because there's no reason for a host name to appear in the version
 part of a CPE URL.
* Similarly, warn if e.g. v/$1/ is present but $1 is not used in any

If you want to try these, please send a patch for each small piece that
you do. A big patch doing all the above would be too much, and anyway
some of the above might cause you to want to consult with me on design.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]